Skip to content

Mr-r00t11/CVE-2024-4879

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2024-4879

CVE-2024-4879.py is a Python script designed to detect specific vulnerabilities in ServiceNow instances and dump database connection details if the vulnerability is found. This tool is particularly useful for security researchers and penetration testers.

Features

  • Scans URLs for a specific vulnerability in ServiceNow.
  • Dumps database connection details if the vulnerability is detected.
  • Handles SSL warnings and request timeouts.
  • Provides clear console output with color-coded results.

Requirements

  • Python 3.x
  • requests library
  • argparse library
  • urllib3 library
  • colorama library

Installation

  1. Clone the repository:
git clone https://github.com/Mr-r00t11/CVE-2024-4879.git
cd CVE-2024-4879
  1. Install the required Python packages:

pip install requests argparse urllib3 colorama

Usage

  1. Prepare a file containing a list of URLs to scan. Each URL should be on a new line.

  2. Run the script with the file as an argument:

python CVE-2024-4879.py -f urls.txt

Example

python CVE-2024-4879.py -f urls.txt

Output

[Screenshot_1.png]

The script will output the results of the scan, indicating whether the vulnerability was found and whether the database connection details were successfully dumped. If the details are dumped, the relevant information will be printed in the following format:

glide.db.name = servicenow 
glide.db.rdbms = BD 
glide.db.url = jdbc:BD://127.0.0.1:3306/ 
glide.db.user = user 
glide.db.password = password

Script Details

check_vulnerability(url)

This function checks the given URL for the specific vulnerability. If found, it attempts to dump the database connection details.

format_db_details(details)

This function formats the dumped database connection details to a readable format.

main()

The main function handles the argument parsing and file reading, and it initiates the vulnerability checks.

Disclaimer

This tool is intended for educational purposes and should only be used on systems where you have explicit permission to conduct security testing. Misuse of this tool may result in legal consequences.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages