CVE-2017-7313 – How to dump Personify Customer Data with one click (2/3)


When Pentesting Personify360 a hidden page was found that did not require authentication. The specific URL was:

In my previous post we discussed how we can leverage it to create or edit an existing API account.

In this post we will further explore the functionality available on this page.

Dumping Customer Data

When looking at the left side of the screenshot there are some more options


If we click on Customer Management we can see the following screen


As you can see there is a place to search for customer’s in the Personify database and return the top one hundred results. Yes, it can be time consuming, but because no login is required you can write a quick python script that can go through all the combinations fairly quickly.

Once we have their customer ID’s we query the SSO database for their email, which essentially gives us their username to the system.

To fix follow the instructions in their email




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s