Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) initiative that allows pilots and flight attendants to skip security screening, and CASS enables authorized pilots to use jumpseats in cockpits when traveling.
Definitions:
SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
Crackhappy@lemmy.world 2 months ago
Jesus fucking Christ. It’s 2024. Sanitize your inputs people.
IllNess@infosec.pub 2 months ago
Especially since backend web frameworks do all this for you.
RamblingPanda@lemmynsfw.com 2 months ago
I’m curious what they are using. It’s pretty hard to set up modern frameworks so bad they’ll allow that stuff. I mean it’s possible, but significantly harder than doing it right.