9 lines
No EOL
584 B
Text
9 lines
No EOL
584 B
Text
source: https://www.securityfocus.com/bid/7777/info
|
|
|
|
WebChat has been reported prone to a database username disclosure weakness.
|
|
|
|
The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the affected page. An attacker may exploit this weakness to enumerate database passwords.
|
|
|
|
This weakness was reported to affect WebChat version 2.0 other versions may also be affected.
|
|
|
|
http://www.example.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code] |