When Pentesting Personify360 a hidden page was found that did not require authentication. The specific URL was:
In my previous post we discussed how we can leverage it to create or edit an existing API account.
In this post we will further explore the functionality available on this page.
Dumping Customer Data
When looking at the left side of the screenshot there are some more options
If we click on Customer Management we can see the following screen
As you can see there is a place to search for customer’s in the Personify database and return the top one hundred results. Yes, it can be time consuming, but because no login is required you can write a quick python script that can go through all the combinations fairly quickly.
Once we have their customer ID’s we query the SSO database for their email, which essentially gives us their username to the system.
To fix follow the instructions in their email