News Document Title:
====================
Critical SQL Injection Vulnerabilities on Koeln/Bonn Airport


Release Date:
=============
2012-01-23


Laboratory Article:
===================
In the last days we discovered multiple vulnerabilities on the the duesseldorf international(dus-int) airport. 
2 days after the publication of the dus-int airport the same researcher published the next sql vulnerabilities on the 
famous koeln/bonn international(kb-int) airport.


Article by Softpedia: http://news.softpedia.com/news/Koeln-Bonn-Airport-Fixes-SQLI-Vulnerabilities-247798.shtml

After yesterday we’ve learned that the international airport in Dusseldorf patched up some serious vulnerabilities that 
could have allowed a remote attacker to execute arbitrary code, today researchers publicly disclose that another major 
German airport (kb-int) patched up the same types of flaws.

Multiple blind SQL injection vulnerabilities were present on the official website of the Koeln Bonn Airport. The security 
weakness may have been exploited by a hacker to inject his own SQL commands in the affected application’s database 
management system (DBMS). If successfully exploited, the website, the DBMS and the application could have been compromised. 

The airport was notified on the existence of the flaws back in March 2011, but they only provided a fix in the first days of 2012. 
It’s a good thing that airport representatives dealt with the issue because it had been estimated as a critical weakness.


Advisory: http://www.vulnerability-lab.com/get_content.php?id=174