CVE-2022-28219

This PoC exploits CVE-2022-28219, a deserialization vulnerability in Apache Solr, by crafting a malicious XML payload with XXE and Java deserialization to achieve remote code execution. It includes a custom web server to host malicious DTD and JAR files for payload delivery.

This repository contains a proof-of-concept exploit for CVE-2022-28219, an XXE vulnerability in ManageEngine ADAudit Plus. The exploit demonstrates file reading, password hash retrieval, and arbitrary file planting via XXE and deserialization attacks.

This repository contains a stub implementation mimicking CVE-2022-28219, focusing on XML parsing in a servlet. It lacks exploit payloads or offensive techniques, serving as a basic test environment.

This Metasploit module exploits CVE-2022-28219, a combination of path traversal and blind XXE vulnerabilities in ManageEngine ADAudit Plus to upload and execute a malicious payload. It leverages Java deserialization for remote code execution.