Audit of BRS/SEARCH

[Javier Fernández-Sanguino Peña <jfernandez () germinus com>]

Has anyone audited the BRS/SEARCH document database engine before. It 
seems to me (it's a pen-test :) that to public databases using this 
database engine on the web database command injection (it does not use 
SQL) is not much of an issue since there does not seem to be a database 
holding username/passwords, there are only indexed documents.

I have found in a pen-test a CGI application that *is* vulnerable to 
injection of  database queries, but I do not see valuable information 
whatsoever so I'm starting to think this is a 'medium' vulnerability 
(and not 'high' as it would be if you had an Oracle or SQL Server 
database behind).

Any ideas? I'm going to start trying the usual CGI stuff (buffer 
overflows, brute force of parameters, et al) on the application (it's a 
C application, no Perl :-( to see how it answers since I think I've hit 
a dead-end with the injection stuff.

Javi

PS: For those that do not know what BRS/SEARCH is try 
http://isd.usc.edu/~karl/BRS/faq.html



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/