IIS 6.0 %uNNNN unicode notation in the URL

I do a lot of web app pen testing. Character encoding is always an important part of many input validation test cases. Some people don't realize that IIS takes straight unicode notation in the URL by default. So you can pass in unicode characters just by typing the proper notation in ASCII on the URL. For example the following URL's encode an "s", a double quote, the Cyrillic small letter "ะพ" which looks a lot like an "o".


This is controlled by the following registry key and is enabled by default:


A Boolean value. If non-zero, Http.sys accepts the %uNNNN notation in request URLs.