Will This Hack LPR Cameras?

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | 03/14/13 04:16pm

Here's an image floating around various social media sites, with the caption "Best SQL injection EVER":

One story goes (no firsthand info) that an LPR software programmer wanted to prove a point to his team that a vulnerability existed in the code, so rigged up the sign to prove a point. The code on his sign, when registered by the OCR software would delete records of his 'real' plate number: ZU 0666 from the database.

This might be theoretically possible, but it seems so unlikely to work in actual practice it is hard to believe.

What do you think? Would this work? Or is the idea just internet forum fodder?

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Brian Karas

03/14/13 05:02pm

*** ******* **** ** "****** ***** ******".

Jacob Bird

IPVMU Certified | 03/15/13 02:08am

* ********* ***** **** ***** ****, *** *** **** ********* made ** ***.

Matt Ion

03/15/13 02:21am

**** ** *** ****** **** ****, *** ***** ******* **** "/q" (****) *** *** ****** *******... ** **** ** **** newbies **** ** ***** ** *** * ***** ********, **** needed ** **** "/*****", ***** ** ******, ***** **** **** off *********** :)

** *** *****, ***** *** *** **** ******* ***** *** to **** * ******* **** *** ***** ** ******* *** other *** ** **** * "+++****", ** **** *** **** online *** * ********, +++ ***** ***** *** ***** ** drop ** ******* ****, ***** *** ***** ***** *** **** command ** **** **. *** ******* **** **** ****, ** that *** +++ *** ** ** ******** ** *-* ******* of ** ***** ****** ** ***** ** ** ******* ****, so ** ******, *** ******* ***** ******.

* ***** ****** *** ***** ***** **** **** ** *** same **** ** ***** - ** *** *****, *** *******, typically ***** ** ******* ******** ** *** ********'* ******* *********; entering ** **** * ***** ***** ** *******, ** *** database ***** *** ******** *** ** *** ** *****. ** course, *****'* *** ****** **** **** ***** **** ******* ******* that ***** **** **** * ***** ********... * ***** **** it ****** ******** ******.

Thumbnail fullsizerender

Ari Erenthal

Chesapeake & Midlantic | In reply to Matt Ion | 02/19/14 02:24pm

* ******** **** ** ***** *** ******** ** ****. * found * **** **** *** **** *****, ******** *********** ******. Someone **** ***** ****, *** **** ** * ***** **** a **** ***** ** * *** *** *** ** ********. I ***, *** **** ***** **** *'** *** ***** ******.

Rukmini Wilson

In reply to Matt Ion | 02/19/14 07:06pm

...** *** *****, *** *******, ********* ***** ** ******* ******** to *** ********'* ******* *********; ******** ** **** * ***** would ** *******...

************* ******** ****** **** **** ** ******* **** *** ********** ********* ** ***** *****. **'* ******dynamic *** and its used far more than it needs to be, mainly because of the proliferation of free SQL servers meant unwashed hordes of coders were just trying to 'make it work' quick without knowing the implications of the method.

** ** ****** **** ***** ******** ** *** *** ***, with ***** ***** *** ******* ***** **** *** *** ***** until *******. ** **** **** ****** *** ***** ****** **** the **** ******* ***** ***** ***** ** ***** *******. **** you ***** **** ** *** ********* ****** ******** *** (**** hackable, ****** **** ******) ***** ***** **** ** *** ***. This **** ****** *** ** ******* ********** ** *** ***** by ********** *** ** ***** ** ****.

** ** *** *** ***** ******* *** ********* *** ******* plate, *** **** ***** ******* ** * ****** **********.

Undisclosed #1

In reply to Rukmini Wilson | 02/19/14 07:25pm

*** *** ** ******** **** *** ******** **** *** *** ability ** ******* ****** *** ** *** *** ******* ** process ************* ***. ********** *** ****** ***** ******** ** ******* code, ** ****** **** ** **** ***** ******** ** * big **********. ****'* *** *** ********* **** *** ** *** for ***** *** **********, *** **** ******** *** **** ******** so **** ***** *********** **. ** ***, **** *** ** dynamic *** **** ******** *** **** ** **** ***** **** source ******** **** ****** *****, *** ********** ** *** *******.

Rukmini Wilson

In reply to Undisclosed #1 | 02/20/14 08:00am

*** *** ** ******** **** *** ******** **** *** *** ability ** ******* ****** *** ** *** *** ******* ** process ************* ***

* ******** ** ******. **** ****** ***'* **** ****** *****, besides ***** ******** **** **** ******? *** *** **** *** mention **. ******* **** ******** ****** ******** ** ******* *** proper ********* ** **** ****.

** *** *** ** *** *** **** **** ******* ***, do **. **'* ******** ****** *** ****** ****** *** ****** need ** ****** ********* *********. **** **** *** *** ******* prepare *** ?'* * ********* **** ** * *** ****** to ****.

Undisclosed #1

02/19/14 01:08am

***, * ******* ** *****. **** ******* ** ** ***** code, **** ****** **** **** ** ********* ** * ***** number ** * ***** ** ***. ** *** **** **** "select *****(*) **** ****** ***** ************ = '** ****'" ** this *******. **** **** ***** ******** ** ********** ** *** query ******* ********** **. *** ******* *** ***** ****** *** a ******* ***** *** * ********* ** ****** ******* *** instruction *******. ** ** *** *******, ***** **** ****, *** SQL *********** ***** *** "****** *****(*) **** ****** ***** ************ = '** ****'; **** ******** *******;". *** ***** *** ***** two ********** *** **** *** ****** ********.

*** *****'* *******. *) *** ***** **** ** **** *** name ** *** ******** ** ***** ** ****. *) *** userid **** ** ***** *** *** ***** **** ** **** "drop ********" ***********. ***** ****** **** ******* **** **** ** code ** *** **** *** *** **** ******** *********** ** IT ********* ***** ****, * ***** *** **** **** ** being ****.

*** *** **** **** ** **** *** ******** **** **** read * ****** **** **** *** *** ** ***% *******.

Rukmini Wilson

In reply to Undisclosed #1 | 02/19/14 01:47am

***** ** ***** **** ** *** ***** ** *** ******* system *** ** ** **, *** **** **** **** **** wouldn't? ****** *** *** ***** **** ** ** ***** *******, needlessly ***** * ****** ***** ** * ***** ***** ****** be ***********. *** ** ***** ** ** **** *** ********* of *** ***** '******' ** *** *** ** ** ****** statement ** ****** ********* ****. ****** *** * ***'* ********** the *** ***** *****, *** ***** ***** *** ********* ***** reject **, *** ***** **** *** **** **** ** *** expression ***** **?

*.*. ******* ** ** * **** ******** ** * *** that * ****** **: ** **** ******* ** *** ******* were ********** ** ******* ******* *** **** ** ****** ** do ******* **** ** ****** ****, ***** ** ****'* ** course. *** **** ** *** ****** *** ****** *** ******, long ***** ***** ** *** *** ******** ****** ** ***** us * ******. ** ***. ** *** *** ***.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | 02/19/14 03:34pm

* **** **** ******* **** ** ******* *** *** *******:

*) *** **** **** ******* **** ********** **** ****** *' or *****? * ***** **** * - * *************** *****, *** * ****** ** ** ******? * ***'* even ***** *** ****** *** ** ********** ** ** **** enough ** *** **********?

*) *** **** ******* *'** **** ***** ******** *********, **** during ******* *********. ***** **** *%, *** **** ***** *** characters *** *** *** ** ***** *******. *** ******** ****** to **** ** ****** **** ** **** ******* *****, ********** at ******* ******, **** ***** **** *** **********.

****** *** *** ******** ****. **** * ********* **** *******, I **** ** **** ** **** ***** ** **** ** not, *** *** **** **** **** ** *** **** ****** I ***** ** ** ********.

Matt Ion

In reply to Brian Rhodes | 02/19/14 07:34pm

** *** ** *** ***, ******** **** *** ********'* ****** are ** ******* *** **** ******** ** *** ***, *** not ******** ********* ****** ** ******* *** **** ***-***** ****. The ****** ***** **** ** ** **** ** ********** *** entire ***** ** *** **** **** * ***** *** ** in. *** *** ***** ******* ****** *** **** *********** **** factor ** ***** ******** ******, ******, ** *** ****** ***** need ** ** **** ** ***** * ******* ** ******* to ******* *** ****** ******* ******.

***** *** ** ***** **** *********** ****** **** ***** ********* lanes ** **** *** **** ******* **** ** * **** bridge, ********** ******* *** ** * ***** **** ******* *** lane *******. ******* **** **** ****** **, **** ****** ****** a **** **** * **** ** ****** **** ** *** own ****, *** ******* ** *** ***********, ******** **** **** than * **** ** ******* **** ** *** ******* **** it.

*** ****** **** ***** ** *** **** ******** ** ******, but ******* *** ****** ******* ** *** ******'* *** ****** NOT ** * *******.

Ryan Twitchell

02/19/14 05:15pm

* **** **** ***.

********, *** ***** * *******.

***** *** ******* ** *** ** ** **** ********* *********** in **********, **** *** *** **** ********* **** *** ***** user ***** **** **** - **'* **** *********** ******** ** this ********. *** ********* ** ******** ** **** ******** ********* exist **** ************ ******** *******, ********** ** *** ****** ** data *** ***** *******.

** *** ** ******* ***** *****, ***.: *** **** ***** have ** ** * ******** ****** ** * ******** ***** of *** ********, *** **** **** *** ****** *** ************ in *** ***.

*'* **** ** *** * ****** ******** ***** **** **** shellcode, *** ******* ***** **** ** **** * ********* *** that...

Jim Hall

02/19/14 05:37pm

****** *** *** **** ***, * **** ******* ** *** vanity **** *** ***:

****** ******** **-*** ******* *********. ********* **** **** ****** ***** in ** *****, *** ********* ***** *********** ****** **** **** 'shell ***'! ******* ** ******* ****' **** * ***** **** ****** ** ********...

*.*. * ***** ** *** #!/***/bash but apparently some bourne again hacker done got his mitts on it first :(

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Jim Hall | 02/19/14 05:48pm

Undisclosed #2

In reply to Jim Hall | 02/19/14 07:25pm

* **** ******* *** *** "*** *". **** *** *** of ** ******** ******-******** ******.

Ryan Twitchell

02/19/14 06:28pm

***,

****'* *** ***. ***** *** ** *** *** **** * valid **** **** **** **** ****. *** ******* ":(){ :|:& };:" ** ******** *** ***** ** *** *****, ******.

Undisclosed #1

02/19/14 06:45pm

*'** ****** * *** *** ********* **** ****** *** ** really ****, ** ** ****** *** ********** **** **** **** are ***** *** **** ******** **** ************* ** * ******* for **. ****, * ******** *** ** ******* * ***** end *** * ******** *** *** ******** **** *** ** the ****** ********* ** ****** *** ***** **** *** ******** when *** ** * ****** ** ** *******, *** ***** very **** ** *** *** ********* *********. **'* ***** ** testing *** ***** ** **** *** ** *** ****** **** will *** **** *******. *** **** * *****, * ****** windows ********* *** * ***** *** *******, **** ***** ** security ************ *** *** **** ** *** ** *** ****** on *** ***** ***** ****** ** ****** ****. *** * have ** ** ****, **** ** *** **** *** **** it, *** **** ******, ***.

Top Comment Votes - Past 3 Months
  • 1. John Honovich - 1163
  • 2. Brian Karas - 506
  • 3. Brian Rhodes - 203
  • 4. Sean Nelson - 188
  • 5. Michael Miller - 143
  • 6. Michael Silva - 139
  • 7. Jon Dillabaugh - 120
  • 8. Jay Hobdy - 102
  • 9. Shannon Davis - 98
  • 10. Marty Calhoun - 91
  • 11. Ethan Ace - 81
  • 12. Michael Gonzalez - 69
  • 13. John Bazyk - 67
  • 14. Robert Shih - 66
  • 15. Luis Carmona - 57
  • 16. Brandon Knutson - 49
  • 17. Joshua Hendricks - 48
  • 18. Rodney Thayer - 46
  • 19. Randy Lines - 43
  • 20. John Scanlan - 38
Manufacturers
Tools

BestMatch

Camera Calculator

Camera Finder

F-Stop Calculator

Chat

Integrator Finder

News Spider

Camera Comparison

Quizzes

Pages

About

Contact