If an application performs actions based on client-side URL information or pathing to a resource (that is, AJAX call, external JavaScript, iframe source), the result can lead to a client-side resource manipulation vulnerability. This vulnerability relates to attacker-controlled URLs in, for example, the JavaScript location attribute, the location header found in an HTTP response, or a POST body parameter, which controls redirection. The impact of this vulnerability could lead to a cross-site scripting attack.
Testing for client-side resource manipulation
Getting ready
Using the OWASP Mutillidae II application, determine whether it is possible to manipulate any URL parameters that are exposed on the client side and whether...