Check For Bdir.htr Files Network Vulnerability

Summary

The file bdir.htr is a default IIS files which can give a malicious user a lot of unnecessary information about your file system. Specifically, the bdir.htr script allows the user to browse and create files on hard drive. As this includes critical system files, it is highly possible that the attacker will be able to use this script to escalate privileges and gain 'Administrator' access. Example, http://target/scripts/iisadmin/bdir.htr??c:\

Solution

If you do not need these files, then delete them, otherwise use suitable access control lists to ensure that the files are not world-readable.

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Kolibri Webserver 'HEAD' Request Processing Buffer Overflow Vulnerability
HServer Webserver Multiple Directory Traversal Vulnerabilities
F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities
IBM WebSphere Application Server Multiple Vulnerabilities
httpdASM Directory Traversal Vulnerability

Check for bdir.htr files

Take action and discover your vulnerabilities