nuclei-templates/vulnerabilities/other/sap-redirect.yaml

30 lines
619 B
YAML
Raw Normal View History

2021-08-07 06:01:58 +00:00
id: sap-redirect
info:
name: SAP wide open redirect
author: Gal Nagli
severity: medium
2021-10-25 06:58:59 +00:00
description: A vulnerability in SAP's 'logoff' endpoint allows attackers to redirect victims to their URL of choice.
2021-08-07 09:30:29 +00:00
tags: redirect,sap
2021-08-07 06:01:58 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/sap/public/bc/icf/logoff?redirecturl=https://example.com"
matchers-condition: and
matchers:
2021-08-07 09:30:29 +00:00
2021-08-07 06:01:58 +00:00
- type: status
status:
- 302
2021-08-07 09:30:29 +00:00
2021-08-07 06:01:58 +00:00
- type: word
words:
- "Location: https://www.example.com"
- "Location: https://example.com"
condition: or
part: header