13 lines
No EOL
770 B
Text
13 lines
No EOL
770 B
Text
source: https://www.securityfocus.com/bid/7774/info
|
|
|
|
Webchat has been reported prone to a path disclosure weakness.
|
|
|
|
Reportedly an attacker may make a malicious HTTP request for several Webchat PHP scripts to trigger the condition. Under some circumstances the request will trigger an exception, causing Webchat to display an error message, which may possibly contain sensitive path information.
|
|
|
|
This weakness was reported to affect Webchat version 2.0 other versions may also be affected.
|
|
|
|
http://www.example.com/modules/WebChat/out.php
|
|
http://www.example.com/modules.php?op=modload&name=WebChat&file=index&roomid=Non_Numeric
|
|
http://www.example.com/modules/WebChat/in.php
|
|
http://www.example.com/modules/WebChat/quit.php
|
|
http://www.example.com/modules/WebChat/users.php |