-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Burp Suite Cookbook
By :

If an application performs actions based on client-side URL information or pathing to a resource (that is, AJAX call, external JavaScript, or iframe
source), the result can lead to a client-side resource manipulation vulnerability. This vulnerability relates to attacker-controlled URLs in, for example, the JavaScript location
attribute, the location header found in an HTTP response, or a POST
body parameter, which controls redirection. The impact of this vulnerability could lead to an XSS attack.
We will use the OWASP Mutillidae II application to determine whether it is possible to manipulate any URL parameters that are exposed on the client side and whether the manipulation of those values causes the application to behave differently.
Figure 9.35 – Credits page
Change the font size
Change margin width
Change background colour