资 源 简 介
WTF?
MIMeGusta is a configurable content-sniffing XSS testbed. Content-sniffing XSS mainly applies to vulnerable file upload implementations, where an attacker is able to upload files with embedded client-side code such as JavaScript with the objective of XSS-ing users of the hosting domain.
MITRE define this form of XSS as CAPEC-209: Cross-Site Scripting Using MIME Type Mismatch, OWASP describe it here (scroll down to the File Upload part).
MIMeGusta is intended to allow security testers to explore the behaviour of browsers with particular focus upon the role of content-sniffing "cues" in determining whether JavaScript will be executed.
