In 2021, a self-propagating worm (dubbed ) scanned for open /uploads directories, uploaded a PHP mailer script, and used the server to send phishing emails. The worm’s logic:
IIS calls this "directory browsing." It must be explicitly enabled in the Feature Delegation or via <directoryBrowse enabled="true" /> in web.config . index of parent directory uploads install