How Researchers Used SQL Injections to Bypass the TSA
HTML-код
- Опубликовано: 8 янв 2025
- Researchers Ian Carroll and Sam Curry discovered a vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) initiative that allows pilots and flight attendants to skip security screening, and CASS enables authorized pilots to use jumpseats in cockpits when traveling. The process involves scanning a KCM barcode or entering an employee number, then cross-checking with the airline's database to grant access without requiring a security screening. Similarly, the CASS system verifies pilots for cockpit jumpseat access when they need to commute or travel.
Become a member and receive exclusive videos and other advantages:
/ @secprivaca
You can also buy me a coffee here:
buymeacoffee.c...
Prepared Statements were covered in a book (by Tim Bunce) in early 2000. Lame devs still fielding injection seem not to have read a book in over 20 years.
I don't even think you'd fix CASS by taking away the sandwich.
It is really the easiest vulnerability to find and fix..
@@SecPrivAca
en.wikipedia.org/wiki/Cass_Elliot
"Elliot did not die from choking on a ham sandwich."
@@PMA65537 Indeed, injecting has always been very common