_______________________________________________________________ | ___________.__ .__ | | ___ ___\_ _____/| | __ __ |__| ____ | | \ \/ / | __) | | | | \| | / ___\ | | > < | \ | |__| | /| | / /_/ > | | /__/\_ \ \___ / |____/|____/ |__| \___ / | | \/ \/ /_____/ | | | | PATH ENUMERATION AND XML ANALISYS | |_______________________________________________________________| | | | # Exploit Title: LFI - TOTVS Fluig Platform (xFluig) | | # Date: 26/11/2020 | | # Exploit Author: Lucas Souza - https://ls4ss.github.io/ | | # Vendor Homepage: totvs.com | | # Version: <== 1.7.0-210217 | | # Tested on: 1.7.0-201124 | | # CVE: CVE-2020-29134 | | | |_______________________________________________________________|