SQL Injection License Plate

less than 1 minute read

 One clever hacker realized that recent speed traps use cameras that automatically register your speed, take a picture of you license plate, and then use character recognition to translate you license plate number into something they can use as a lookup within the DMV database. With this in mind, he changed his license plate number to

('ZU 0666', 0, 0); Drop Database Table.

If the DMV uses this string of characters in their database lookup it has a good chance of deleting all of the database records containing his actual license plate number, ZU 0666. This has got to be 10 out of 10 on the creativity scale, and once again showing the importance of knowing what SQL injection and little Bobby tables is all about.

Source: SQL Injection license plate hopes to foil euro traffic cameras



Leave a comment