Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (4)

// source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before completing the request: 1. IIS...