This script is Copyright (C) 2001-2014 Matt Moore / H D Moore
Arbitrary commands can be executed on the remote web server.
When IIS receives a user request to run a script, it renders the
request in a decoded canonical form, and then performs security checks
on the decoded request. A vulnerability results because a second,
superfluous decoding pass is performed after the initial security checks
are completed. Thus, a specially crafted request could allow an
attacker to execute arbitrary commands on the IIS Server.
See also :
Microsoft has released a set of patches for IIS 4.0 and 5.0.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true