Analysis and Exploration of Vulnerabilities

The NULL plate

Security researcher acquires two license plates.

  • NULL for his car, VOID for his wife.

  • The idea was for the driveway to always be NULL or VOID.

Triggered an Injection vulnerability.

  • Got a small $30 ticket.

  • Started getting tickets, up to +$12K in wrongly issued fines.

  • Some tickets were related to violations 2y before the license plate was issued.

Relevant bits.

  • The user provided an image, not a textual form of data.

  • Issued happened after the Automatic License Plate Recognition software.

    • An internal process feeds data to other processes.

PreviousThings to considerNextSQLi types

Last updated