14 DAY TRIAL // Researchers from the Vulnerability Labs discovered a number of critical SQL Injection (SQLI) vulnerabilities on the official website of the Dusseldorf International Airport, one of the most important airports in Germany’s most important economic region.
The vulnerabilities, if unpatched, could have allowed an attacker to remotely execute his own SQL commands on one of the vulnerable modules which included the picture archive, the shopping list module and the media information module.
According to H-Security, the weaknesses could be exploited by an unauthorized user to access their entire database that includes not only login credentials and personal information on passengers and partners, but also Airliner Lounge data normally available only to employees.
Benjamin Kunz Mejri, the founder of Vulnerability Labs, revealed that that airport had been notified in April 2011 and patched up the holes a few weeks ago without notifying the researchers.