Course
This lab demonstrates an XSS vulnerability caused by trusting user-provided paths in the <code>$_SERVER['PHP_SELF']</code> variable. It highlights how improper handling of this variable can allow attackers to inject malicious payloads into the page, even when other parts of the code are properly secured.
Skills covered
Injection
Client Side
Topics
XSS
CWE-79
Included with PRO
Full course content
3 videos
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
