nuclei-templates/vulnerabilities/other/servicenow-helpdesk-credent...

33 lines
739 B
YAML
Raw Normal View History

id: servicenow-helpdesk-credential
info:
name: ServiceNow Helpdesk Credential Exposure
author: ok_bye_now
severity: high
description: Detection of exposed credentials in help the help desk JS file.
reference:
- https://jordanpotti.com/2021/02/21/ServiceNow-HelpTheHelpDeskAndTheHackers/
tags: servicenow,exposure
requests:
- method: GET
path:
- "{{RootURL}}/HelpTheHelpDesk.jsdbx"
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'var httpPassword = "encrypt:'
- type: status
status:
- 200
extractors:
- type: regex
group: 1
regex:
- 'var server = "([a-z:/0-9.-]+)"'