source: http://www.securityfocus.com/bid/194/info

A GET request that specifies a nonexistent file with an IISAPI-registered extension (ie .pl, .idq) will cause the IIS server to return an error message that includes the full path of the root web server directory.

This can happen if the file is referenced as the target of the GET or passed in a variable to a script that looks for the file.

Example:

CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Can't open perl script "C:\InetPub\scripts\ bogus.pl": No such file or directory
源链接

Hacking more

...