- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22715
- Проверка EDB
-
- Пройдено
- Автор
- RYNHO ZEROS WEB
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2003-06-02
Код:
source: https://www.securityfocus.com/bid/7777/info
WebChat has been reported prone to a database username disclosure weakness.
The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the affected page. An attacker may exploit this weakness to enumerate database passwords.
This weakness was reported to affect WebChat version 2.0 other versions may also be affected.
http://www.example.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code]- Источник
- www.exploit-db.com
