Has anyone audited the BRS/SEARCH document database engine before. It seems to me (it's a pen-test :) that to public databases using this database engine on the web database command injection (it does not use SQL) is not much of an issue since there does not seem to be a database holding username/passwords, there are only indexed documents. I have found in a pen-test a CGI application that *is* vulnerable to injection of database queries, but I do not see valuable information whatsoever so I'm starting to think this is a 'medium' vulnerability (and not 'high' as it would be if you had an Oracle or SQL Server database behind). Any ideas? I'm going to start trying the usual CGI stuff (buffer overflows, brute force of parameters, et al) on the application (it's a C application, no Perl :-( to see how it answers since I think I've hit a dead-end with the injection stuff. Javi PS: For those that do not know what BRS/SEARCH is try http://isd.usc.edu/~karl/BRS/faq.html ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Oct 25 2002 - 08:11:53 PDT