Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-33733 PoC — Reportlab 安全漏洞

Source
https://github.com/buiduchoang24/CVE-2023-33733
Associated Vulnerability
Title:Reportlab 安全漏洞 (CVE-2023-33733)
Description:Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
Description
This project aims at re-analyzing and PoC about CVE-2023-33733. Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
Readme
# CVE-2023-33733 on Reportlab v3.6.12
This lab was set up to test CVE-2023-33733.

## Analyzing process
You can see our analyzing process about this CVE in PDF file on main repo.

## Setup and Run

### Server
#### Setup
```bash
pip3 install -r requirements.txt
```
#### Run
```bash
python3 app.py
```
### Attacker

#### Connect to server

Connect to server IP address
```http://{Server_IP}:4444```<br>
After running, you will see an interface like this, you can upload malicious HTML file to see the RCE.
![Screenshot 2024-04-22 194130](https://github.com/buiduchoang24/CVE-2023-33733/assets/166605385/e504481a-9252-4b8e-b84d-ccab69217c4c)

#### Listening and uploading file
```bash
nc -lvnp 4444
```
Then, upload your evil.html and get the reverse shell
![image](https://github.com/buiduchoang24/CVE-2023-33733/assets/166605385/ffc6a9ea-35b8-4d6e-a6e7-35ede299328e)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →