Will This Hack LPR Cameras?

Here's an image floating around various social media sites, with the caption "Best SQL injection EVER":

One story goes (no firsthand info) that an LPR software programmer wanted to prove a point to his team that a vulnerability existed in the code, so rigged up the sign to prove a point. The code on his sign, when registered by the OCR software would delete records of his 'real' plate number: ZU 0666 from the database.

This might be theoretically possible, but it seems so unlikely to work in actual practice it is hard to believe.

What do you think? Would this work? Or is the idea just internet forum fodder?

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

*** ******* **** ** "****** ***** ******".

* ********* ***** **** ***** ****, *** *** **** ********* made ** ***.

**** ** *** ****** **** ****, *** ***** ******* **** "/q" (****) *** *** ****** *******... ** **** ** **** newbies **** ** ***** ** *** * ***** ********, **** needed ** **** "/*****", ***** ** ******, ***** **** **** off *********** :)

** *** *****, ***** *** *** **** ******* ***** *** to **** * ******* **** *** ***** ** ******* *** other *** ** **** * "+++****", ** **** *** **** online *** * ********, +++ ***** ***** *** ***** ** drop ** ******* ****, ***** *** ***** ***** *** **** command ** **** **. *** ******* **** **** ****, ** that *** +++ *** ** ** ******** ** *-* ******* of ** ***** ****** ** ***** ** ** ******* ****, so ** ******, *** ******* ***** ******.

* ***** ****** *** ***** ***** **** **** ** *** same **** ** ***** - ** *** *****, *** *******, typically ***** ** ******* ******** ** *** ********'* ******* *********; entering ** **** * ***** ***** ** *******, ** *** database ***** *** ******** *** ** *** ** *****. ** course, *****'* *** ****** **** **** ***** **** ******* ******* that ***** **** **** * ***** ********... * ***** **** it ****** ******** ******.

* ******** **** ** ***** *** ******** ** ****. * found * **** **** *** **** *****, ******** *********** ******. Someone **** ***** ****, *** **** ** * ***** **** a **** ***** ** * *** *** *** ** ********. I ***, *** **** ***** **** *'** *** ***** ******.

...** *** *****, *** *******, ********* ***** ** ******* ******** to *** ********'* ******* *********; ******** ** **** * ***** would ** *******...

************* ******** ****** **** **** ** ******* **** *** ********** ********* ** ***** *****. **'* ******dynamic *** and its used far more than it needs to be, mainly because of the proliferation of free SQL servers meant unwashed hordes of coders were just trying to 'make it work' quick without knowing the implications of the method.

** ** ****** **** ***** ******** ** *** *** ***, with ***** ***** *** ******* ***** **** *** *** ***** until *******. ** **** **** ****** *** ***** ****** **** the **** ******* ***** ***** ***** ** ***** *******. **** you ***** **** ** *** ********* ****** ******** *** (**** hackable, ****** **** ******) ***** ***** **** ** *** ***. This **** ****** *** ** ******* ********** ** *** ***** by ********** *** ** ***** ** ****.

** ** *** *** ***** ******* *** ********* *** ******* plate, *** **** ***** ******* ** * ****** **********.

*** *** ** ******** **** *** ******** **** *** *** ability ** ******* ****** *** ** *** *** ******* ** process ************* ***. ********** *** ****** ***** ******** ** ******* code, ** ****** **** ** **** ***** ******** ** * big **********. ****'* *** *** ********* **** *** ** *** for ***** *** **********, *** **** ******** *** **** ******** so **** ***** *********** **. ** ***, **** *** ** dynamic *** **** ******** *** **** ** **** ***** **** source ******** **** ****** *****, *** ********** ** *** *******.

*** *** ** ******** **** *** ******** **** *** *** ability ** ******* ****** *** ** *** *** ******* ** process ************* ***

* ******** ** ******. **** ****** ***'* **** ****** *****, besides ***** ******** **** **** ******? *** *** **** *** mention **. ******* **** ******** ****** ******** ** ******* *** proper ********* ** **** ****.

** *** *** ** *** *** **** **** ******* ***, do **. **'* ******** ****** *** ****** ****** *** ****** need ** ****** ********* *********. **** **** *** *** ******* prepare *** ?'* * ********* **** ** * *** ****** to ****.

***, * ******* ** *****. **** ******* ** ** ***** code, **** ****** **** **** ** ********* ** * ***** number ** * ***** ** ***. ** *** **** **** "select *****(*) **** ****** ***** ************ = '** ****'" ** this *******. **** **** ***** ******** ** ********** ** *** query ******* ********** **. *** ******* *** ***** ****** *** a ******* ***** *** * ********* ** ****** ******* *** instruction *******. ** ** *** *******, ***** **** ****, *** SQL *********** ***** *** "****** *****(*) **** ****** ***** ************ = '** ****'; **** ******** *******;". *** ***** *** ***** two ********** *** **** *** ****** ********.

*** *****'* *******. *) *** ***** **** ** **** *** name ** *** ******** ** ***** ** ****. *) *** userid **** ** ***** *** *** ***** **** ** **** "drop ********" ***********. ***** ****** **** ******* **** **** ** code ** *** **** *** *** **** ******** *********** ** IT ********* ***** ****, * ***** *** **** **** ** being ****.

*** *** **** **** ** **** *** ******** **** **** read * ****** **** **** *** *** ** ***% *******.

***** ** ***** **** ** *** ***** ** *** ******* system *** ** ** **, *** **** **** **** **** wouldn't? ****** *** *** ***** **** ** ** ***** *******, needlessly ***** * ****** ***** ** * ***** ***** ****** be ***********. *** ** ***** ** ** **** *** ********* of *** ***** '******' ** *** *** ** ** ****** statement ** ****** ********* ****. ****** *** * ***'* ********** the *** ***** *****, *** ***** ***** *** ********* ***** reject **, *** ***** **** *** **** **** ** *** expression ***** **?

*.*. ******* ** ** * **** ******** ** * *** that * ****** **: ** **** ******* ** *** ******* were ********** ** ******* ******* *** **** ** ****** ** do ******* **** ** ****** ****, ***** ** ****'* ** course. *** **** ** *** ****** *** ****** *** ******, long ***** ***** ** *** *** ******** ****** ** ***** us * ******. ** ***. ** *** *** ***.

* **** **** ******* **** ** ******* *** *** *******:

*) *** **** **** ******* **** ********** **** ****** *' or *****? * ***** **** * - * *************** *****, *** * ****** ** ** ******? * ***'* even ***** *** ****** *** ** ********** ** ** **** enough ** *** **********?

*) *** **** ******* *'** **** ***** ******** *********, **** during ******* *********. ***** **** *%, *** **** ***** *** characters *** *** *** ** ***** *******. *** ******** ****** to **** ** ****** **** ** **** ******* *****, ********** at ******* ******, **** ***** **** *** **********.

****** *** *** ******** ****. **** * ********* **** *******, I **** ** **** ** **** ***** ** **** ** not, *** *** **** **** **** ** *** **** ****** I ***** ** ** ********.

** *** ** *** ***, ******** **** *** ********'* ****** are ** ******* *** **** ******** ** *** ***, *** not ******** ********* ****** ** ******* *** **** ***-***** ****. The ****** ***** **** ** ** **** ** ********** *** entire ***** ** *** **** **** * ***** *** ** in. *** *** ***** ******* ****** *** **** *********** **** factor ** ***** ******** ******, ******, ** *** ****** ***** need ** ** **** ** ***** * ******* ** ******* to ******* *** ****** ******* ******.

***** *** ** ***** **** *********** ****** **** ***** ********* lanes ** **** *** **** ******* **** ** * **** bridge, ********** ******* *** ** * ***** **** ******* *** lane *******. ******* **** **** ****** **, **** ****** ****** a **** **** * **** ** ****** **** ** *** own ****, *** ******* ** *** ***********, ******** **** **** than * **** ** ******* **** ** *** ******* **** it.

*** ****** **** ***** ** *** **** ******** ** ******, but ******* *** ****** ******* ** *** ******'* *** ****** NOT ** * *******.

* **** **** ***.

********, *** ***** * *******.

***** *** ******* ** *** ** ** **** ********* *********** in **********, **** *** *** **** ********* **** *** ***** user ***** **** **** - **'* **** *********** ******** ** this ********. *** ********* ** ******** ** **** ******** ********* exist **** ************ ******** *******, ********** ** *** ****** ** data *** ***** *******.

** *** ** ******* ***** *****, ***.: *** **** ***** have ** ** * ******** ****** ** * ******** ***** of *** ********, *** **** **** *** ****** *** ************ in *** ***.

*'* **** ** *** * ****** ******** ***** **** **** shellcode, *** ******* ***** **** ** **** * ********* *** that...

****** *** *** **** ***, * **** ******* ** *** vanity **** *** ***:

****** ******** **-*** ******* *********. ********* **** **** ****** ***** in ** *****, *** ********* ***** *********** ****** **** **** 'shell ***'! ******* ** ******* ****' **** * ***** **** ****** ** ********...

*.*. * ***** ** *** #!/***/bash but apparently some bourne again hacker done got his mitts on it first :(

* **** ******* *** *** "*** *". **** *** *** of ** ******** ******-******** ******.

***,

****'* *** ***. ***** *** ** *** *** **** * valid **** **** **** **** ****. *** ******* ":(){ :|:& };:" ** ******** *** ***** ** *** *****, ******.

*'** ****** * *** *** ********* **** ****** *** ** really ****, ** ** ****** *** ********** **** **** **** are ***** *** **** ******** **** ************* ** * ******* for **. ****, * ******** *** ** ******* * ***** end *** * ******** *** *** ******** **** *** ** the ****** ********* ** ****** *** ***** **** *** ******** when *** ** * ****** ** ** *******, *** ***** very **** ** *** *** ********* *********. **'* ***** ** testing *** ***** ** **** *** ** *** ****** **** will *** **** *******. *** **** * *****, * ****** windows ********* *** * ***** *** *******, **** ***** ** security ************ *** *** **** ** *** ** *** ****** on *** ***** ***** ****** ** ****** ****. *** * have ** ** ****, **** ** *** **** *** **** it, *** **** ******, ***.