Menu

Search for hundreds of thousands of exploits

"Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions"

Author

Exploit author

"Pesach Zirkind"

Platform

Exploit platform

aspx

Release date

Exploit published date

2017-05-09

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Exploit Title: Discover all tables and columns in database when creating new customer role
# Date: 3/29/2017
# Exploit Author: Pesach Zirkind
# Vendor Homepage: https://personifycorp.com/
# Version: 7.5.2 - 7.6.1
# Tested on: Windows (all versions)
# CVE : CVE-2017-7314

# Category: webapps

1. Description
   
Any website visitor can access a page that allows creation of a new customer role, while creating the role there is access to the database schema showing all the tables and their columns
 
It does not show the data in the database only the schema
   
2. Proof of Concept
 
Visit: http://site.com/Default.aspx?tabId=275
Click: Role Configuration on the left side
Click New
Select the "Role Based on Table" dropdown
   
3. Solution:
   
The fix is available at Personifys SFTP site (sftp.personifycorp.com) as Personify Patch  SSO-IMS-DNN-Permission.zip
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-11-06 "BlogEngine 3.3.8 - 'Content' Stored XSS" webapps aspx "Andrey Stoykov"
2020-08-17 "Microsoft SharePoint Server 2019 - Remote Code Execution" webapps aspx "West Shepherd"
2020-05-12 "Orchard Core RC1 - Persistent Cross-Site Scripting" webapps aspx SunCSR
2020-05-11 "Kartris 1.6 - Arbitrary File Upload" webapps aspx "Nhat Ha"
2020-02-24 "DotNetNuke 9.5 - Persistent Cross-Site Scripting" webapps aspx "Sajjad Pourali"
2020-02-24 "DotNetNuke 9.5 - File Upload Restrictions Bypass" webapps aspx "Sajjad Pourali"
2019-12-18 "Telerik UI - Remote Code Execution via Insecure Deserialization" webapps aspx "Bishop Fox"
2019-12-17 "NopCommerce 4.2.0 - Privilege Escalation" webapps aspx "Alessandro Magnosi"
2019-12-16 "Roxy Fileman 1.4.5 - Directory Traversal" webapps aspx "Patrik Lantz"
2019-11-12 "Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting" webapps aspx Cy83rl0gger
Release Date Title Type Platform Author
2017-05-09 "Personify360 7.5.2/7.6.1 - Improper Access Restrictions" webapps aspx "Pesach Zirkind"
2017-05-09 "Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions" webapps aspx "Pesach Zirkind" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected