Scan report for "blc.ub.ac.id"

  1. Nikto Online
  2. Scan report for "blc.ub.ac.id"
Membership level: Free member
Summary

Found

114

Duration

1min 1sec

Date

2025-11-30

IP

172.66.168.182

Report
Nikto scan (max 60 sec) (nikto -host blc.ub.ac.id -maxtime 60)
- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 172.66.168.182, 104.20.43.194, 2606:4700:10::6814:2bc2, 2606:4700:10::ac42:a8b6
+ Target IP:          172.66.168.182
+ Target Hostname:    blc.ub.ac.id
+ Target Port:        80
+ Start Time:         2025-11-30 02:53:38 (GMT-8)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Uncommon header 'server-timing' found, with contents: cfEdge;dur=2,cfOrigin;dur=0.
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ All CGI directories 'found', use '-C none' to test none
+ /: Uncommon header 'proxy-status' found, with contents: Cloudflare-Proxy;error=http_request_error.
+ /scripts/iisadmin/ism.dll: Allows you to mount a brute force attack on passwords.
+ /scripts/tools/ctss.idc: This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.
+ /scripts/Carello/Carello.dll: Carello 1.3 may allow commands to be executed on the server by replacing hidden form elements. This could not be tested by Nikto. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0614
+ /readme.eml: Remote server may be infected with the Nimda virus.
+ /scripts/httpodbc.dll: Possible IIS backdoor found.
+ /scripts/proxy/w3proxy.dll: MSProxy v1.0 installed.
+ /view_source.jsp: Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \..\ directory traversal. This script may be vulnerable.
+ /webcgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-914/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-915/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /mpcgi/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /ows-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /htbin/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgis/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /scripts/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-win/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-exe/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-home/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi-mod/foxweb.dll: Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0762
+ /cgi.cgi/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-914/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-915/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-sys/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /scripts/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-exe/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-home/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-perl/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /scgi-bin/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /cgi-bin-sdb/wconsole.dll: It may be possible to overflow this dll with 1024 bytes of data.
+ /webcgi/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-914/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-915/.cobalt: May allow remote admin of CGI scripts.
+ /bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-local/.cobalt: May allow remote admin of CGI scripts.
+ /htbin/.cobalt: May allow remote admin of CGI scripts.
+ /cgibin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-win/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-exe/.cobalt: May allow remote admin of CGI scripts.
+ /scgi-bin/.cobalt: May allow remote admin of CGI scripts.
+ /cgi-mod/.cobalt: May allow remote admin of CGI scripts.
+ /forum/admin/wwforum.mdb: Web Wiz Forums password database found. See: https://seclists.org/bugtraq/2003/Apr/238
+ /guestbook/admin/o12guest.mdb: Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password. See: https://www.exploit-db.com/exploits/22484
+ /mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb: MPCSoftWeb Guest Book passwords retrieved. See: https://www.exploit-db.com/exploits/22513
+ /news/news.mdb: Web Wiz Site News release v3.06 admin password database is available and unencrypted.
+ /database/db2000.mdb: Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root. See: https://www.medae.co/en/max/web-app
+ /cgi.cgi/.access: Contains authorization information.
+ /webcgi/.access: Contains authorization information.
+ /cgi-914/.access: Contains authorization information.
+ /cgi-915/.access: Contains authorization information.
+ /cgibin/.access: Contains authorization information.
+ /fcgi-bin/.access: Contains authorization information.
+ /cgi-exe/.access: Contains authorization information.
+ /cgi-home/.access: Contains authorization information.
+ /cgi-perl/.access: Contains authorization information.
+ /scgi-bin/.access: Contains authorization information.
+ /cgi-mod/.access: Contains authorization information.
+ /pw/storemgr.pw: Encrypted ID/Pass for Mercantec's SoftCart. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0609
+ /ws_ftp.ini: Can contain saved passwords for FTP sites.
+ /forum/admin/database/wwForum.mdb: Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein.
+ /cgi.cgi/shtml.dll: This may allow attackers to retrieve document source.
+ /bin/shtml.dll: This may allow attackers to retrieve document source.
+ /mpcgi/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-bin/shtml.dll: This may allow attackers to retrieve document source.
+ /ows-bin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-sys/shtml.dll: This may allow attackers to retrieve document source.
+ /cgibin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgis/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-win/shtml.dll: This may allow attackers to retrieve document source.
+ /fcgi-bin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-home/shtml.dll: This may allow attackers to retrieve document source.
+ /scgi-bin/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-bin-sdb/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi-mod/shtml.dll: This may allow attackers to retrieve document source.
+ /cgi.cgi/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /webcgi/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-914/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /ows-bin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-sys/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /htbin/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgis/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-exe/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /cgi-perl/post32.exe|dir%20c:\\: post32 can execute arbitrary commands.
+ /IDSWebApp/IDSjsp/Login.jsp: Tivoli Directory Server Web Administration.
+ /nsn/..%5Cutil/attrib.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/chkvol.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/copy.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/del.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/dir.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/glist.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/lancard.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/rd.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/ren.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cutil/type.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cweb/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /nsn/..%5Cwebdemo/env.bas: Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server.
+ /USER/CONFIG.AP: MIPCD configuration information. MIPCD should not have the web interface enabled.
+ /webcgi/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-914/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-915/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /mpcgi/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /ows-bin/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgis/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /scripts/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-exe/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-perl/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ /cgi-mod/snorkerz.cmd: Arguments passed to DOS CGI without checking.
+ Scan terminated: 0 error(s) and 114 item(s) reported on remote host
+ End Time:           2025-11-30 02:54:39 (GMT-8) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Trustpilot
Online Nikto scanner - Online Nikto web server scanner | Product Hunt
Detailed report
Target
blc.ub.ac.id
Target IP
172.66.168.182
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host blc.ub.ac.id -maxtime 60
Duration
Quick report
Scan date
30 Nov 2025 05:54
Copy scan report
Download report
Remove scan result
$
Total scans
Check ports
API - Scan ID