id: sap-redirect info: name: SAP wide open redirect author: Gal Nagli severity: medium tags: redirect,sap requests: - method: GET path: - "{{BaseURL}}/sap/public/bc/icf/logoff?redirecturl=https://example.com" matchers-condition: and matchers: - type: status status: - 302 - type: word words: - "Location: https://www.example.com" - "Location: https://example.com" condition: or part: header