News Document Title:
====================
Lab discovered Bugs on Airport Duesseldorf Infrastructure


Release Date:
=============
2012-01-21


Laboratory Article:
===================
An anonymous Vulnerability Laboratory Researcher discovered this week a security advisory with multiple critical sql 
injection vulnerabilities on the web infrastructure of the famous german Duesseldorf Internalional Airport. The security 
issue has been submitted multiple times to the DUS-INT Airport Web Team. After no response arrived regarding the 
security issue the bug has been disclosed by Pim J.F.P. Campers and Benjamin Kunz Mejri.

The Vulnerabilities are located on multiple web service modules of the airport application. Some vulnerable example 
modules were located on the Shoplist, Media Info and Photoarchiv. The remote vulnerability allows an remote attacker 
to execute own sql commands on the vulnerable value or module. Successful exploitation of the remote SQL Injection 
vulnerabilities can result in access to all db tables, read of sensitive information like customer  passwords, 
usernames, id, address and Co.

After the report has been public confirmed by heise security news ticker  the DUS-INT Airport Team responded to vulnerability-labs.

Advisory: http://www.vulnerability-lab.com/get_content.php?id=173
Article: http://www.heise.de/security/meldung/Bericht-Flughafen-Duesseldorf-schliesst-Sicherheitsluecken-1414554.html
News: http://news.hitb.org/content/laboratory-discovered-critical-bugs-airport-duesseldorf-infrastructure