CVE-2023-33733

This PoC demonstrates a bypass of ReportLab's sandboxed `rl_safe_eval` to achieve remote code execution via a custom `type` class manipulation and attribute access bypass. The exploit leverages a crafted `Word` class to bypass safety checks and access restricted attributes.

This is a Python-based exploit PoC for CVE-2023-33733, which leverages a command injection vulnerability in the target software. The script allows for authenticated RCE by sending a malicious payload via a crafted multipart/form-data request to the /leaveRequest endpoint.

This repository contains a Flask-based web application designed to test CVE-2023-33733, a vulnerability in ReportLab. The application allows users to upload HTML files, which are then converted to PDFs using ReportLab's SimpleDocTemplate, potentially exposing the vulnerability.

This repository contains a working PoC for CVE-2023-33733, demonstrating an RCE vulnerability in ReportLab v3.6.12. The exploit involves uploading a malicious HTML file to trigger remote code execution via the ReportLab library's handling of HTML content.

The repository contains only a README.md file mentioning CVE-2023-33733, a Remote Code Execution vulnerability in the Reportlab Library. No exploit code or technical details are provided.