Exploit for Path Traversal in Metabase CVE-2021-41277

## https://sploitus.com/exploit?id=9EE116E1-68CD-543D-95C4-F52C098B9F90
# CVE-2021-41277
Metabase任意文件读取漏洞批量扫描工具

影响版本：

```漏洞
metabase version < 0.40.5
metabase version >= 1.0.0, < 1.40.5
```

修复版本：

```bash
metabase version >= 0.40.5
metabase version >= 1.40.5
```

## 使用说明

```bash
usage: CVE-2021-41277.py [-h] [-u URL] [-f FILE]

CVE-2021-41277

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     url like http://127.0.0.1:8080
  -f FILE, --file FILE  url file path
```

单个`url`扫描

```bash
python3 CVE-2021-41277.py -u http://172.16.0.1:8080
```

批量扫描

```bash
python3 CVE-2021-41277.py -f ./scan.txt
```