diff --git a/http/misconfiguration/servicenow-filesystem-bypass.yaml b/http/misconfiguration/servicenow-filesystem-bypass.yaml
index 13c1ab80ca..77ef0440cd 100644
--- a/http/misconfiguration/servicenow-filesystem-bypass.yaml
+++ b/http/misconfiguration/servicenow-filesystem-bypass.yaml
@@ -4,16 +4,42 @@ info:
name: Service Now - Filesystem Filter Bypass
author: DhiyaneshDk
severity: high
+ reference:
+ - https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data
+ classification:
+ cpe: cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*
+ metadata:
+ verified: true
+ max-request: 1
+ vendor: servicenow
+ product: servicenow
+ shodan-query:
+ - http.favicon.hash:1701804003
+ - http.title:"servicenow"
+ fofa-query:
+ - icon_hash=1701804003
+ - title="servicenow"
+ google-query: intitle:"servicenow"
+ tags: cve,cve2024,servicenow,rce
http:
- raw:
- |
- GET /login.do?jvar_page_title= HTTP/1.1
+ GET /login.do?jvar_page_title= HTTP/1.1
Host: {{Hostname}}
-
+
matchers-condition: and
matchers:
- type: word
part: body
words:
- - 'db.user'
+ - "glide.db.user"
+
+ - type: word
+ part: header
+ words:
+ - 'text/html'
+
+ - type: status
+ status:
+ - 200