Everyone must know the scenery of the IIS5 Unicode encoding vulnerability. No way, the first tutorial doesn't know what to write, just join together, write this vulnerability attack experience.
1 Let's take a look at the principle of this vulnerability. In the Chinese version of IIS4, and ISS5, there is a bug because the Unicode encoding existence bug is in Unicode encoding, found a strange encoding method.
E.g:
% C1% HH% C0% HH (0x00 <= 0xHH <0x40) IIS encodes "% C1% HH" into (0xC1 -0XC0) * 0x40 0xHH.
For example (Windows 2000 IIS 5.0 SP1 Simplified Chinese version): http://192.168.8.48/a.ida/
