Security News

2458 readers

1 users here now

founded 2 years ago

MODERATORS

jerry@infosec.pub

Researchers find SQL injection to bypass airport TSA security checks (www.bleepingcomputer.com)

submitted 2 months ago by IllNess@infosec.pub to c/securitynews@infosec.pub

8 comments fedilink hide all child comments

Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) initiative that allows pilots and flight attendants to skip security screening, and CASS enables authorized pilots to use jumpseats in cockpits when traveling.

Definitions:

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

-Wikipedia

you are viewing a single comment's thread
view the rest of the comments

[–] Crackhappy@lemmy.world 25 points 2 months ago (1 children)

Jesus fucking Christ. It's 2024. Sanitize your inputs people.

[–] IllNess@infosec.pub 14 points 2 months ago (1 children)

Especially since backend web frameworks do all this for you.

[–] RamblingPanda@lemmynsfw.com 10 points 2 months ago (1 children)

I'm curious what they are using. It's pretty hard to set up modern frameworks so bad they'll allow that stuff. I mean it's possible, but significantly harder than doing it right.

[–] wizardbeard@lemmy.dbzer0.com 6 points 2 months ago (1 children)

modern frameworks

Bold assumption they're using anything remotely modern.

[–] RamblingPanda@lemmynsfw.com 3 points 2 months ago (1 children)

Yeah, I know. But it would be interesting to know what they used.

[–] IllNess@infosec.pub 3 points 2 months ago (1 children)

Looks like regular PHP.

builtwith

[–] RamblingPanda@lemmynsfw.com 3 points 2 months ago

The language of the gods!