Posted: 1/9/2013 11:06:11 AM EDT
I'm sure this is a dupe. Everything's a dupe and this one is three years old but I haven't seen it here yet. For those who either haven't seen it yet, or whose panties, aren't sucked four feet into their large intestine:
http://kossovsky.net/index.php/2010/04/sql-injection-license-plate/ |
|
Quoted:
yeah but did it really work as planned? I believe it did, but at least for the systems he broke they likely won't again. ETA: As a plan B once input validation is enabled you could possibly just have multiple blocks of text to get the system to fail to input any of the data into the record. |
|
Quoted:
Quoted:
yeah but did it really work as planned? I believe it did, but at least for the systems he broke they likely won't again. Yeah, that's the sort of thing that wouldn't stay vulnerable for long, even if someone were dumb enough to leave it open in the first place. Fuckin' hilarious, though. |
|
You could surround the legitimate plate with LOTS of alphanumeric strings.
You could wear a lucho libre mask and drive your car like a bat out of hell past a photo radar camera with fourteen paper towel "license plates" taped to the back of your car. You could write down the plate number of everyone who had an 0bama lawn sign and plaster those all over your car. So long as you never obscure your own plate and the fake ones don't even slightly resemble a real plate, it shouldn't be illegal. I wonder if the system would generate multiple tickets on one entry. |
|
Quoted:
You could surround the legitimate plate with LOTS of alphanumeric strings. You could wear a lucho libre mask and drive your car like a bat out of hell past a photo radar camera with fourteen paper towel "license plates" taped to the back of your car. You could write down the plate number of everyone who had an 0bama lawn sign and plaster those all over your car. So long as you never obscure your own plate and the fake ones don't even slightly resemble a real plate, it shouldn't be illegal. I wonder if the system would generate multiple tickets on one entry. I wouldn't expect that it would since the trigger for the record entry process is the sensor tripping and the OCR result from the plate read is only one field in the entry. |
|
Quoted:
Quoted:
You could surround the legitimate plate with LOTS of alphanumeric strings. You could wear a lucho libre mask and drive your car like a bat out of hell past a photo radar camera with fourteen paper towel "license plates" taped to the back of your car. You could write down the plate number of everyone who had an 0bama lawn sign and plaster those all over your car. So long as you never obscure your own plate and the fake ones don't even slightly resemble a real plate, it shouldn't be illegal. I wonder if the system would generate multiple tickets on one entry. I wouldn't expect that it would since the trigger for the record entry process is the sensor tripping and the OCR result from the plate read is only one field in the entry. I'm sure you're right. I'm not all that smart in this area but this is how I'd guess it happens: The RADAR arms the in road sensor, which fires the camera. The RADAR data, date/time, lane number, are separate fields in a row generated by the event and the file numbers of the photos taken are probably also stored in separate fields. Later, the OCR software pulls a plate number and generates the ticket. What happens if OCR sees multiple "plate numbers"? ETA: This will be really fun when they try to integrate facial recognition. Wear a mask and tape a pic of Feinstein to your windshield. 
|
|
Quoted:
Quoted:
Quoted:
You could surround the legitimate plate with LOTS of alphanumeric strings. You could wear a lucho libre mask and drive your car like a bat out of hell past a photo radar camera with fourteen paper towel "license plates" taped to the back of your car. You could write down the plate number of everyone who had an 0bama lawn sign and plaster those all over your car. So long as you never obscure your own plate and the fake ones don't even slightly resemble a real plate, it shouldn't be illegal. I wonder if the system would generate multiple tickets on one entry. I wouldn't expect that it would since the trigger for the record entry process is the sensor tripping and the OCR result from the plate read is only one field in the entry. I'm sure you're right. I'm not all that smart in this area but this is how I'd guess it happens: The RADAR arms the in road sensor, which fires the camera. The RADAR data, date/time, lane number, are separate fields in a row generated by the event and the file numbers of the photos taken are probably also stored in separate fields. Later, the OCR software pulls a plate number and generates the ticket. What happens if OCR sees multiple "plate numbers"? I know how I would design the data system. I don't know how they did. 
|
|
Quoted:
You could surround the legitimate plate with LOTS of alphanumeric strings. You could wear a lucho libre mask and drive your car like a bat out of hell past a photo radar camera with fourteen paper towel "license plates" taped to the back of your car. You could write down the plate number of everyone who had an 0bama lawn sign and plaster those all over your car. So long as you never obscure your own plate and the fake ones don't even slightly resemble a real plate, it shouldn't be illegal. I wonder if the system would generate multiple tickets on one entry. The tollway in TX hires legions of people to manually enter the plates that the computer cannot read, so I suspect it would fail to read anything and then get entered manually. I imagine heads would explode trying to figure out what to do. |