WeGIA Open Redirect Vulnerability in control.php Endpoint

An open redirect vulnerability exists in the WeGIA application, specifically in the control.php endpoint within the /WeGIA/controle/ directory. This vulnerability affects versions through 3.6.1. The issue arises from the nextPage parameter, which is not properly validated or restricted when used with metodo=listarDescricao and nomeClasse=ProdutoControle. As a result, attackers can manipulate the nextPage parameter to redirect users to arbitrary external websites. This flaw can be exploited for phishing attacks, credential theft, malware distribution, and social engineering, all under the guise of the trusted WeGIA domain.

Impact

Exploitation of this vulnerability allows for open redirection, where users can be sent to malicious sites or phishing pages, potentially leading to credential theft or malware distribution.

Reproduction

To reproduce this vulnerability, send a GET request to the /WeGIA/controle/control.php endpoint. Include the metodo parameter set to 'listarDescricao', the nomeClasse parameter set to 'ProdutoControle', and the nextPage parameter with a URL of your choice. The server will accept the request and redirect to the specified URL, bypassing any necessary validation.

Remediation

Users can update to WeGIA version 3.6.2, which addresses this vulnerability.