# Metabase Pre-Auth RCE (CVE-2023-38646) POC

This is a script written in Python that allows the exploitation of the **Metabase's** software security flaw described in **CVE-2023-38646.** The system is vulnerable in versions preceding ****, in the open-source edition, and preceding ****, in the enterprise edition.

## Usage

The script needs the **target URL**, the **setup token** and a **command** that will be executed. The setup token can be obtained through the ```/api/session/properties``` endpoint. Copy the value of the ```setup-token``` key.

![setup-token value](

The **command** will be executed on the target machine with the intention of obtaining a **reverse shell**. You can find different options in [RevShells]( Having the **setup-token** value and the **command** that will be executed, you can run the script with the following command:

```python3 -u http://[targeturl] -t [setup-token] -c "[command]"```

![script demo](

## References

[Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)](

[Reproducing CVE-2023-38646: Metabase Pre-auth RCE](