Will This Hack LPR Cameras?

Brian Rhodes

IPVMU Certified / IPVM Admin | 03/14/13 04:16pm

Here's an image floating around various social media sites, with the caption "Best SQL injection EVER":

One story goes (no firsthand info) that an LPR software programmer wanted to prove a point to his team that a vulnerability existed in the code, so rigged up the sign to prove a point. The code on his sign, when registered by the OCR software would delete records of his 'real' plate number: ZU 0666 from the database.

This might be theoretically possible, but it seems so unlikely to work in actual practice it is hard to believe.

What do you think? Would this work? Or is the idea just internet forum fodder?

Login to read this IPVM discussion.

Why do I need to log in?

IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Brian Karas

| 03/14/13 05:02pm

*** ******* **** ** "****** ***** ******".

Jacob Bird

IPVMU Certified | 03/15/13 02:08am

* ********* ***** **** ***** ****, *** *** **** ********* made ** ***.

Matt Ion

| 03/15/13 02:21am

**** ** *** ****** **** ****, *** ***** ******* **** "/q" (****) *** *** ****** *******... ** **** ** **** newbies **** ** ***** ** *** * ***** ********, **** needed ** **** "/*****", ***** ** ******, ***** **** **** off *********** :)

** *** *****, ***** *** *** **** ******* ***** *** to **** * ******* **** *** ***** ** ******* *** other *** ** **** * "+++****", ** **** *** **** online *** * ********, +++ ***** ***** *** ***** ** drop ** ******* ****, ***** *** ***** ***** *** **** command ** **** **. *** ******* **** **** ****, ** that *** +++ *** ** ** ******** ** *-* ******* of ** ***** ****** ** ***** ** ** ******* ****, so ** ******, *** ******* ***** ******.

* ***** ****** *** ***** ***** **** **** ** *** same **** ** ***** - ** *** *****, *** *******, typically ***** ** ******* ******** ** *** ********'* ******* *********; entering ** **** * ***** ***** ** *******, ** *** database ***** *** ******** *** ** *** ** *****. ** course, *****'* *** ****** **** **** ***** **** ******* ******* that ***** **** **** * ***** ********... * ***** **** it ****** ******** ******.

Ari Erenthal

In reply to Matt Ion | 02/19/14 02:24pm

* ******** **** ** ***** *** ******** ** ****. * found * **** **** *** **** *****, ******** *********** ******. Someone **** ***** ****, *** **** ** * ***** **** a **** ***** ** * *** *** *** ** ********. I ***, *** **** ***** **** *'** *** ***** ******.

Rukmini Wilson

In reply to Matt Ion | 02/19/14 07:06pm

...** *** *****, *** *******, ********* ***** ** ******* ******** to *** ********'* ******* *********; ******** ** **** * ***** would ** *******...

************* ******** ****** **** **** ** ******* **** *** ********** ********* ** ***** *****. **'* ******dynamic *** and its used far more than it needs to be, mainly because of the proliferation of free SQL servers meant unwashed hordes of coders were just trying to 'make it work' quick without knowing the implications of the method.

** ** ****** **** ***** ******** ** *** *** ***, with ***** ***** *** ******* ***** **** *** *** ***** until *******. ** **** **** ****** *** ***** ****** **** the **** ******* ***** ***** ***** ** ***** *******. **** you ***** **** ** *** ********* ****** ******** *** (**** hackable, ****** **** ******) ***** ***** **** ** *** ***. This **** ****** *** ** ******* ********** ** *** ***** by ********** *** ** ***** ** ****.

** ** *** *** ***** ******* *** ********* *** ******* plate, *** **** ***** ******* ** * ****** **********.

Undisclosed 1

In reply to Rukmini Wilson | 02/19/14 07:25pm

*** *** ** ******** **** *** ******** **** *** *** ability ** ******* ****** *** ** *** *** ******* ** process ************* ***. ********** *** ****** ***** ******** ** ******* code, ** ****** **** ** **** ***** ******** ** * big **********. ****'* *** *** ********* **** *** ** *** for ***** *** **********, *** **** ******** *** **** ******** so **** ***** *********** **. ** ***, **** *** ** dynamic *** **** ******** *** **** ** **** ***** **** source ******** **** ****** *****, *** ********** ** *** *******.

Rukmini Wilson

In reply to Undisclosed 1 | 02/20/14 08:00am

*** *** ** ******** **** *** ******** **** *** *** ability ** ******* ****** *** ** *** *** ******* ** process ************* ***

* ******** ** ******. **** ****** ***'* **** ****** *****, besides ***** ******** **** **** ******? *** *** **** *** mention **. ******* **** ******** ****** ******** ** ******* *** proper ********* ** **** ****.

** *** *** ** *** *** **** **** ******* ***, do **. **'* ******** ****** *** ****** ****** *** ****** need ** ****** ********* *********. **** **** *** *** ******* prepare *** ?'* * ********* **** ** * *** ****** to ****.

Undisclosed 1

| 02/19/14 01:08am

***, * ******* ** *****. **** ******* ** ** ***** code, **** ****** **** **** ** ********* ** * ***** number ** * ***** ** ***. ** *** **** **** "select *****(*) **** ****** ***** ************ = '** ****'" ** this *******. **** **** ***** ******** ** ********** ** *** query ******* ********** **. *** ******* *** ***** ****** *** a ******* ***** *** * ********* ** ****** ******* *** instruction *******. ** ** *** *******, ***** **** ****, *** SQL *********** ***** *** "****** *****(*) **** ****** ***** ************ = '** ****'; **** ******** *******;". *** ***** *** ***** two ********** *** **** *** ****** ********.

*** *****'* *******. *) *** ***** **** ** **** *** name ** *** ******** ** ***** ** ****. *) *** userid **** ** ***** *** *** ***** **** ** **** "drop ********" ***********. ***** ****** **** ******* **** **** ** code ** *** **** *** *** **** ******** *********** ** IT ********* ***** ****, * ***** *** **** **** ** being ****.

*** *** **** **** ** **** *** ******** **** **** read * ****** **** **** *** *** ** ***% *******.

Rukmini Wilson

In reply to Undisclosed 1 | 02/19/14 01:47am

***** ** ***** **** ** *** ***** ** *** ******* system *** ** ** **, *** **** **** **** **** wouldn't? ****** *** *** ***** **** ** ** ***** *******, needlessly ***** * ****** ***** ** * ***** ***** ****** be ***********. *** ** ***** ** ** **** *** ********* of *** ***** '******' ** *** *** ** ** ****** statement ** ****** ********* ****. ****** *** * ***'* ********** the *** ***** *****, *** ***** ***** *** ********* ***** reject **, *** ***** **** *** **** **** ** *** expression ***** **?

*.*. ******* ** ** * **** ******** ** * *** that * ****** **: ** **** ******* ** *** ******* were ********** ** ******* ******* *** **** ** ****** ** do ******* **** ** ****** ****, ***** ** ****'* ** course. *** **** ** *** ****** *** ****** *** ******, long ***** ***** ** *** *** ******** ****** ** ***** us * ******. ** ***. ** *** *** ***.

Brian Rhodes

IPVMU Certified / IPVM Admin | 02/19/14 03:34pm

* **** **** ******* **** ** ******* *** *** *******:

*) *** **** **** ******* **** ********** **** ****** *' or *****? * ***** **** * - * *************** *****, *** * ****** ** ** ******? * ***'* even ***** *** ****** *** ** ********** ** ** **** enough ** *** **********?

*) *** **** ******* *'** **** ***** ******** *********, **** during ******* *********. ***** **** *%, *** **** ***** *** characters *** *** *** ** ***** *******. *** ******** ****** to **** ** ****** **** ** **** ******* *****, ********** at ******* ******, **** ***** **** *** **********.

****** *** *** ******** ****. **** * ********* **** *******, I **** ** **** ** **** ***** ** **** ** not, *** *** **** **** **** ** *** **** ****** I ***** ** ** ********.

Matt Ion

In reply to Brian Rhodes | 02/19/14 07:34pm

** *** ** *** ***, ******** **** *** ********'* ****** are ** ******* *** **** ******** ** *** ***, *** not ******** ********* ****** ** ******* *** **** ***-***** ****. The ****** ***** **** ** ** **** ** ********** *** entire ***** ** *** **** **** * ***** *** ** in. *** *** ***** ******* ****** *** **** *********** **** factor ** ***** ******** ******, ******, ** *** ****** ***** need ** ** **** ** ***** * ******* ** ******* to ******* *** ****** ******* ******.

***** *** ** ***** **** *********** ****** **** ***** ********* lanes ** **** *** **** ******* **** ** * **** bridge, ********** ******* *** ** * ***** **** ******* *** lane *******. ******* **** **** ****** **, **** ****** ****** a **** **** * **** ** ****** **** ** *** own ****, *** ******* ** *** ***********, ******** **** **** than * **** ** ******* **** ** *** ******* **** it.

*** ****** **** ***** ** *** **** ******** ** ******, but ******* *** ****** ******* ** *** ******'* *** ****** NOT ** * *******.

Ryan Twitchell

| 02/19/14 05:15pm

* **** **** ***.

********, *** ***** * *******.

***** *** ******* ** *** ** ** **** ********* *********** in **********, **** *** *** **** ********* **** *** ***** user ***** **** **** - **'* **** *********** ******** ** this ********. *** ********* ** ******** ** **** ******** ********* exist **** ************ ******** *******, ********** ** *** ****** ** data *** ***** *******.

** *** ** ******* ***** *****, ***.: *** **** ***** have ** ** * ******** ****** ** * ******** ***** of *** ********, *** **** **** *** ****** *** ************ in *** ***.

*'* **** ** *** * ****** ******** ***** **** **** shellcode, *** ******* ***** **** ** **** * ********* *** that...

Jim Hall

| 02/19/14 05:37pm

****** *** *** **** ***, * **** ******* ** *** vanity **** *** ***:

****** ******** **-*** ******* *********. ********* **** **** ****** ***** in ** *****, *** ********* ***** *********** ****** **** **** 'shell ***'! ******* ** ******* ****' **** * ***** **** ****** ** ********...

*.*. * ***** ** *** #!/***/bash but apparently some bourne again hacker done got his mitts on it first :(

Brian Rhodes

IPVMU Certified / IPVM Admin | In reply to Jim Hall | 02/19/14 05:48pm

Undisclosed 2

In reply to Jim Hall | 02/19/14 07:25pm

* **** ******* *** *** "*** *". **** *** *** of ** ******** ******-******** ******.

Ryan Twitchell

| 02/19/14 06:28pm

***,

****'* *** ***. ***** *** ** *** *** **** * valid **** **** **** **** ****. *** ******* ":(){ :|:& };:" ** ******** *** ***** ** *** *****, ******.

Undisclosed 1

| 02/19/14 06:45pm

*'** ****** * *** *** ********* **** ****** *** ** really ****, ** ** ****** *** ********** **** **** **** are ***** *** **** ******** **** ************* ** * ******* for **. ****, * ******** *** ** ******* * ***** end *** * ******** *** *** ******** **** *** ** the ****** ********* ** ****** *** ***** **** *** ******** when *** ** * ****** ** ** *******, *** ***** very **** ** *** *** ********* *********. **'* ***** ** testing *** ***** ** **** *** ** *** ****** **** will *** **** *******. *** **** * *****, * ****** windows ********* *** * ***** *** *******, **** ***** ** security ************ *** *** **** ** *** ** *** ****** on *** ***** ***** ****** ** ****** ****. *** * have ** ** ****, **** ** *** **** *** **** it, *** **** ******, ***.

Discussion	Posts	Latest
New Question About Pricing Structure You Use To Pay Subs For 3-1-1 Installations (2) Started by Undisclosed 1 Integrator	2	less than a minute ago by Undisclosed 2 Manufacturer
New Is There a Solution For People Counting Vehicle Occupants? (7) Started by Luis Sadio	7	less than a minute ago by Undisclosed 3 Manufacturer
Hikvision + Spectrum + Audio (6) Started by John Bazyk	6	less than a minute ago by Kyle Folger
New ADT Now Offers Ghost Monitoring (3) Started by John Honovich	3	less than a minute ago by Horace Lasell
New Help With 8 Camera Project For "Stubborn" Customer (15) Started by Undisclosed 1 Integrator	15	1 minute ago by Armando Perez

Discussion

Posts

Latest

New

Question About Pricing Structure You Use To Pay Subs For 3-1-1 Installations (2)

Started by Undisclosed 1 Integrator

less than a minute ago by Undisclosed 2 Manufacturer

New

Is There a Solution For People Counting Vehicle Occupants? (7)

Started by Luis Sadio

less than a minute ago by Undisclosed 3 Manufacturer

Hikvision + Spectrum + Audio (6)