¶õ¹Á¤È¥³¥Ã¥¯¥Ô¥Ã¥È¤Î¥»¥¥å¥ê¥Æ¥£¤¬SQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¹¶·â¤ÇÆÍÇ˲Äǽ¤À¤Ã¤¿¤È¤¤¤¦»ØŦ
¥¢¥á¥ê¥«±¿Í¢ÊÝ°ÂÄ£(TSA)¤Ï¡¢¥Ñ¥¤¥í¥Ã¥È¤äµÒ¼¼¾è̳°÷¤¬¥ª¥Õ¤Î»þ¤Ç¤âÊݰ¸¡ºº¤ò¥Ñ¥¹¤Ç¤¤ë¡ÖKCM(Known Crewmember¡§´ûÃΤξèÁÈ°÷)¡×¤È¸Æ¤Ð¤ì¤ë¥×¥í¥°¥é¥à¤òÀߤ±¤Æ¤¤¤Þ¤¹¡£Æ±Íͤˡ¢¥³¥Ã¥¯¥Ô¥Ã¥È¤Ø¤ÎΩ¤ÁÆþ¤ê»þ¤Ë¤âKCM¤È»÷¤¿¤è¤¦¤Ê¡ÖCASS(Cockpit Access Security System¡§¥³¥Ã¥¯¥Ô¥Ã¥È¥¢¥¯¥»¥¹¥»¥¥å¥ê¥Æ¥£¥·¥¹¥Æ¥à)¡×¤È¤¤¤¦»ÅÁȤߤ¬¤¢¤ê¡¢Ç§Äê¥Ñ¥¤¥í¥Ã¥È¤Ç¤¢¤ë¤È³Îǧ¤µ¤ì¤ë¤È¥³¥Ã¥¯¥Ô¥Ã¥ÈÆâ¤ÎÊä½õÀʤòÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¤³¤ÎKCM¤ÈCASS¤¬¡¢SQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¹¶·â¤ÇÆÍÇ˲Äǽ¤À¤Ã¤¿¤È»ØŦ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
https://ian.sh/tsa
Bypassing airport security via SQL injection | Hacker News
https://news.ycombinator.com/item?id=41392128
»ØŦ¤ò¹Ô¤Ã¤¿¤Î¤Ï¡¢¥Õ¥é¥¤¥È»Ù±ç¥µ¡¼¥Ó¥¹¡¦Seats.aero¤ÎÁ϶ȼԤǡ¢»Å»ö°Ê³°¤Ç¥»¥¥å¥ê¥Æ¥£Ä´ºº¤ò¹Ô¤Ã¤Æ¤¤¤ë¤È¤¤¤¦¥¤¥¢¥ó¡¦¥¥ã¥í¥ë»á¤È¥Ð¥°¥Ï¥ó¥¿¡¼¤Î¥µ¥à¡¦¥«¥ê¡¼»á¤Ç¤¹¡£
In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found.
Here is our writeup: https://t.co/g9orwwgoxt— Ian Carroll (@iangcarroll) August 29, 2024
KCM¤Î»ÅÁȤߤϥ·¥ó¥×¥ë¤Ç¡¢ÀìÍѥ졼¥ó¤ÇKCMÍѥС¼¥³¡¼¥É¤òÄ󼨤¹¤ë¤«¡¢TSA¤Î·¸°÷¤Ë¹Ò¶õ²ñ¼Ò¤È½¾¶È°÷ÈÖ¹æ¤ò¹ð¤²¤Æ¸ÛÍѾõ¶·¤ò³Îǧ¤·¤Æ¤â¤é¤¦¤«¤¹¤ë¤È¤¤¤¦¤â¤Î¡£Ç§¾Ú¤¬À®¸ù¤¹¤ì¤Ð¡¢Êݰ¸¡ºº¤ò¼õ¤±¤ë¤³¤È¤Ê¤¯¶õ¹Á¤ÎÀ©¸Â¶è°èÆâ¤ËÆþ¤ì¤Þ¤¹¡£
CASS¤Ï¡¢¥Ñ¥¤¥í¥Ã¥È¤¬Ä̶Фäι¹Ô¤Ç¥Õ¥é¥¤¥È¤òÍøÍѤ¹¤ëºÝ¡¢°ìÈ̺ÂÀʤ¬»È¤¨¤Ê¤¤¤È¤¤Ë¥³¥Ã¥¯¥Ô¥Ã¥ÈÆâ¤ÎÊä½õÀʤ¬ÍøÍѤǤ¤ë»ÅÁȤߡ£KCM¤ÈƱÍͤǡ¢Ç§¾Ú¤µ¤ì¤ë¤È¥²¡¼¥È¤«¤é¾è°÷¤Ë¡¢¡ÖÊä½õÀÊÍøÍѼԤ¬CASS¤Çǧ¾Ú¤µ¤ì¤¿¡×¤È¤¤¤¦ÄÌÃΤ¬Á÷¤é¤ì¤Þ¤¹¡£
¤¤¤º¤ì¤Îǧ¾Ú¤Ç¤â½ÅÍפˤʤë¤Î¤¬¡¢¹Ò¶õ²ñ¼Ò¤Î¸ÛÍѾõ¶·³Îǧ¤Ç¤¹¡£¥¥ã¥í¥ë»á¤é¤Ï¡¢¹Ò¶õ²ñ¼Ò¤´¤È¤Ë½¾¶È°÷¤Ë´Ø¤¹¤ë¾ðÊó¤òÊݸ¤¹¤ëÊýË¡¤¬°Û¤Ê¤Ã¤Æ¤¤¤ë¤Ï¤º¤Ç¡¢KCM¤ÈCASS¤¬¤É¤Î¤è¤¦¤Ëµ¡Ç½¤·¤Æ¤¤¤ë¤«¤È¤¤¤¦ÅÀ¤Ëµ¿Ìä¤òÊú¤¤Þ¤·¤¿¡£
¥¥ã¥í¥ë»á¤é¤Ë¤è¤ë¤È¡¢¹Ò¶õ±§Ãè´ë¶È¡¦Collins Aerospace¤Î»Ò²ñ¼Ò¤Ç¤¢¤ëARINC¤¬¡¢KCM¤Î¥¹¥Æ¡¼¥¿¥¹¤ò³Îǧ¤¹¤ë¤¿¤á¤Î¥¦¥§¥Ö¥µ¥¤¥È¤ä¡¢°Û¤Ê¤ë¹Ò¶õ²ñ¼Ò´Ö¤Îǧ¾ÚÍ×µá¤òžÁ÷¤¹¤ëAPI¤Ê¤É¤ÎÃæ¿´¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ò±¿ÍѤ·¤Æ¤¤¤ë¤È¤Î¤³¤È¡£
Âç¼ê¹Ò¶õ²ñ¼Ò¤Ç¤¢¤ì¤ÐÆȼ«¤Î¥·¥¹¥Æ¥à¤ò¹½ÃÛ²Äǽ¤Ç¤¹¤¬¡¢Ãæ¾®¤Î²ñ¼Ò¤Ï¤½¤¦¤â¤¤¤«¤Ê¤¤¤Ï¤º¤È¤¤¤¦¤³¤È¤Ç¥¥ã¥í¥ë»á¤é¤¬¥Ù¥ó¥À¡¼¤òÄ´¤Ù¤¿¤È¤³¤í¡¢Air Transport International¤Ê¤É¤Î¾®µ¬ÌϹҶõ²ñ¼Ò¤Ë¥¦¥§¥Ö¥Ù¡¼¥¹¤Î¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤òÇä¤ê¹þ¤ó¤Ç¤¤¤ë¡ÖFlyCASS.com¡×¤È¤¤¤¦¥µ¥¤¥È¤òȯ¸«¤·¤Þ¤·¤¿¡£
¥¥ã¥í¥ë»á¤é¤Ï¡¢¹Ò¶õ²ñ¼Ò¤´¤È¤Î¥í¥°¥¤¥ó¥Ú¡¼¥¸¤·¤«¸ø³«¤µ¤ì¤Æ¤¤¤Ê¤«¤Ã¤¿¤Î¤Ç¡¢¤½¤ì°Ê¾å¤Î¾ðÊó¤ÏÆÀ¤é¤ì¤Ê¤¤¤â¤Î¤«¤È»×¤Ã¤¿¤½¤¦¤Ç¤¹¤¬¡¢Ç°¤Î¤¿¤á¤ËSQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¹¶·â¥Æ¥¹¥È¤È¤·¤Æ¥æ¡¼¥¶¡¼Ì¾¤Ë°ì½Å°úÍÑÉä(')¤òÆþÎϤ·¤Æ¤ß¤¿¤È¤³¤í¡¢MySQL¥¨¥é¡¼¤¬½Ð¤¿¤½¤¦¤Ç¤¹¡£
¤³¤Î¥¨¥é¡¼¤òÆÍÇ˸ý¤È¤·¤Æ¡¢¥¥ã¥í¥ë»á¤é¤Ïsqlmap¤ò»ÈÍѤ·¤ÆSQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤ÎÀȼåÀ¤òȯ¸«¡£Air Transport International¤Î´ÉÍý¼Ô¤È¤·¤ÆFlyCASS¤Ø¤Î¥í¥°¥¤¥ó¤ËÀ®¸ù¤·¤¿¤È¤Î¤³¤È¡£
FlyCASS¤Ï»²²Ã¤·¤Æ¤¤¤ë¹Ò¶õ²ñ¼Ò¸þ¤±¤ËKCM¤ÈCASS¤ÎξÊý¤òÄ󶡤·¤Æ¤ª¤ê¡¢´ÉÍý¼Ô¤È¤·¤Æ¥í¥°¥¤¥ó¤¹¤ë¤È¥Ñ¥¤¥í¥Ã¥È¤ÈµÒ¼¼¾è̳°÷¤Î¥ê¥¹¥È¤Î´ÉÍý¤¬²Äǽ¤Ç¤·¤¿¡£¤µ¤é¤Ë¡¢¥í¥°¥¤¥ó¤¹¤ë°Ê¾å¤Î¥Á¥§¥Ã¥¯¤äǧ¾Ú¤Ï¸ºß¤·¤Ê¤«¤Ã¤¿¤¿¤á¡¢¿·Æþ¼Ò°÷¤ò¼«Í³¤ËÄɲòÄǽ¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤·¤¿¡£¥¯¥¨¥êµ¡Ç½¤ò»È¤Ã¤Æ¥Æ¥¹¥È¤ò¹Ô¤Ã¤¿¤È¤³¤í¡¢¥¥ã¥í¥ë»á¤é¤¬Äɲä·¤¿¥Æ¥¹¥È¥æ¡¼¥¶¡¼¤ÏKCM¤ÈCASS¤ÎξÊý¤Î»ÈÍѤò¾µÇ§¤µ¤ì¤¿¤½¤¦¤Ç¤¹¡£
¥¥ã¥í¥ë»á¤é¤Ï¤³¤ÎÌäÂê¤ò2024ǯ4·î23Æü¤Ë¹ñÅÚ°ÂÁ´Êݾã¾Ê¤ËÄÌÊ󡣤½¤Î¸å¡¢FlyCASS¤ÏKCM¤ÈCASS¤«¤éÀÚ¤êÎ¥¤µ¤ì¡¢ÌäÂê¤Î½¤Àµ¤¬¹Ô¤ï¤ì¤¿¤½¤¦¤Ç¤¹¡£¤¿¤À¤·¡¢¥¥ã¥í¥ë»á¤é¤ÏÌäÂê¤Ë¤Ä¤¤¤Æ¤É¤¦°ÂÁ´¤Ë¸øɽ¤¹¤ë¤«¤ò¹Í¤¨¤Æ¤¤¤¿¤Î¤Ç¤¹¤¬¡¢¹ñÅÚ°ÂÁ´Êݾã¾Ê¤Ï¥¥ã¥í¥ë»á¤é¤È¤ÎÏ¢Íí¤òÂǤÁÀڤꡢTSA¤Ï¥¥ã¥í¥ë»á¤é¤¬ÌäÂê¤òȯ¸«¤·¤¿¤³¤È¤òÈÝÄꤷ¤Þ¤·¤¿¡£
TSA¤Ï¡Ö¥Ð¡¼¥³¡¼¥Éȯ¹ÔÁ°¤Ë¿³ºº¤ò¹Ô¤¦¤è¤¦¤Ë¤·¤¿¡×¤ÈÀâÌÀ¤·¡¢½¾¶È°÷ID¤ò¼êÆ°ÆþÎϤ¹¤ë»Ý¤Î¸ÀµÚ¤òºï½ü¤·¤Æ¤¤¤Þ¤¹¤¬¡¢¥¥ã¥í¥ë»á¤é¤Ï¡¢¤¤¤Þ¤À¤Ë½¾¶È°÷ID¤Î¼êÆ°ÆþÎϤ¬²Äǽ¤Ç¤¢¤ë¤³¤È¤ò³Îǧ¤·¤¿¤È¤Î¤³¤È¤Ç¤¹¡£
¤³¤ÎÈ¿±þ¤Ë¤Ä¤¤¤Æ¡¢¥½¡¼¥·¥ã¥ë¥Ë¥å¡¼¥¹¥µ¥¤¥È¤ÎHacker News¤Ç¤Ï¡Ö¼«Ê¬¤¿¤Á¤Î¼ºÇÔ¤òÀµÅö¤Ë»ØŦ¤¹¤ë¥»¥¥å¥ê¥Æ¥£¸¦µæ¼Ô¤òÂáÊᡦÅê¹ö¤¹¤ë¤³¤È¤ÏÁ°Âå̤ʹ¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡×¤È¤Î»ØŦ¤ò¤Ï¤¸¤á¤È¤·¤Æ¡¢¡ÖFBI¤¬¹Ô¤¯¤«¤È»×¤Ã¤¿¡×¤Ê¤É¹ñÅÚ°ÂÁ´Êݾã¾Ê¤äTSA¦¤Ï¤Þ¤È¤â¤ÊÂбþ¤ò¤·¤Ê¤¤¤È»×¤Ã¤¿¤È¤¤¤¦À¼¤¬Ê£¿ô´ó¤»¤é¤ì¤Æ¤¤¤Þ¤¹¡£