WebChat 2.0 - 'users.php?Database Username Disclosure

Author: Rynho Zeros Web
type: webapps
platform: php
port: 
date_added: 2003-06-02  
date_updated: 2012-11-15  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22715.txt  

source: https://www.securityfocus.com/bid/7777/info

WebChat has been reported prone to a database username disclosure weakness.

The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the affected page. An attacker may exploit this weakness to enumerate database passwords.

This weakness was reported to affect WebChat version 2.0 other versions may also be affected.

http://www.example.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code]