Credit: Nikolaos Rangos / Kingcope
Amazingly undiscovered until just recently, the same unicode escape sequence that could be used in the IIS Unicode Directory Traversal vulnerability of MS00-057, can also be used to bypass authentication on IIS password-protected directories through WebDAV HTTP requests. This vulnerability was released to Full-Disclosure by Kingcope, a previous Pwnie Award winner.