This is just in : As it appears the IIS 5 / IIS 5.1 / IIS 6 Webdav unicode bug also allows to bypass IP/Domain filters if any are in place. Whoops. So in summary :

  • bypasses password/authentication
  • bypasses IP Address and Domain name restrictions.

If interested read more about the webdav unicode bug here.


Post a Comment