Webchat Path Disclosure Weakness

vendor:

Webchat

by:

SecurityFocus

3.3

CVSS

MEDIUM

Path Disclosure

200

CWE

Product Name: Webchat

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:webchat:webchat:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Webchat Path Disclosure Weakness

Webchat has been reported prone to a path disclosure weakness. Reportedly an attacker may make a malicious HTTP request for several Webchat PHP scripts to trigger the condition. Under some circumstances the request will trigger an exception, causing Webchat to display an error message, which may possibly contain sensitive path information.

Mitigation:

Ensure that the web application does not reveal sensitive information in error messages.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7774/info

Webchat has been reported prone to a path disclosure weakness.

Reportedly an attacker may make a malicious HTTP request for several Webchat PHP scripts to trigger the condition. Under some circumstances the request will trigger an exception, causing Webchat to display an error message, which may possibly contain sensitive path information.

This weakness was reported to affect Webchat version 2.0 other versions may also be affected. 

http://www.example.com/modules/WebChat/out.php
http://www.example.com/modules.php?op=modload&name=WebChat&file=index&roomid=Non_Numeric
http://www.example.com/modules/WebChat/in.php
http://www.example.com/modules/WebChat/quit.php
http://www.example.com/modules/WebChat/users.php