The employment status check is the most critical component of these processes. If the individual doesn't currently work for an airline, they have not had a background check and should not be permitted to bypass security screening or access the cockpit.
Intrigued, we noticed every airline had its own login page, such as Air Transport International (8C) being available at /ati. With only a login page exposed, we thought we had hit a dead end. Just to be sure though, we tried a single quote in the username as a SQL injection test, and immediately received a MySQL error.
Since the username was directly interpolated into the login SQL query, the researchers were able to log in to FlyCASS as administrators. Because FlyCASS manages both the KCM and CASS systems for its participating airlines, they could access.
Collection
[
|
...
]