CVE-2023-38646 PoC — Metabase 安全漏洞

Source

https://github.com/0xrobiul/CVE-2023-38646

Associated Vulnerability

Title:Metabase 安全漏洞 (CVE-2023-38646)
Description:Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞，该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。

Description

Metabase Pre-auth RCE (CVE-2023-38646)!!

Readme

<h1 align="center">
    CVE-2023-38646
  <br>
</h1>
<h4 align="center">Metabase Pre-auth RCE!!</h4>
    <p align="center">
  <a href="https://github.com/0xrobiul/CVE-2023-38646">
    <img src="https://img.shields.io/static/v1?label=Project&message=CVE-2023-38646&color=green">
  </a>
  <a href="https://twitter.com/0xrobiul">
      <img src="https://img.shields.io/twitter/follow/0xrobiul?style=social">
  </a>
  <a href="https://youtu.be/b51LPjD-uTo">
      <img src="https://img.shields.io/youtube/views/b51LPjD-uTo?style=social">
  </a>
  <a href="https://github.com/0xrobiul/CVE-2023-38646">
    <img src="https://img.shields.io/static/v1?label=Version&message=1.0&color=green">
  </a>
</p>
<h1 align="center">
  <br>
  <a href="https://github.com/0xrobiul/CVE-2023-38646"><img src="/Intro.png" alt="CVE-2023-38646"></a>
  <br>
  <br>
</h1>
<h1>Usagse</h1>
<h1 align="center">
  <br>
  <a href="https://github.com/0xrobiul/CVE-2023-38646"><img src="/POC.png" alt="Usagse"></a>
  <br>
  <br>
</h1>
Check Manual Exploitation POC: https://youtu.be/b51LPjD-uTo

File Snapshot


 [4.0K]  /data/pocs/81fcf702bbe1e1bab6929ff9959b0eba7087b687
├── [1.7K]  CVE-2023-38646.py
├── [8.9K]  Intro.png
├── [ 34K]  LICENSE
├── [206K]  POC.png
└── [1.0K]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!