https://www.exploit-db.com/exploits/22715

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/7777/info

WebChat has been reported prone to a database username disclosure weakness.

The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the affected page. An attacker may exploit this weakness to enumerate database passwords.

This weakness was reported to affect WebChat version 2.0 other versions may also be affected. 

http://www.example.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code]