Acidus wrote:
Basically you are reduced to either editing or deleting information from the database.
I don't agree. This isn't just about SQL injection. They discuss buffer overflows and bidirectional attacks in their paper. But, what is the RFID's application? Most can be subverted by tinkering with the back end database.
- Building Access? Can I modify the database so that I can get through doors?
- Theft Control? Can I prevent the gate at the store from sounding an alarm by indicating that my ID number is "purchased?" (Which is what happens when they swish your product over the pad at the store.)
- Shopping? Can I change the price of my item or other items in the database?
- Passports? Can I change my entry visa?!
There might not be much you could do to PayPass with SQL injection but if you could overflow it, you could print money.
