IIS 6.0 %uNNNN unicode notation in the URL
10 Jan 2007
I do a lot of web app pen testing. Character encoding is always an important part of many input validation test cases. Some people don't realize that IIS takes straight unicode notation in the URL by default. So you can pass in unicode characters just by typing the proper notation in ASCII on the URL. For example the following URL's encode an "s", a double quote, the Cyrillic small letter "ะพ" which looks a lot like an "o".
http://somesite.iis/query=unicode-character-%u0073
http://somesite.iis/query=unicode-character-%u0022
http://somesite.iis/query=unicode-character-%u043E
This is controlled by the following registry key and is enabled by default:
HKLMSystemCurrentControlSetServicesHTTPParametersPercentUAllowed
A Boolean value. If non-zero, Http.sys accepts the %uNNNN notation in request URLs.
http://somesite.iis/query=unicode-character-%u0073
http://somesite.iis/query=unicode-character-%u0022
http://somesite.iis/query=unicode-character-%u043E
This is controlled by the following registry key and is enabled by default:
HKLMSystemCurrentControlSetServicesHTTPParametersPercentUAllowed
A Boolean value. If non-zero, Http.sys accepts the %uNNNN notation in request URLs.