Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   QNX Demodisk Vendors:   QNX Software Systems Ltd.
QNX Demodisk Web Server Discloses Files to Remote Users
SecurityTracker Alert ID:  1007028
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 22 2003
Impact:   Disclosure of system information, Disclosure of user information

Version(s): 1.1
Description:   A vulnerability was reported in the web server supplied with a QNX Demodisk. A remote user can view arbitrary files on the system.

It is reported that the web server does not properly validate URLs. A remote user can request a specially crafted URL containing '../' directory traversal characters to view files on the system that are located outside of the web document directory.

A demonstration exploit URL is provided:


Impact:   A remote user can view files on the system with the privileges of the web server process.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  QNX
Underlying OS Comments:  4.00

Message History:   None.

 Source Message Contents

Subject:  [Full-Disclosure] Local file retrieving in QNX Internet Appliance Toolkit http-daemon (web.server)

Local file retrieving in QNX Internet Appliance Toolkit http-daemon



I recently found a 3,5"-disk labeled with QNX-demo on my desk. This is
the "Take the 1.44M Web Challenge!"-disk I got it in 1998. I couldn't find
the demo on the qnx-website, but i found it on another site: (v4.00) Anyway, the
webserver doesn't check the url's, so you can view any text-file on the

Affected (and tested) versions:

    Modem v3.03
    Network v4.00
    Network v405
    Modem v405


The document-root of the webserver is /usr/httpd, so type this URL in the
embedded webbrowser:


and you'll see the /etc/passwd:

Thanks for reading, greets to all,


P.S.: This is my first vulnerability :-)

Full-Disclosure - We believe in it.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC