Possible Duplicate:
PHP_SELF and XSS
Why it's necessary to filter $_SERVER['PHP_SELF'], from e.g.:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<!-- form contents -->
</form>
to:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8"); ?>">
<!-- form contents -->
</form>
in order to make it XSS-attack proof?
and:
How can attacker reach end users other than himself using the "vulnerability" of the first form?
If you’re using AcceptPathInfo or something similar such that a URI like /index.php/foo/bar is directed to /index.php, requesting /index.php/%22%E3E… can get your following data outside the form tag.
And as for the second question: click here.
How can attacker reach end users other than himself using the "vulnerability" of the first form?
The attacker can link to your site from a site he controls or an email he sends.