关联漏洞
标题:
Metabase 安全漏洞
(CVE-2023-38646)
描述:Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞,该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。
描述
Tools to exploit metabase CVE-2023-38646
介绍
# Poc-Metabase-Preauth-CVE-2023-38646
Ho to use?
```
λ cve git clone https://github.com/LazyySec/CVE-2023-38646.git
λ cve cd Poc-Metabase-Preauth-CVE-2023-38646
λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) go build CVE-2023-38646-Exploit.go
λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) ✗ go build Reverse-Shell.go
λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) ✗ ./CVE-2023-38646-Exploit --help
Usage of ./CVE-2023-38646-Exploit:
-ip string
IP address
-list string
Filename containing list of IP addresses
λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) ✗ ./Reverse-Shell --help
Usage of ./Reverse-Shell:
-lhost string
Listener IP address
-lport int
Listener port (default is 4444) (default 4444)
-rhost string
Metabase server IP address (including http:// or https:// and port number if needed)
```
Enjoy :)
文件快照
[4.0K] /data/pocs/3ddcf0648e956bd86806980e8f383741505f83f3
├── [2.1K] CVE-2023-38646.go
├── [4.4K] CVE-2023-38646-Reverse-Shell.go
├── [ 875] README.md
└── [114K] Screen Shot 2023-07-31 at 12.39.47.png
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。