关联漏洞
介绍
# CVE-2024-4879
ServiceNow, a widely used platform for business transformation, has recently disclosed three critical security vulnerabilities that could have severe consequences for organizations worldwide. These vulnerabilities, identified as CVE-2024–4879, CVE-2024–5217, and CVE-2024–5178, affect various versions of the Now Platform.
The most alarming of these flaws are CVE-2024–4879 and CVE-2024–5217, both carrying a critical CVSSv4 score of 9.3 and 9.2, respectively. These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform, potentially leading to complete system compromise, data theft, and disruption of critical business operations.
## Dorking
```
FOFA Query: app="servicenow-Products"
SHODAn Query: Server: ServiceNow
```
## Features
- Can Scans mass targets
- Dump Database
- Handles SSL warnings
## Installation
```
git clone https://github.com/0xWhoami35/CVE-2024-4879.git
cd CVE-2024-4879
pip3 install -r requirements.txt (Install python library)
python3 exp.py -i https://example.com (For Single Target)
python3 exp.py -m urls.txt (For multiple targets)
```
## PoC
![Uploading image.png…]()
文件快照
[4.0K] /data/pocs/7e0ab517e64a564294b6919bd67ee5a4fc63fcfd
├── [6.7K] exp.py
├── [1.2K] README.md
└── [ 44] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。