As another poster mentioned, you would need access to the back-end/mainframe systems that store the reservation/flight information. Even then, you would have to know how to properly manipulate the data.

Compromising their web site servers would be of little value. The servers communicate with the back-end servers but these point-to-point lines of communication are protected with firewalls and secure TCP/IP connections (e.g., SSL).

You would be better off knowing someone with access to Sabre, Amadeus, or Galileo. I had a friend who was a contractor who worked on one of these systems and was on call in the evenings in case of emergencies. Was over at their house one night and they received a trouble call. A few logins later and there it was, the mainframe terminal for one of the airlines. Jokingly, I asked if they could "flag" a flight of mine for a different meal or for an upgrade, "pretty much" was the answer.

More often than not, systems like these have heavy auditing. That is, if certain data is changed, the old data, along with the who/what/when/where/how is logged in a separate database.

The easier way would be for you to have a Gate/Check-In agent friend upgrade you.