Looks like URLScan blocks this vulnerability by default. I've just tried the URL against one of our old Windows 2000 servers, and it gives me a 404 error.
- Re: IIS5.1 Directory Authentication Bypass by using ?:$I30... Richard . haf
- Re: Re: IIS5.1 Directory Authentication Bypass by usi... paul . sec117
- Re: Re: IIS5.1 Directory Authentication Bypass by usi... steve . povolny
