Exploit for Improper Restriction of XML External Entity Reference in Zohocorp Manageengine Adaudit Plus CVE-2022-28219

Name: Exploit for Improper Restriction of XML External Entity Reference in Zohocorp Manageengine Adaudit Plus CVE-2022-28219
Rating: 5 (157 reviews)

2022-07-01 | CVSS 7.5

## https://sploitus.com/exploit?id=A3F963F7-901D-50B2-ADE8-7AE81BD644AA
Code to support my [CVE-2022-28219 analysis](https://attackerkb.com/topics/Zx3qJlmRGY/cve-2022-28219/rapid7-analysis).

To execute, with Ruby and Rubygems installed:

```
gem install httparty
ruby ./manageengine-poc.rb <target> <port> <domain> <your ip>
```

This is designed as a proof of concept, not a stable exploit. It only runs calc. :)