asp.net free login
If a visitor to an ASP.NET site substitutes '\' or '%5C' for the '/' character in the URL, they may be able to bypass password login screens.
http://news.netcraft.com/archives/2004/10/07/aspnet_security_flaw_can_bypass_password.html
http://news.netcraft.com/archives/2004/10/07/aspnet_security_flaw_can_bypass_password.html