README.md | Loading last commit info... |
README.md
CVE-2024-24576-PoC for Nim Lang
This is a POC for nim lang to apply the BatBadBut
command injection vulnerability in Windows where attackers can inject commands via batch files due to the way the CreateProcess function and cmd.exe parsing rules interact.
Which nim versionis affected:
All
How to test it:
Use the main.nim to test it like this:
First test Double Qoute Escape
55" & calc 87" & whoami
2nd test
%CMDCMDLINE:~-1%&calc.exe