The default configuration will cer IIS6 of vulnerability, cdx, asa as asp code to parse
Suffix Parsing Vulnerability
/test.asp;.jpg or /test.asp:.jpg (here need to modify the capture file name)
IIS6.0 will successfully resolve the file suffix such as asp file.
Only need to add one behind text.asp; symbol can be successfully resolved to an asp upload .jpg vulnerabilities