server, (like all software) have hole, that can be used to gain access to the system. Gain
access mean you can errase, modify, create, files on it. The most famous and used exploit
on IIS is the 'UNICODE HOLE'.
By default, IIS check the URL you ask and see if there is a ..\.. in it. If it find it, it's
mean that someone try to acces up directory. It is possible, but normaly you can't acces up
to the root of the defined public web acces directory. So IIS will stop you if you try for
The Tricks is to code the / or \ with it's UNICODE value, with this, IIS won't see it, and
will let you go up the root web directory.
Here you can Find the Official "U.W.D" UNICODE SCANNER
Download it ;)
- Run a DOS Command window - Go to the directory you downloaded it -
C:\> uwd.exe startip endip your_nick
E.G : C:\> uwd.exe 127.0.0.1 127.0.0.255 AloneTrio
Doing this, the UWD scanner will try the unicode 'Tricks' on all server between Startip and
Endip. It create a report file called uwd.txt in the same directory.