How Researchers Used SQL Injections to Bypass the TSA

preview_player
Показать описание
Researchers Ian Carroll and Sam Curry discovered a vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) initiative that allows pilots and flight attendants to skip security screening, and CASS enables authorized pilots to use jumpseats in cockpits when traveling. The process involves scanning a KCM barcode or entering an employee number, then cross-checking with the airline's database to grant access without requiring a security screening. Similarly, the CASS system verifies pilots for cockpit jumpseat access when they need to commute or travel.

Become a member and receive exclusive videos and other advantages:

You can also buy me a coffee here:
  1. Security and Privacy Academy
Рекомендации по теме
How Researchers Used 0:02:54

How Researchers Used SQL Injections to Bypass the TSA

SQL Injections are 0:10:14

SQL Injections are scary!! (hacking tutorial for beginners)

What Is SQL 0:02:39

What Is SQL Injection?

SQL Injection For 0:13:28

SQL Injection For Beginners

SQL Injection Explained 0:08:45

SQL Injection Explained

SQL Injection Hacking 1:01:05

SQL Injection Hacking Tutorial (Beginner to Advanced)

Zoom - turning 0:08:01

Zoom - turning on someone's camera using SQL injection vulnerability - Bug Bounty Reports Expla...

Running an SQL 0:17:11

Running an SQL Injection Attack - Computerphile

SQL Injection Attack 0:08:07

SQL Injection Attack | Practical Demo Part 07 | SQLi | TCRSecurity

Fastest Way To 0:00:11

Fastest Way To Learn SQL

SQL Injection Prevention: 0:09:44

SQL Injection Prevention: Security Simplified

SQL Injection Explained 0:11:06

SQL Injection Explained | SQL Injection Attack in Cyber Security | Cybersecurity | Simplilearn

SQL Injection A 0:27:08

SQL Injection A history’ OR 1=1; — Will McCardell | CypherCon 6.0

Applied Machine Learning 0:08:55

Applied Machine Learning Predictive Analytics to SQL Injection Attack Detection and Prevention

SQL Injection Vulnerability 0:05:03

SQL Injection Vulnerability

Why Hacker Used 0:02:24

Why Hacker Used (SQL) Injection 💉

SQL DS-8 Mastering 0:00:16

SQL DS-8 Mastering SQL Interview Questions 2024 #sql #data analyst #business analyst

SQL DS-4 Mastering 0:00:15

SQL DS-4 Mastering SQL Interview Questions 2024 #sql #data analyst #business analyst

SQL DS-3 Mastering 0:00:13

SQL DS-3 Mastering SQL Interview Questions 2024 #sql #data analyst #business analyst

SQL Injection: Unlocking 0:07:40

SQL Injection: Unlocking the Hidden Vulnerabilities

Web Application Hacking 0:02:48

Web Application Hacking 101 - Classic SQL Injection

SQL Server Interview 0:00:55

SQL Server Interview Questions and Answers :- What to prepare ?

#HITB2023HKT D1T1 - 0:32:44

#HITB2023HKT D1T1 - Injecting Brains Into Blind SQL Injection - Jakub Pruzinec & Quynh Anh Nguye...

Perform a SQL 0:07:52

Perform a SQL Injection Attack (and how to avoid in your code!)

Комментарии
Автор

Prepared Statements were covered in a book (by Tim Bunce) in early 2000. Lame devs still fielding injection seem not to have read a book in over 20 years.

I don't even think you'd fix CASS by taking away the sandwich.

PMA