Jump to content

speed camera SQL injection


Husky

Recommended Posts

Whilst I would love this to work, it would take some truely retarted programmer not to check license plate formats before doing the required database lookup. Wouldnt be the first time a retarded programmer got the job though! :lol:

this is what i thought, I think it's fairly possible a r'tard programmed it and so it works :lol:

 

 

and what is the benefit of this?

 

not taking the pi$$; i just don't understand what he is trying to attempt :shrug:

 

if you think about it the scanner reads the number plate and converts it to text, it then inserts the text into a database, so the theory is that if you insert code into the database via the scanner instead of a reg plate it will execute the code. The codes purpose would be to wipe the database.

Link to comment
Share on other sites

and what is the benefit of this?

 

not taking the pi$$; i just don't understand what he is trying to attempt :shrug:

 

if you think about it the scanner reads the number plate and converts it to text, it then inserts the text into a database, so the theory is that if you insert code into the database via the scanner instead of a reg plate it will execute the code. The codes purpose would be to wipe the database.

Withouth knowing the underlying table structure, the best you could achieve is for the numberplate not to be recognised so that you dont get billed. In reailty, it'd flag up as an error and a human operator will do it and then they'd come after you for fecking with their systems :lol:

Link to comment
Share on other sites

The camera is looking for records within a table, not for an sql statement to execute :dry::dry:

Its perfectly possible if you know how SQL works and if the types arent strongly typed (ie not format checked in this case).

 

Wikipedia is your friend - http://en.wikipedia.org/wiki/SQL_injection

 

Heres their example reworked for this - Stew look away now!

 

Usual select to look up car details

statement := "SELECT * FROM `carinfo` WHERE `id` = " + a_numberplate + ";"

 

a_numberplate (not strongly typed so this could be on the car and read) could be this rather than a numberplate

1;DROP TABLE `car_owners`

 

so the code ran is ...

 

SELECT * FROM `carinfo` WHERE `id`=1;DROP TABLE `car_owners`;

 

Now you've gone and deleted all car owners in the system ;)

 

Now to do this you need to have a good working knowledge of their database structure to start farting about with it. You also have to assume some retard hasnt checked that the numberplate read is a recognised format!

Link to comment
Share on other sites

Thanks Chris I do know how SQL works after studying Database Administration at University and years of using Oracle...

 

It is also perfectly possible for someone to have spent a minute or two putting even a rudimentary amount of validation into the system :thumbs:

 

Thats you told smiley.gif

:lol:

Link to comment
Share on other sites

Thanks Chris I do know how SQL works after studying Database Administration at University and years of using Oracle...

 

It is also perfectly possible for someone to have spent a minute or two putting even a rudimentary amount of validation into the system :thumbs:

No offence but it didnt sound like it the way you worded the comment, the whole point of SQL injection (as you know) is to insert SQL where SQL shouldnt be :p And we had already said that it would only work if there was a numpty coding it with no validation checking.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...