Few months ago Ambionics Security team had the chance to audit Oracle PeopleSoft solutions. PeopleSoft applications contain a lot of unauthenticated endpoints with several not well documented XXE vulnerabilities. We'll show how you can get a full SYSTEM shell from that.