Will This Hack LPR Cameras?

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | 03/14/13 04:16pm

Here's an image floating around various social media sites, with the caption "Best SQL injection EVER":

One story goes (no firsthand info) that an LPR software programmer wanted to prove a point to his team that a vulnerability existed in the code, so rigged up the sign to prove a point. The code on his sign, when registered by the OCR software would delete records of his 'real' plate number: ZU 0666 from the database.

This might be theoretically possible, but it seems so unlikely to work in actual practice it is hard to believe.

What do you think? Would this work? Or is the idea just internet forum fodder?

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.
523e72bb054343da0bfb7186fa8e7c4a

Brian Karas

03/14/13 05:02pm

*** ******* **** ** "****** ***** ******".

Jacob Bird

IPVMU Certified | 03/15/13 02:08am

* ********* ***** **** ***** ****, *** *** **** ********* made ** ***.

Matt Ion

03/15/13 02:21am

**** ** *** ****** **** ****, *** ***** ******* **** "/q" (****) *** *** ****** *******... ** **** ** **** newbies **** ** ***** ** *** * ***** ********, **** needed ** **** "/*****", ***** ** ******, ***** **** **** off *********** :)

** *** *****, ***** *** *** **** ******* ***** *** to **** * ******* **** *** ***** ** ******* *** other *** ** **** * "+++****", ** **** *** **** online *** * ********, +++ ***** ***** *** ***** ** drop ** ******* ****, ***** *** ***** ***** *** **** command ** **** **. *** ******* **** **** ****, ** that *** +++ *** ** ** ******** ** *-* ******* of ** ***** ****** ** ***** ** ** ******* ****, so ** ******, *** ******* ***** ******.

* ***** ****** *** ***** ***** **** **** ** *** same **** ** ***** - ** *** *****, *** *******, typically ***** ** ******* ******** ** *** ********'* ******* *********; entering ** **** * ***** ***** ** *******, ** *** database ***** *** ******** *** ** *** ** *****. ** course, *****'* *** ****** **** **** ***** **** ******* ******* that ***** **** **** * ***** ********... * ***** **** it ****** ******** ******.

Thumbnail fullsizerender

Ari Erenthal

In reply to Matt Ion | 02/19/14 02:24pm

* ******** **** ** ***** *** ******** ** ****. * found * **** **** *** **** *****, ******** *********** ******. Someone **** ***** ****, *** **** ** * ***** **** a **** ***** ** * *** *** *** ** ********. I ***, *** **** ***** **** *'** *** ***** ******.

Rukmini Wilson

In reply to Matt Ion | 02/19/14 07:06pm

...** *** *****, *** *******, ********* ***** ** ******* ******** to *** ********'* ******* *********; ******** ** **** * ***** would ** *******...

************* ******** ****** **** **** ** ******* **** *** ********** ********* ** ***** *****. **'* ******dynamic *** and its used far more than it needs to be, mainly because of the proliferation of free SQL servers meant unwashed hordes of coders were just trying to 'make it work' quick without knowing the implications of the method.

** ** ****** **** ***** ******** ** *** *** ***, with ***** ***** *** ******* ***** **** *** *** ***** until *******. ** **** **** ****** *** ***** ****** **** the **** ******* ***** ***** ***** ** ***** *******. **** you ***** **** ** *** ********* ****** ******** *** (**** hackable, ****** **** ******) ***** ***** **** ** *** ***. This **** ****** *** ** ******* ********** ** *** ***** by ********** *** ** ***** ** ****.

** ** *** *** ***** ******* *** ********* *** ******* plate, *** **** ***** ******* ** * ****** **********.

Undisclosed #1

In reply to Rukmini Wilson | 02/19/14 07:25pm

*** *** ** ******** **** *** ******** **** *** *** ability ** ******* ****** *** ** *** *** ******* ** process ************* ***. ********** *** ****** ***** ******** ** ******* code, ** ****** **** ** **** ***** ******** ** * big **********. ****'* *** *** ********* **** *** ** *** for ***** *** **********, *** **** ******** *** **** ******** so **** ***** *********** **. ** ***, **** *** ** dynamic *** **** ******** *** **** ** **** ***** **** source ******** **** ****** *****, *** ********** ** *** *******.

Rukmini Wilson

In reply to Undisclosed #1 | 02/20/14 08:00am

*** *** ** ******** **** *** ******** **** *** *** ability ** ******* ****** *** ** *** *** ******* ** process ************* ***

* ******** ** ******. **** ****** ***'* **** ****** *****, besides ***** ******** **** **** ******? *** *** **** *** mention **. ******* **** ******** ****** ******** ** ******* *** proper ********* ** **** ****.

** *** *** ** *** *** **** **** ******* ***, do **. **'* ******** ****** *** ****** ****** *** ****** need ** ****** ********* *********. **** **** *** *** ******* prepare *** ?'* * ********* **** ** * *** ****** to ****.

Undisclosed #1

02/19/14 01:08am

***, * ******* ** *****. **** ******* ** ** ***** code, **** ****** **** **** ** ********* ** * ***** number ** * ***** ** ***. ** *** **** **** "select *****(*) **** ****** ***** ************ = '** ****'" ** this *******. **** **** ***** ******** ** ********** ** *** query ******* ********** **. *** ******* *** ***** ****** *** a ******* ***** *** * ********* ** ****** ******* *** instruction *******. ** ** *** *******, ***** **** ****, *** SQL *********** ***** *** "****** *****(*) **** ****** ***** ************ = '** ****'; **** ******** *******;". *** ***** *** ***** two ********** *** **** *** ****** ********.

*** *****'* *******. *) *** ***** **** ** **** *** name ** *** ******** ** ***** ** ****. *) *** userid **** ** ***** *** *** ***** **** ** **** "drop ********" ***********. ***** ****** **** ******* **** **** ** code ** *** **** *** *** **** ******** *********** ** IT ********* ***** ****, * ***** *** **** **** ** being ****.

*** *** **** **** ** **** *** ******** **** **** read * ****** **** **** *** *** ** ***% *******.

Rukmini Wilson

In reply to Undisclosed #1 | 02/19/14 01:47am

***** ** ***** **** ** *** ***** ** *** ******* system *** ** ** **, *** **** **** **** **** wouldn't? ****** *** *** ***** **** ** ** ***** *******, needlessly ***** * ****** ***** ** * ***** ***** ****** be ***********. *** ** ***** ** ** **** *** ********* of *** ***** '******' ** *** *** ** ** ****** statement ** ****** ********* ****. ****** *** * ***'* ********** the *** ***** *****, *** ***** ***** *** ********* ***** reject **, *** ***** **** *** **** **** ** *** expression ***** **?

*.*. ******* ** ** * **** ******** ** * *** that * ****** **: ** **** ******* ** *** ******* were ********** ** ******* ******* *** **** ** ****** ** do ******* **** ** ****** ****, ***** ** ****'* ** course. *** **** ** *** ****** *** ****** *** ******, long ***** ***** ** *** *** ******** ****** ** ***** us * ******. ** ***. ** *** *** ***.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | 02/19/14 03:34pm

* **** **** ******* **** ** ******* *** *** *******:

*) *** **** **** ******* **** ********** **** ****** *' or *****? * ***** **** * - * *************** *****, *** * ****** ** ** ******? * ***'* even ***** *** ****** *** ** ********** ** ** **** enough ** *** **********?

*) *** **** ******* *'** **** ***** ******** *********, **** during ******* *********. ***** **** *%, *** **** ***** *** characters *** *** *** ** ***** *******. *** ******** ****** to **** ** ****** **** ** **** ******* *****, ********** at ******* ******, **** ***** **** *** **********.

****** *** *** ******** ****. **** * ********* **** *******, I **** ** **** ** **** ***** ** **** ** not, *** *** **** **** **** ** *** **** ****** I ***** ** ** ********.

Matt Ion

In reply to Brian Rhodes | 02/19/14 07:34pm

** *** ** *** ***, ******** **** *** ********'* ****** are ** ******* *** **** ******** ** *** ***, *** not ******** ********* ****** ** ******* *** **** ***-***** ****. The ****** ***** **** ** ** **** ** ********** *** entire ***** ** *** **** **** * ***** *** ** in. *** *** ***** ******* ****** *** **** *********** **** factor ** ***** ******** ******, ******, ** *** ****** ***** need ** ** **** ** ***** * ******* ** ******* to ******* *** ****** ******* ******.

***** *** ** ***** **** *********** ****** **** ***** ********* lanes ** **** *** **** ******* **** ** * **** bridge, ********** ******* *** ** * ***** **** ******* *** lane *******. ******* **** **** ****** **, **** ****** ****** a **** **** * **** ** ****** **** ** *** own ****, *** ******* ** *** ***********, ******** **** **** than * **** ** ******* **** ** *** ******* **** it.

*** ****** **** ***** ** *** **** ******** ** ******, but ******* *** ****** ******* ** *** ******'* *** ****** NOT ** * *******.

Ryan Twitchell

02/19/14 05:15pm

* **** **** ***.

********, *** ***** * *******.

***** *** ******* ** *** ** ** **** ********* *********** in **********, **** *** *** **** ********* **** *** ***** user ***** **** **** - **'* **** *********** ******** ** this ********. *** ********* ** ******** ** **** ******** ********* exist **** ************ ******** *******, ********** ** *** ****** ** data *** ***** *******.

** *** ** ******* ***** *****, ***.: *** **** ***** have ** ** * ******** ****** ** * ******** ***** of *** ********, *** **** **** *** ****** *** ************ in *** ***.

*'* **** ** *** * ****** ******** ***** **** **** shellcode, *** ******* ***** **** ** **** * ********* *** that...

Jim Hall

02/19/14 05:37pm

****** *** *** **** ***, * **** ******* ** *** vanity **** *** ***:

****** ******** **-*** ******* *********. ********* **** **** ****** ***** in ** *****, *** ********* ***** *********** ****** **** **** 'shell ***'! ******* ** ******* ****' **** * ***** **** ****** ** ********...

*.*. * ***** ** *** #!/***/bash but apparently some bourne again hacker done got his mitts on it first :(

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Jim Hall | 02/19/14 05:48pm

Undisclosed #2

In reply to Jim Hall | 02/19/14 07:25pm

* **** ******* *** *** "*** *". **** *** *** of ** ******** ******-******** ******.

Ryan Twitchell

02/19/14 06:28pm

***,

****'* *** ***. ***** *** ** *** *** **** * valid **** **** **** **** ****. *** ******* ":(){ :|:& };:" ** ******** *** ***** ** *** *****, ******.

Undisclosed #1

02/19/14 06:45pm

*'** ****** * *** *** ********* **** ****** *** ** really ****, ** ** ****** *** ********** **** **** **** are ***** *** **** ******** **** ************* ** * ******* for **. ****, * ******** *** ** ******* * ***** end *** * ******** *** *** ******** **** *** ** the ****** ********* ** ****** *** ***** **** *** ******** when *** ** * ****** ** ** *******, *** ***** very **** ** *** *** ********* *********. **'* ***** ** testing *** ***** ** **** *** ** *** ****** **** will *** **** *******. *** **** * *****, * ****** windows ********* *** * ***** *** *******, **** ***** ** security ************ *** *** **** ** *** ** *** ****** on *** ***** ***** ****** ** ****** ****. *** * have ** ** ****, **** ** *** **** *** **** it, *** **** ******, ***.

Top Comment Votes - Past 3 Months
  • 1. John Honovich - 3408
  • 2. Brian Karas - 696
  • 3. Jon Dillabaugh - 656
  • 4. Michael Miller - 595
  • 5. Marty Calhoun - 441
  • 6. Sean Nelson - 378
  • 7. Ari Erenthal - 297
  • 8. Ethan Ace - 289
  • 9. Brian Rhodes - 272
  • 10. Michael Silva - 250
  • 11. Eddie Perry - 234
  • 12. Robert Shih - 197
  • 13. John Bazyk - 179
  • 14. Joshua Hendricks - 177
  • 15. Ross Vanderklok - 174
  • 16. Kyle Folger - 164
  • 17. Armando Perez - 163
  • 18. Jay Hobdy - 150
  • 19. Michael Gonzalez - 122
  • 20. Matthew Netardus - 116
Manufacturers
Tools

BestMatch

Camera Calculator

Camera Finder

F-Stop Calculator

Chat

Integrator Finder

News Spider

Camera Comparison

Quizzes

Pages

About

Contact