CVE-2017-7314 – Dump Personify Database Schema (3/3)

In the previous post we showed how we can dump user data from the Personify Database.

In this post we are going to discuss how this page allows us to also map out all the other tables and columns in the database.

Quick Recap

When going to we see the following page


On the left hand side we will click ‘Role Configuration’ which should bring us to a page like this

schema-leak 2


As you can see there is a ‘Role Based on Table’ dropdown, once clicked we can see all the tables in the system. Once a table is selected, we can click on the ‘Customer ID Column’ to see all the columns in the selected table.

To fix follow the instructions in their email


Hope you enjoyed this series on Personify360.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s