exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

perfact::mpa Cross Site Request Forgery

perfact::mpa Cross Site Request Forgery
Posted Mar 1, 2016
Authored by Matthias Deeg, Sven Freund | Site syss.de

The tested web application perfact::mpa offers no protection against cross-site request forgery (CSRF) attacks. This kind of attack forces end users respectively their web browsers to perform unwanted actions in a web application context in which they are currently authenticated.

tags | exploit, web, csrf
SHA-256 | 2b1425b7f0db4e14f7b33d9778f0a59b7e1c1b93b42771c51ac1b69ae8116af3

perfact::mpa Cross Site Request Forgery

Change Mirror Download
Hash: SHA512

Advisory ID: SYSS-2015-071
Product(s): perfact::mpa
Manufacturer: PerFact Innovation GmbH & Co. KG
Affected Version(s): Custom versions using PerFact DB_Utils (Toolkit) < v3.2
Tested Version(s): Custom version with PerFact DB_Utils (Toolkit) < v3.2
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2015-12-18
Solution Date: 2016-01-18
Public Disclosure: 2016-02-29
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg and Sven Freund (SySS GmbH)



The software solution perfact::mpa is a software architecture that, for
instance, is used to build web applications for the secure and reliable
remote maintenance of machines via the Internet (see [1]).

According to the manufacturer, remote control software built with
perfact::mpa impresses through the following features:

* location-independent and central monitoring,
* maintenance and error management,
* authorized remote access, and
* integrated documentation of incidents and services.

Due to missing protection mechanisms, the web application perfact::mpa
is vulnerable to cross-site request forgery (CSRF) attacks.


Vulnerability Details:

The tested web application perfact::mpa offers no protection against
cross-site request forgery (CSRF) attacks. This kind of attack forces
end users respectively their web browsers to perform unwanted actions
in a web application context in which they are currently authenticated.

CSRF attacks specifically target state-changing requests, for example in
order to enable or disable a feature, and not data theft, as an attacker
usually has no possibility to see the response of the forged request.

In general, CSRF attacks are conducted with the help of the victim, for
example by a user visiting an attacker-controlled URL sent by e-mail in
its web browser. Often, cross-site request forgery attacks make use of
cross-site scripting attacks, but this is not mandatory.

CSRF attacks can also be performed against a web application if a victim
is only visiting an attacker-controlled web server. In this case, the
attacker-controlled web server is used to generate a specially crafted
HTTP request in the context of the user's web browser which is then sent
to the vulnerable target web application.


Proof of Concept (PoC):

The SySS GmbH could successfully demonstrate a CSRF attack against the
perfact::mpa web application by using the found persistent cross-site
scripting vulnerability in the file upload functionality (see
security advisory SYSS-2015-066).

The following JavaScript attack vector was used which was automatically
executed when the uploaded attacker-controlled HTML file was opened by a


If this attack vector was executed in the context of a perfact::mpa
system administrator, a new external administrator with the defined
account data would be created.



According to information by the PerFact Innovation GmbH & Co. KG, the
described security issue has been fixed in PerFact DB_Utils (toolkit)
software version 3.2.

Please contact the manufacturer for further information or support.


Disclosure Timeline:

2015-12-18: Vulnerability reported to manufacturer
2016-01-18: Response from manufacturer with detailed information about
the reported security vulnerability and its solution status
2016-02-05: E-mail to manufacturer according two open questions
2016-02-05: Response from manufacturer with further information
2016-02-29: Public release of security advisory



[1] Product Web Site for perfact::mpa
[2] SySS Security Advisory SYSS-2015-071
[3] SySS Responsible Disclosure Policy



This security vulnerability was found by Matthias Deeg and Sven Freund
of the SySS GmbH.

E-Mail: matthias.deeg (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB

E-Mail: sven.freund (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Sven_Freund.asc
Key fingerprint = DCDB 7627 C1E3 9CE8 62DF 2666 8A5F A853 415D 46DC



The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web



Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en


Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By