关联漏洞
标题:
Metabase 安全漏洞
(CVE-2023-38646)
描述:Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞,该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。
描述
This is a script written in Python that allows the exploitation of the Metabase's software security flaw described in CVE-2023-38646.
介绍
# Metabase Pre-Auth RCE (CVE-2023-38646) POC
This is a script written in Python that allows the exploitation of the **Metabase's** software security flaw described in **CVE-2023-38646.** The system is vulnerable in versions preceding **0.46.6.1**, in the open-source edition, and preceding **1.46.6.1**, in the enterprise edition.
## Usage
The script needs the **target URL**, the **setup token** and a **command** that will be executed. The setup token can be obtained through the ```/api/session/properties``` endpoint. Copy the value of the ```setup-token``` key.
The **command** will be executed on the target machine with the intention of obtaining a **reverse shell**. You can find different options in [RevShells](https://revshells.com). Having the **setup-token** value and the **command** that will be executed, you can run the script with the following command:
```python3 main.py -u http://[targeturl] -t [setup-token] -c "[command]"```
## References
[Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)](https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/)
[Reproducing CVE-2023-38646: Metabase Pre-auth RCE](https://blog.calif.io/p/reproducing-cve-2023-38646-metabase)
文件快照
[4.0K] /data/pocs/add3843ff948f42d036a8faf961e382e814dc7b4
├── [ 11K] LICENSE
├── [2.0K] main.py
└── [1.3K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。