Back to directory

WRITEUP #1027

ServiceNow Insecure Access Control To Full Admin Takeover

Privilege EscalationBroken Access ControlAccount takeover

by@Rezk0n(Rezk0n)

Program

ServiceNow

Published

Jun 26, 2023

Added to HackDex

Jul 4, 2023

Read Full Writeuphttps://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/

▸ RELATED WRITEUPS

Vestaboard: Exploring Broken Access Controls and Privilege Escalation

Privilege EscalationBroken Access Control

How I Earned $469 Bounty: Bypassing Plan Restriction

Privilege EscalationBroken Access Control

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

Escalating From Reader To Contributor In Azure API Management

Privilege Escalation

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat