Skip to content

This is a script written in Python that allows the exploitation of the Metabase's software security flaw described in CVE-2023-38646.

License

Notifications You must be signed in to change notification settings

m3m0o/metabase-pre-auth-rce-poc

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Metabase Pre-Auth RCE (CVE-2023-38646) POC

This is a script written in Python that allows the exploitation of the Metabase's software security flaw described in CVE-2023-38646. The system is vulnerable in versions preceding 0.46.6.1, in the open-source edition, and preceding 1.46.6.1, in the enterprise edition.

Usage

The script needs the target URL, the setup token and a command that will be executed. The setup token can be obtained through the /api/session/properties endpoint. Copy the value of the setup-token key.

setup-token value

The command will be executed on the target machine with the intention of obtaining a reverse shell. You can find different options in RevShells. Having the setup-token value and the command that will be executed, you can run the script with the following command:

python3 main.py -u http://[targeturl] -t [setup-token] -c "[command]"

script demo

References

Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)

Reproducing CVE-2023-38646: Metabase Pre-auth RCE

About

This is a script written in Python that allows the exploitation of the Metabase's software security flaw described in CVE-2023-38646.

Topics

Resources

License

Stars

Watchers

Forks

Languages