CVE-2023-38646 PoC — Metabase 安全漏洞

Source

https://github.com/Shisones/MetabaseRCE_CVE-2023-38646

Associated Vulnerability

Title:Metabase 安全漏洞 (CVE-2023-38646)
Description:Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞，该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。

Readme

# Metabase Pre-Auth RCE (CVE-2023-38646) PoC

A proof of concept of CVE-2023-38646, a Metabase exploit that allows user to do Remote Code Execution utilizing the setup token found in /api/session/properties to send a payload encoded in base64

# Usage
` ./MetabaseRCE_CVE-2023-38646 -u [target url] -t [target token] -c [command] `

File Snapshot


 [4.0K]  /data/pocs/0fabee5f01991cedd2d6d05ecddcb1986888ab50
├── [ 34K]  Cargo.lock
├── [ 668]  Cargo.toml
├── [1.6M]  MetabaseRCE_CVE-2023-38646
├── [ 335]  README.md
└── [4.0K]  src
    └── [4.2K]  main.rs

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!