id: sap-redirect info: name: SAP wide open redirect author: Gal Nagli severity: medium description: A vulnerability in SAP's 'logoff' endpoint allows attackers to redirect victims to their URL of choice. tags: redirect,sap requests: - method: GET path: - "{{BaseURL}}/sap/public/bc/icf/logoff?redirecturl=https://interact.sh" matchers-condition: and matchers: - type: status status: - 302 - type: word words: - "Location: https://www.interact.sh" - "Location: https://interact.sh" condition: or part: header