Course
This lab demonstrates an XSS vulnerability caused by trusting user-provided paths in the <code>$_SERVER['PHP_SELF']</code> variable. It highlights how improper handling of this variable can allow attackers to inject malicious payloads into the page, even when other parts of the code are properly secured.
Skills covered
Injection
Client Side
Topics
XSS
CWE-79
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
