关联漏洞
Description
Exploit for CVE-2024-4879 affecting Vancouver, Washington DC Now and Utah Platform releases
介绍
# CVE-2024-4879-ServiceNow
**ServiceNow** is a platform for business transformation which helps companies manage digital workflows for enterprise operations.
**CVE-2024-4879** could allow an unauthenticated user to remotely execute code within the Now Platform. This vulnerability exploits three issues by chaining them together: Title Injection, Template Injection Mitigation Bypass, and Filesystem Filter Bypass, to access ServiceNow data.
The affected versions include Vancouver, Washington DC Now and Utah platform releases
**Usage:** python3 exploit.py -i < target_IP >
**Usage example:** python3 exploit.py -i 127.0.0.1
**Disclaimer: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited. I am not responsible for any misuse or damage caused by this script.**
**References:** https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data
文件快照
[4.0K] /data/pocs/7f7911c5f58c8a5a84e8339e936a54eee6d56642
├── [5.7K] exploit.py
└── [ 969] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。