nuclei-templates/http/vulnerabilities/other/servicenow-helpdesk-credent...

id: servicenow-helpdesk-credential

info:
  name: ServiceNow Helpdesk Credential Exposure
  author: ok_bye_now
  severity: high
  description: Detection of exposed credentials in help the help desk JS file.
  reference:
    - https://jordanpotti.com/2021/02/21/ServiceNow-HelpTheHelpDeskAndTheHackers/
  tags: servicenow,exposure
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{RootURL}}/HelpTheHelpDesk.jsdbx"

    host-redirects: true
    max-redirects: 2
    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'var httpPassword = "encrypt:'

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        group: 1
        regex:
          - 'var server = "([a-z:/0-9.-]+)"'
Added ServiceNow Helpdesk Credential Exposure (#3371) * Added ServiceNow Helpdesk Credential Exposure Co-Authored-By: JP <19959240+jordanpotti@users.noreply.github.com> * matcher update Co-authored-by: JP <19959240+jordanpotti@users.noreply.github.com> 2021-12-19 18:12:01 +00:00			`id: servicenow-helpdesk-credential`

			`info:`
			`name: ServiceNow Helpdesk Credential Exposure`
			`author: ok_bye_now`
			`severity: high`
			`description: Detection of exposed credentials in help the help desk JS file.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://jordanpotti.com/2021/02/21/ServiceNow-HelpTheHelpDeskAndTheHackers/`
Added ServiceNow Helpdesk Credential Exposure (#3371) * Added ServiceNow Helpdesk Credential Exposure Co-Authored-By: JP <19959240+jordanpotti@users.noreply.github.com> * matcher update Co-authored-by: JP <19959240+jordanpotti@users.noreply.github.com> 2021-12-19 18:12:01 +00:00			`tags: servicenow,exposure`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
Added ServiceNow Helpdesk Credential Exposure (#3371) * Added ServiceNow Helpdesk Credential Exposure Co-Authored-By: JP <19959240+jordanpotti@users.noreply.github.com> * matcher update Co-authored-by: JP <19959240+jordanpotti@users.noreply.github.com> 2021-12-19 18:12:01 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Added ServiceNow Helpdesk Credential Exposure (#3371) * Added ServiceNow Helpdesk Credential Exposure Co-Authored-By: JP <19959240+jordanpotti@users.noreply.github.com> * matcher update Co-authored-by: JP <19959240+jordanpotti@users.noreply.github.com> 2021-12-19 18:12:01 +00:00			`- method: GET`
			`path:`
			`- "{{RootURL}}/HelpTheHelpDesk.jsdbx"`

Using "host-redirects" instead of "redirects" to avoid scanning 3rd party / out of scope hosts. (#5491) 2022-10-07 21:27:25 +00:00			`host-redirects: true`
Added ServiceNow Helpdesk Credential Exposure (#3371) * Added ServiceNow Helpdesk Credential Exposure Co-Authored-By: JP <19959240+jordanpotti@users.noreply.github.com> * matcher update Co-authored-by: JP <19959240+jordanpotti@users.noreply.github.com> 2021-12-19 18:12:01 +00:00			`max-redirects: 2`
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- 'var httpPassword = "encrypt:'`

			`- type: status`
			`status:`
			`- 200`

			`extractors:`
			`- type: regex`
			`group: 1`
			`regex:`
			`- 'var server = "([a-z:/0-9.-]+)"'`