SAP Solution Manager - Open Redirect

What is the "SAP Solution Manager - Open Redirect?"

The "SAP Solution Manager - Open Redirect" module is designed to detect an open redirect vulnerability in SAP Solution Manager. This vulnerability allows an attacker to redirect a user to a malicious website by exploiting the logoff endpoint. The severity of this vulnerability is classified as medium, with a CVSS score of 6.1.

This module was authored by Gal Nagli.

Impact

If successfully exploited, this open redirect vulnerability in SAP Solution Manager can lead to potential security risks. An attacker could redirect users to malicious websites, potentially exposing them to phishing attacks, malware downloads, or other malicious activities.

How the module works?

The "SAP Solution Manager - Open Redirect" module works by sending a GET request to the "/sap/public/bc/icf/logoff" endpoint with a redirect URL parameter. It then checks the response for specific conditions to determine if the open redirect vulnerability exists.

The module's matching conditions include:

- Checking if the response status is a 302 redirect - Checking if the response header contains either "Location: https://www.interact.sh" or "Location: https://interact.sh"

If both conditions are met, the module reports the vulnerability.