There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Researchers find SQL injection to bypass airport TSA security checks

Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) initiative that allows pilots and flight attendants to skip security screening, and CASS enables authorized pilots to use jumpseats in cockpits when traveling.

Definitions:

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

-Wikipedia

fubarx ,

Security theater: Shoes and belts off.

Security circus: Pilot Captain Bobby Tables.

Crackhappy ,
@Crackhappy@lemmy.world avatar

Jesus fucking Christ. It’s 2024. Sanitize your inputs people.

IllNess OP ,

Especially since backend web frameworks do all this for you.

RamblingPanda ,

I’m curious what they are using. It’s pretty hard to set up modern frameworks so bad they’ll allow that stuff. I mean it’s possible, but significantly harder than doing it right.

wizardbeard ,

modern frameworks

Bold assumption they’re using anything remotely modern.

RamblingPanda ,

Yeah, I know. But it would be interesting to know what they used.

IllNess OP ,

Looks like regular PHP.

builtwith

RamblingPanda ,

The language of the gods!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •