### [CVE-2020-6215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6215)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20AS%20ABAP%20(Business%20Server%20Pages%20Test%20Application%20IT00)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C700%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=URL%20Redirection&color=brighgreen)

### Description

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

### POC

#### Reference
- http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html
- http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html
- http://seclists.org/fulldisclosure/2023/Oct/13
- http://seclists.org/fulldisclosure/2023/Oct/13

#### Github
No PoCs found on GitHub currently.