id: servicenow-helpdesk-credential info: name: ServiceNow Helpdesk Credential Exposure author: ok_bye_now severity: high description: Detection of exposed credentials in help the help desk JS file. reference: https://jordanpotti.com/2021/02/21/ServiceNow-HelpTheHelpDeskAndTheHackers/ tags: servicenow,exposure requests: - method: GET path: - "{{RootURL}}/HelpTheHelpDesk.jsdbx" redirects: true max-redirects: 2 matchers-condition: and matchers: - type: word words: - 'var httpPassword = "encrypt:' - type: status status: - 200 extractors: - type: regex group: 1 regex: - 'var server = "([a-z:/0-9.-]+)"'