ServiceNow is a platform for business transformation which helps companies manage digital workflows for enterprise operations.
CVE-2024-4879 could allow an unauthenticated user to remotely execute code within the Now Platform. This vulnerability exploits three issues by chaining them together: Title Injection, Template Injection Mitigation Bypass, and Filesystem Filter Bypass, to access ServiceNow data.
The affected versions include Vancouver, Washington DC Now and Utah platform releases
Usage: python3 exploit.py -i < target_IP >
Usage example: python3 exploit.py -i 127.0.0.1
Disclaimer: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited. I am not responsible for any misuse or damage caused by this script.
References: https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data