- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ Target IP: 202.155.61.82
+ Target Hostname:
www.gunadarma.ac.id+ Target Port: 80
+ Start Time: 2009-05-22 9:44:09
---------------------------------------------------------------------------
+ Server: Apache 2 - GUNADARMA
+ All CGI directories 'found', use '-C none' to test none
- Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
+ OSVDB-0: Retrieved X-Powered-By header: PHP/5.2.6
+ OSVDB-5737: WebLogic may reveal its internal IP or hostname in the Location header. The value is "http://www.gunadarma.ac.id/".
+ OSVDB-0: Non-standard header x-pad returned by server, with contents: avoid browser bug
+ OSVDB-637: GET /~root - Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).
+ OSVDB-0: GET /cgi-sys/guestbook.cgi : May allow attackers to execute commands as the web daemon.
+ OSVDB-0: GET /cgi-sys/Count.cgi : This may allow attackers to execute arbitrary commands on the server
+ OSVDB-3233: GET /mailman/listinfo : Mailman was found on the server.
+ OSVDB-3092: GET /sitemap.xml : This gives a nice listing of the site content.
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3092: GET /cgi-sys/entropysearch.cgi : Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /cgi-sys/FormMail-clone.cgi : Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /cgi-sys/mchat.cgi : Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /cgi-sys/scgiwrap : Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: GET /img/ : This may be interesting...
+ OSVDB-3092: GET /lib/ : This might be interesting...