Metabase Pre-Auth RCE (CVE-2023-38646) PoC

A proof of concept of CVE-2023-38646, a Metabase exploit that allows user to do Remote Code Execution utilizing the setup token found in /api/session/properties to send a payload encoded in base64

Usage

./MetabaseRCE_CVE-2023-38646 -u [target url] -t [target token] -c [command]

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
src		src
.gitignore		.gitignore
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
MetabaseRCE_CVE-2023-38646		MetabaseRCE_CVE-2023-38646
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

src

src

.gitignore

.gitignore

Cargo.lock

Cargo.lock

Cargo.toml

Cargo.toml

MetabaseRCE_CVE-2023-38646

MetabaseRCE_CVE-2023-38646

README.md

README.md

Repository files navigation

Metabase Pre-Auth RCE (CVE-2023-38646) PoC

Usage

About

Releases

Packages

Languages

Shisones/MetabaseRCE_CVE-2023-38646

Folders and files

Latest commit

History

Repository files navigation

Metabase Pre-Auth RCE (CVE-2023-38646) PoC

Usage

About

Resources

Stars

Watchers

Forks

Languages