By default, IIS check the URL you ask and see if there is a ..\.. in it. If it find it, it's
mean that someone try to acces up directory. It is possible, but normaly you can't acces up
to the root of the defined public web acces directory. So IIS will stop you if you try for
example :
HTTP://www.server.com/../../../file.txt
The Tricks is to code the / or \ with it's UNICODE value, with this, IIS won't see it, and
will let you go up the root web directory.
Here you can Find the Official "U.W.D" UNICODE SCANNER
Step ONE
Download it ;)
Step TWO
- Run a DOS Command window - Go to the directory you downloaded it -
STEP THREE
C:\> uwd.exe startip endip your_nick
E.G : C:\> uwd.exe 127.0.0.1 127.0.0.255 AloneTrio
Doing this, the UWD scanner will try the unicode 'Tricks' on all server between Startip and
Endip. It create a report file called uwd.txt in the same directory




