Redirections: How They Threaten SAP Cybersecurity

Apr 4, '18 by Joerg Schneider-Simon

Anybody who has ever visited a web page has likely been redirected at some point, such as when older links get redirected to updated ones or visiting a “My Account” page redirects to the login page. Even on apps, this is common: When logging into a banking app, for example, a redirect might bring the user to a new page promoting a service.

Redirections can be helpful, steering app users and website visitors away from dead ends and toward the information or functions that they seek.

However, when redirections are used maliciously, they can create unfathomable amounts of damage. And if that damage is aimed at mission-critical SAP systems, it could jeopardize the company’s security, reputation, and even its very future.

How Do Redirections Happen?

Redirects use code that specifically names the URL to which the visitor should be redirected. Usually that URL is provided by the application. However, when the destination of the redirection is coded in a URL parameter or a hidden form value, a so-called Open Redirect Vulnerability is created.

Attackers can exploit these vulnerabilities by injecting a malicious URL into those parameters and redirect victims to URLs that will ultimately cause them harm.

The attack itself often presents itself in one of two ways:


These are emails from legitimate-looking sources, with a link that appears to point to the correct domain. However, in the middle of the URL are parameters that change the link destination. To be extra devious, some cyberattackers will manipulate the code so the victim is first taken to a legitimate login page, and THEN redirected to a fake website where the victim is asked to re-enter their password. Once that’s happened, the victim is sent back to the legitimate website, with no idea that their username and password have just been stolen.


In addition to stealing credentials, redirects can be used to infect unwitting users with malware. For example, the victim can be easily redirected to a page that contains malicious JavaScript which will run as soon as the web page is opened (even if the page doesn’t fully load). At that point, the user’s system is infected with malware, which can go on to wreak havoc. After that, the user is redirected again to the original destination, so victims don’t even notice that double-redirect. Such attacks are commonly referred to as “drive-by infection”

How Do Redirections Affect SAP?

Considering both SAP and FIORI allow users to input information into applications and upload files, the last thing any cybersecurity professional wants is for end-users’ credentials to become compromised or their devices to wind up teeming with malware.

If cyberattackers gain access to SAP applications via stolen login information, they can then insert malicious code into these applications, pulling off cross-site scripting (XSS) attacks, directory traversal attacks, and SQL injections.

If users’ devices are infected with malware, they could inadvertently upload infected attachments to SAP applications like CRM, SRM, or ERP, where the malware can then quickly spread and possibly impact vital data and systems.

How Can You Protect Your SAP System?

The bad news is that unless every single website administrator tightens up its redirect coding, malicious redirects will always take place.

The good news is this doesn’t have to affect your SAP system.

By implementing robust SAP cybersecurity solutions made specifically for SAP’s unique structure, companies can easily detect and block any malicious code from affecting their applications and any damaging malware from accessing their system.



New Call-to-action