https://github.com/foxoman/cve-2024-24576-poc---nim
CVE-2024-24576 PoC for Nim Lang
https://github.com/foxoman/cve-2024-24576-poc---nim
Last synced: about 1 month ago
JSON representation
CVE-2024-24576 PoC for Nim Lang
- Host: GitHub
- URL: https://github.com/foxoman/cve-2024-24576-poc---nim
- Owner: foxoman
- Created: 2024-04-11T10:22:10.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-04-11T11:27:28.000Z (about 1 year ago)
- Last Synced: 2024-04-12T17:20:01.574Z (about 1 year ago)
- Language: Nim
- Size: 16.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
**Exploring Command Injection Vulnerabilities in Windows with Nim**
* https://foxoman.hashnode.dev/exploring-command-injection-vulnerabilities-in-windows-with-nim?showSharer=true
Here's a summarized table based on the testing results from the Nim code experiments with different payloads:
| Payload | execProcess_NoQuoteShell | execProcess_QuoteShell | execShellCmd |
|------------------------|--------------------------|------------------------|--------------|
| `nim &calc` | Not Passed | Not Passed | Passed |
| `nim" &calc` | Passed | Not Passed | Not Passed |
| `%CMDCMDLINE:~-1%&calc`| Passed | Passed | Passed |
"Passed" indicates the payload executed in a way that could potentially exploit the BatBadBut vulnerability, demonstrating the nuanced behavior of command execution methods in Nim in response to different types of inputs.
----
- CVE-2024-24576 PoC on GitHub: [https://github.com/frostb1ten/CVE-2024-24576-PoC](https://github.com/frostb1ten/CVE-2024-24576-PoC)
- Flatt Security Research article: [https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/](https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/)