/CVE-2023-33733

This project aims at re-analyzing and PoC about CVE-2023-33733. Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

Primary LanguageHTML

CVE-2023-33733 on Reportlab v3.6.12

This lab was set up to test CVE-2023-33733.

Analyzing process

You can see our analyzing process about this CVE in PDF file on main repo.

Setup and Run

Server

Setup

pip3 install -r requirements.txt

Run

python3 app.py

Attacker

Connect to server

Connect to server IP address http://{Server_IP}:4444
After running, you will see an interface like this, you can upload malicious HTML file to see the RCE. Screenshot 2024-04-22 194130

Listening and uploading file

nc -lvnp 4444

Then, upload your evil.html and get the reverse shell image