WeGIA Open Redirect Vulnerability in control.php Endpoint

An open redirect vulnerability exists in the WeGIA application, specifically in the control.php endpoint prior to version 3.6.2. The issue arises through the nextPage parameter, when used with metodo=listarTodos and nomeClasse=DestinoControle. The application does not properly validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This vulnerability could be exploited for phishing attacks, credential theft, malware distribution, and social engineering, taking advantage of the trusted WeGIA domain.

Impact

Exploitation of this vulnerability allows for open redirection, where users can be sent to external sites, potentially leading to phishing, malware distribution, or other social engineering attacks.

Reproduction

To reproduce this vulnerability, send a GET request to the /WeGIA/controle/control.php endpoint. Include the metodo=listarTodos and nomeClasse=DestinoControle parameters, and manipulate the nextPage parameter to include a URL of an external site, such as google.com. The server will accept the request and redirect to the specified external site, bypassing any internal domain restrictions.

Remediation

Users are advised to update to WeGIA version 3.6.2, where this vulnerability has been fixed.