漏洞描述
Detection of exposed credentials in help the help desk JS file.
servicenow-helpdesk-credential: ServiceNow Helpdesk Credential Exposure
PoC代码[已公开]
id: servicenow-helpdesk-credential
info:
name: ServiceNow Helpdesk Credential Exposure
author: ok_bye_now
severity: high
description: Detection of exposed credentials in help the help desk JS file.
reference:
- https://jordanpotti.com/2021/02/21/ServiceNow-HelpTheHelpDeskAndTheHackers/
metadata:
max-request: 1
tags: servicenow,exposure,vuln
http:
- method: GET
path:
- "{{RootURL}}/HelpTheHelpDesk.jsdbx"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
words:
- 'var httpPassword = "encrypt:'
- type: status
status:
- 200
extractors:
- type: regex
group: 1
regex:
- 'var server = "([a-z:/0-9.-]+)"'
# digest: 4a0a00473045022026d7dfbf3ed9c29f87b8e9f5bf82870b12a0754b25dc4aa5796ce8679bfb2bad022100a688e326fa1d9aac0b434ad6ca41665396637e7ed5434107ae8b542c159bc0b5:922c64590222798bb761d5b6d8e72950