Course
In this lab, we examine a weak regular expression used to match the hostname "assets.pentesterlab.com" and demonstrate how it can be exploited due to unescaped dots and missing boundary anchors. We also discuss the implications of using <code>$_GET['url']</code> instead of a validated variable.
Skills covered
Injection
Network
CWE-918
Included with PRO
Full course content
2 videos
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
