Zucchetti Ad Hoc Infinity Unvalidated Redirect Vulnerability

A vulnerability in Zucchetti Ad Hoc Infinity version 2.4 allows for unvalidated redirection after authentication. The issue arises from an improper check on the 'm_cURL' parameter, which can be manipulated to redirect users to attacker-controlled websites. While the application attempts to block external URLs, it fails to sanitize relative URLs starting with '//'', enabling redirection to external sites.

Impact

Exploitation of this vulnerability could lead to phishing attacks, where users are redirected to malicious websites after logging into the application.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the login page. Send a request with the 'm_cURL' parameter set to a URL starting with '//', such as '//example.com/test.jsp'. After authentication, the 'Location' response header will reflect the malicious URL, and the browser will redirect to it, bypassing the intended URL validation.

Remediation

Users are advised to update to Zucchetti Ad Hoc Infinity version 4.2, where this vulnerability has been patched.