WeGIA Open Redirect Vulnerability in control.php Endpoint

An open redirect vulnerability exists in the WeGIA application, specifically in the control.php endpoint of the WeGIA/controle directory, prior to version 3.6.2. The vulnerability arises from the nextPage parameter, which is not properly validated or restricted. This flaw allows attackers to redirect users to arbitrary external websites, potentially leading to phishing attacks, credential theft, malware distribution, and social engineering, all under the guise of the trusted WeGIA domain.

Impact

Exploitation of this vulnerability allows for open redirection, where users can be sent to malicious external sites, potentially leading to phishing, malware distribution, or other social engineering attacks.

Reproduction

To reproduce this vulnerability, send a GET request to the /WeGIA/controle/control.php endpoint. Include the metodo parameter set to 'listarTodos', the nomeClasse parameter set to 'ProdutoControle', and the nextPage parameter with a URL of your choice. The server will accept the request and redirect to the specified URL, bypassing any necessary validation.

Remediation

Users can update to WeGIA version 3.6.2, where this vulnerability has been fixed.