header-logo
Suggest Exploit
vendor:
WebChat
by:
SecurityFocus
3.3
CVSS
MEDIUM
Database Username Disclosure Weakness
200
CWE
Product Name: WebChat
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: WebChat
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

WebChat Database Username Disclosure Weakness

WebChat has been reported prone to a database username disclosure weakness. The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the affected page. An attacker may exploit this weakness to enumerate database passwords.

Mitigation:

Ensure that the application is not vulnerable to username enumeration attacks. Implement access control mechanisms to restrict access to the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7777/info

WebChat has been reported prone to a database username disclosure weakness.

The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the affected page. An attacker may exploit this weakness to enumerate database passwords.

This weakness was reported to affect WebChat version 2.0 other versions may also be affected. 

http://www.example.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code]

Navigation

Suggest Exploit

Services By CQR