CVE-2017-7314 – Dump Personify Database Schema (3/3)

In the previous post we showed how we can dump user data from the Personify Database.

In this post we are going to discuss how this page allows us to also map out all the other tables and columns in the database.

Quick Recap

When going to http://www.site.com/TabId/275 we see the following page

tab-275

On the left hand side we will click ‘Role Configuration’ which should bring us to a page like this

schema-leak 2

 

As you can see there is a ‘Role Based on Table’ dropdown, once clicked we can see all the tables in the system. Once a table is selected, we can click on the ‘Customer ID Column’ to see all the columns in the selected table.

To fix follow the instructions in their email

personify-email-fix

Hope you enjoyed this series on Personify360.

CVE-2017-7314

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s