{"id":38894,"date":"2020-12-16T09:30:06","date_gmt":"2020-12-16T09:30:06","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/"},"modified":"2020-12-16T09:30:06","modified_gmt":"2020-12-16T09:30:06","slug":"your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/","title":{"rendered":"Your ship comms app is &#8216;secured&#8217; with a Flash interface, doesn&#8217;t sanitise SQL inputs and leaks user data, you say?"},"content":{"rendered":"<p>A software suite intended to let merchant ships\u2019 crews digitally communicate with the world ashore was riddled with security vulnerabilities including undocumented admin accounts with hardcoded passwords and widespread use of Adobe Flash.<\/p>\n<p>Infosec consultancy Pen Test Partners said it took all of 90 minutes to discover enough problems with Dualog Connection Suite to submit six CVE number requests.<\/p>\n<p>In a detailed blog post, the firm said: \u201cWithin a few seconds we\u2019d already noticed our first vulnerability, simply by watching the network traffic in the browser developer tools. There were enough signs to warrant deeper investigation.\u201d<\/p>\n<p><a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.pentestpartners.com\/security-blog\/serious-vulnerabilities-in-dualog-connection-suite\/\">Findings<\/a> included an undocumented admin account with a hardcoded password \u2013 a password that Pen Test Partners cracked in 10 minutes. The Oracle database underpinning the suite used the outdated MD5 hash with no salting, meaning researchers were able to brute-force them with relative ease.<\/p>\n<p>Salting is the art of adding random but unique characters during the hashing process to safely store passwords or phrases and is explained in more detail <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/auth0.com\/blog\/adding-salt-to-hashing-a-better-way-to-store-passwords\/\">here<\/a>.<\/p>\n<p>The user interface was \u201csecured\u201d with an <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/10\/28\/windows_flash_removal_update\/\" rel=\"noopener noreferrer\">Adobe Flash<\/a> app (don\u2019t laugh) with a unique 2FA interface. Users were prompted to enter a six-digit code as the second limb of authenticating themselves to the system. Unfortunately, PTP found that all the numbers required to authenticate \u201cwere stored in the Flash application itself and could easily be extracted\u201d.<\/p>\n<p>A closer look at queries made to Dualog Connection Suite\u2019s backend revealed SQL traffic passing to and forth; PTP discovered that tweaking some queries returned \u201call the details about all of the users\u2026 across all ships operated by the company, not just the ship we were on.\u201d<\/p>\n<p>Last but not least, when visiting the login page for the software suite, it autocompleted the username field. When doing so the \u201centire list of users is downloaded using an API call in the background, leaking all the valid usernames.\u201d<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2019\/06\/18\/oil_rig.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Oil rig\"><\/p>\n<h2 title=\"Not many stranger things happen at sea\">Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners<\/h2>\n<p><a href=\"https:\/\/www.theregister.com\/2020\/02\/18\/shipping_cybersecurity_rather_poor\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>We have asked Dualog\u2019s chief exec if he wishes to comment on PTP\u2019s findings. PTP said it took the best part of 2020 to get a response out of the company, beginning in January and not seeing any updates until a new, <a target=\"_blank\" href=\"https:\/\/downloads.dualog.com\/ConnectionSuite\/3.0\/Release%20notes%20Connection%20Suite%203%202020-10-22.pdf\" rel=\"noopener noreferrer\">Flash-free and updated version of the suite [PDF]<\/a> was deployed on 8 December.<\/p>\n<p>Digitally securing ships at sea is difficult. Large parts of the shipping industry still see their assets as floating air gaps that occasionally talk to the world ashore, despite innovations to allow crew to use the internet like anyone else in the 20th century.<\/p>\n<p>PTP has dived deep into the field of maritime infosec, finding earlier this year that an oil rig at sea was so insecure that anyone with enough determination <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/02\/18\/shipping_cybersecurity_rather_poor\/\" rel=\"noopener noreferrer\">could have remotely driven it off<\/a>.<\/p>\n<p>A few years ago infosec firm IOActive found flaws lurking in a maritime satellite communications platform used by thousands of ships worldwide, <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2017\/10\/26\/inmarsat_maritime_sat_comms_security\/\" rel=\"noopener noreferrer\">to the indifference of the software\u2019s makers<\/a>. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2020\/12\/16\/dualog_communications_suite_cves\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One? Two? Nope. Six CVEs patched after being found in Dualog Communications Suite A software suite intended to let merchant ships\u2019 crews digitally communicate with the world ashore was riddled with security vulnerabilities including undocumented admin accounts with hardcoded passwords and widespread use of Adobe Flash.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":38895,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-38894","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Your ship comms app is &#039;secured&#039; with a Flash interface, doesn&#039;t sanitise SQL inputs and leaks user data, you say? 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Your ship comms app is &#039;secured&#039; with a Flash interface, doesn&#039;t sanitise SQL inputs and leaks user data, you say? 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-16T09:30:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Your ship comms app is &#8216;secured&#8217; with a Flash interface, doesn&#8217;t sanitise SQL inputs and leaks user data, you say?\",\"datePublished\":\"2020-12-16T09:30:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/\"},\"wordCount\":518,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/\",\"name\":\"Your ship comms app is 'secured' with a Flash interface, doesn't sanitise SQL inputs and leaks user data, you say? 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg\",\"datePublished\":\"2020-12-16T09:30:06+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Your ship comms app is &#8216;secured&#8217; with a Flash interface, doesn&#8217;t sanitise SQL inputs and leaks user data, you say?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Your ship comms app is 'secured' with a Flash interface, doesn't sanitise SQL inputs and leaks user data, you say? 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/","og_locale":"en_US","og_type":"article","og_title":"Your ship comms app is 'secured' with a Flash interface, doesn't sanitise SQL inputs and leaks user data, you say? 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-12-16T09:30:06+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Your ship comms app is &#8216;secured&#8217; with a Flash interface, doesn&#8217;t sanitise SQL inputs and leaks user data, you say?","datePublished":"2020-12-16T09:30:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/"},"wordCount":518,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/","url":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/","name":"Your ship comms app is 'secured' with a Flash interface, doesn't sanitise SQL inputs and leaks user data, you say? 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg","datePublished":"2020-12-16T09:30:06+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/your-ship-comms-app-is-secured-with-a-flash-interface-doesnt-sanitise-sql-inputs-and-leaks-user-data-you-say\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Your ship comms app is &#8216;secured&#8217; with a Flash interface, doesn&#8217;t sanitise SQL inputs and leaks user data, you say?"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=38894"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38894\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/38895"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=38894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=38894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=38894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}