XSS Lab

Overview

Demonstrates how unsanitized output of user input can lead to cross‐site scripting attacks.

Vulnerable Code


// vuln_xss.php
if (isset($_GET['input'])) {
    echo "User input: " . $_GET['input'];
}

Exploit Demo

XSS Demo

Example URL: ?input=<script>alert('XSS')</script>

Secure Code


// sec_xss.php
echo htmlspecialchars($_GET['input'], ENT_QUOTES, 'UTF-8');

Remediation & Lessons