The intent of this paper is to provide a number of commonly exploited IIS vulnerabilities. The understanding of prominent attacks has been  presented so that the reader can be familiar with the concept of   vulnerabilities and techniques used to exploit them and to apply this  understanding to future security issues as they arise by Information  Technology professional. Some of the common vulnerabilities found in the Internet Information Services (IIS) packages have been presented. Note that while some of these vulnerabilities could be present on IIS 6.0  (particularly in the IIS 5.0 compatibility mode), none of them will work  against a default installation of Windows Server 2003. This is due to the extensive changes to the default installation profile of IIS 6.0, which disables all dynamic content and includes no sample applications. As we proceed through the vulnerabilities, we will include mention of its status on IIS 6.0.

Key words: IIS, http, Expliot, Command and Buffer Hacking, IIS, http, PERL and Unicode.