MIMeGusta
WARNING: MIMeGusta IS INTENTIONALLY VULNERABLE. DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT EXPOSE MIMeGusta IN AN UNTRUSTED ENVIRONMENT.
MIMeGusta is a configurable content-sniffing XSS testbed. Content-sniffing XSS mainly applies to vulnerable file upload implementations, where an attacker is able to upload files with embedded client-side code such as JavaScript with the objective of XSS-ing users of the hosting domain.
MIMeGusta is intended to allow security testers to explore the behaviour of browsers with particular focus upon the role of content-sniffing 'cues' in determining whether JavaScript will be executed.
Rather than upload/download countless variations of
files, MIMeGusta allows you to configure a range
of headers which are included with a JavaScript
alert box payload response. It can also include
a range of file signatures, defensive headers,
as well as inserting file type path info into
the URL. It also includes two filters: one
examines content-type headers, while the
other analyses content-type headers AND file
signatures. Both filters have a 'weak' (i.e
circumventable) and 'strong' mode.
MIMeGusta also includes a small number of challenges intended to demonstrate some basic content-sniffing XSS techniques.
MIMeGusta challenges currently focus entirely upon Internet Explorer 9 with the XSS filter enabled. Other browsers and earlier versions of IE are also subject to content sniffing based XSS attacks, but you've gotta start somewhere :-)
PHP 5.x Web server Challenges are written to work for Internet Explorer 9 and likely cannot be completed in other browsers, though earlier versions of IE are likley to work.
Place the MIMeGusta source files on your Web server and open in Internet Explorer.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/
Thanks to those who have released vulnerable test-beds such as XMLmao, SQLol, CryptOMG, XSSmh, ShelLOL, etc, etc.