This exploits an External Entity Injection XXE in Manage Engine Service Desk 9.3 as seen in this great writeup thanks allot man this helped a great deal in the ctf I wrote this for hackthebox.eu kicks ass
https://labs.integrity.pt/advisories/cve-2017-9362/index.html