xssed.org
The remedy for XSS is to be very paranoid about anything that comes via
forms or the URI. You also need to be sure that your PHP is set up properly
(we’ll come back to some ways to test for that and to write good code later
on).
Path Traversal
Allowing for path or directory traversal on your server is an amazingly bad
idea. You would be allowing people to list the folders on your server and to
navigate from folder to folder. This allows attackers to go to folders with
sensitive information or website functionality and have some fun. The