Input sanitization issues will always exist, although it’s surprising at how we’re still seeing amateur mistakes being made on everyday applications and systems used by millions. After making some observations against automatic license plate recognition (ALPR) data requested via the freedom of information act (FOIA) while having reminiscent conversations about old hacker tales, it turned on the evil bit, leading to some interesting ideas. We’ll go over this adventure of poking at systems using totally valid user-controlled data that causes unexpected behavior in the real world. It’s always a strange thing when you can “exploit” unexpected attack surface, due to poor specification, especially in government systems.