Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "SAP Solution Manager - Open Redirect" module is designed to detect an open redirect vulnerability in SAP Solution Manager. This vulnerability allows an attacker to redirect a user to a malicious website by exploiting the logoff endpoint. The severity of this vulnerability is classified as medium, with a CVSS score of 6.1.
This module was authored by Gal Nagli.
If successfully exploited, this open redirect vulnerability in SAP Solution Manager can lead to potential security risks. An attacker could redirect users to malicious websites, potentially exposing them to phishing attacks, malware downloads, or other malicious activities.
The "SAP Solution Manager - Open Redirect" module works by sending a GET request to the "/sap/public/bc/icf/logoff" endpoint with a redirect URL parameter. It then checks the response for specific conditions to determine if the open redirect vulnerability exists.
The module's matching conditions include:
- Checking if the response status is a 302 redirect - Checking if the response header contains either "Location: https://www.interact.sh" or "Location: https://interact.sh"If both conditions are met, the module reports the vulnerability.