Unable to load image
/h/slackernews House Furry
p n/a :marseyjamgenocide: :marseyjamgenocide: :marseyjamgenocide:  26d ago (eaton-works.com) 412 thread views #336610 earned 232 coins from votes

McDonalds India Gives Researcher A $240 Giftcard (lol) For Discovering These Huge Exploits

https://eaton-works.com/2024/12/19/mcdelivery-india-hack/

The researcher figured out the following (pasted from the blogpost):

The ability to order any number of menu items for ₹1 ($0.01 USD).

The ability to steal/hijack/redirect other people's delivery orders through a specific sequence of carefully timed API calls.

The ability to retrieve the details of any order.

The ability to track any order in the "On the way" status. You could real-time track the location of the driver for any order.

The ability to download invoices for any order.

The ability to submit feedback for orders that are not your own.

The ability to view admin KPI reports.

Sensitive driver/rider information that could be accessed:

  • Name

  • Email address

  • Phone number

  • Vehicle license plate number

  • Profile picture

Saar please take this amazon giftcard I stole from your mother saar

The post is very boring as the techniques used were very basic. I'm not calling the researcher garbage, I'm saying that their website was very poorly setup.

https://i.rdrama.net/images/1737838916DHFTAGqt2a1C1w.webp

53
New Old Top Bottom Controversial Random
Jump in the discussion.

No email address required.

They did him dirty, lmao. Should have just kept it to himself and got basically free food until they patched it.

https://i.rdrama.net/images/17187151446911044.webp https://i.rdrama.net/images/1735584487Pd3ql1pai5_mfA.webp https://i.rdrama.net/images/17177781034384797.webp

Jump in the discussion.

No email address required.

he doesnt live in India tho, he lives in the US

Jump in the discussion.

No email address required.

Just have some Grubhub chump deliver it for $2.37 commission.

Jump in the discussion.

No email address required.

RIP even more. Have a nice 9 dollar big mac, stalker child

https://i.rdrama.net/images/17187151446911044.webp https://i.rdrama.net/images/1735584487Pd3ql1pai5_mfA.webp https://i.rdrama.net/images/17177781034384797.webp

Jump in the discussion.

No email address required.

>major corporation implementing exactly zero security

:#marseypikachu2:

Jump in the discussion.

No email address required.

It's rough when you have thousand or tens of thousands of developers, one dumb team can cause something like this

Jump in the discussion.

No email address required.

Combination of r-slurred PM and not my problem atmosphere.

Jump in the discussion.

No email address required.

Too common sadly, we could probably make better products with 1/3 of the headcount if everyone cared

Jump in the discussion.

No email address required.

!kino !music

Jump in the discussion.

No email address required.

Especially if you buy the cheapest of the cheapest

Jump in the discussion.

No email address required.

*indian franchisee of major corporation developing local software using local "talent"

Jump in the discussion.

No email address required.

Isn't that almost the average Indian's monthly salary tho? :marseysipping:

Jump in the discussion.

No email address required.

I truthfully do not know or care about the finances of a 3rd world :marseyww1german1: country; if you cannot pay researchers properly, then you'll be subject :marseyjurisdiction: to the bottom :marseycheeks: of the barrel

Jump in the discussion.

No email address required.

True, he should've just exploited it to get free food forever

Jump in the discussion.

No email address required.

That's what the next person will do, or rather sell the details on how to do it

Jump in the discussion.

No email address required.

Ah, just checked and apparently he's in the states.

Jump in the discussion.

No email address required.

:marseyxd: fricking McDonalds

Jump in the discussion.

No email address required.

I remember reading somewhere that all McDonald's subsidiaries have to setup their own IT infra and software and maintain them out of their own pocket, resulting in most of them being made to be as cheap as possible.

I'm not surprised at all to see they are vulnerable, but allowing clients to update the order price is incredible :marseylaughpoundfist:

Jump in the discussion.

No email address required.

Having to set up their own IT infra + sexy Indian dudeware is a recipe for this sort of thing, yeah.

Jump in the discussion.

No email address required.

lol, it had an actual order id number 1, and then went sequentially :marseyxd:

apparently the concept of uuids didn't occur to the devs

but then again neither did authentication, so idk.

Jump in the discussion.

No email address required.

These are the devs Elon wants to replace you with.

Jump in the discussion.

No email address required.

Most of the default subs are run by bots and shills.

Social media is the Matrix. Look into the ties between big tech and DARPA. The content is curated and contextualized to create a certain response in the public mind. Look up the original definition of Cybernetics.

You are human livestock and the internet is your digital enclosure. And like all good farmers, they have to make sure the herd gets their vaccines or it could mean disaster for the farm!

It's not individuals who just love vaccines making these gay pro vax memes. Someone is being paid to do it by some shitty organization likely with ties to the Rockefellers and the Vanderbilts or whatever.

Snapshots:

https://eaton-works.com/2024/12/19/mcdelivery-india-hack/:

Jump in the discussion.

No email address required.



Top Poster of the Day:
JimieWhales
Current Registered Users: 31,086
sidebar image

tech/science swag. :marscientist:

Effortposts made by SN Chads

Guidelines:

What to Submit

On-Topic: Anything that good slackers would find interesting. That includes more than /g/ memes and slacking off. If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual laziness.

Off-Topic: Most stories about politics, or crime, or sports, unless they're evidence of some interesting new phenomenon. Videos of pratfalls or disasters, or cute animal pictures. If they'd cover it on TV news, it's probably lame.

Help keep this hole healthy by keeping drama and NOT drama balanced. If you see too much drama, post something that isn't dramatic. If there isn't enough drama and this hole has become too boring, POST DRAMA!

In Submissions

Please do things to make titles stand out, like using uppercase or exclamation points, or saying how great an article is. It should be explicit in submitting something that you think it's important.

Please don't submit the original source. If the article is behind a paywall, just post the text. If a video is behind a paywall, post a magnet link. Fuck journos.

Please don't ruin the hole with chudposts. It isn't funny and doesn't belong here. THEY WILL BE MOVED TO /H/CHUDRAMA

If the title includes the name of the site, please leave that in, because our users are too stupid to know the difference between a url and a search query.

If you submit a video or pdf, please don't warn us by appending [video] or [pdf] to the title. That would be r-slurred. We're not using text-based browsers. We know what videos and pdfs are.

Make sure the title contains a gratuitous number or number + adjective. Good clickbait titles are like "Top 10 Ways to do X" or "Don't do these 4 things if you want X"

Otherwise editorialize. Please don't use the original title, unless it is gay or r-slurred, or you're shits all fucked up.

If you're going to post old news (at least 1 year old), please flair it so we can mock you for living under a rock, or don't and we'll mock you anyway.

Please don't post on SN to ask or tell us something. Send it to [email protected] instead.

If your post doesn't get enough traction, try to delete and repost it.

Please don't use SN primarily for promotion. It's ok to post your own stuff occasionally, but the primary use of the site should be for curiosity. If you want to astroturf or advertise, post on news.ycombinator.com instead.

Please solicit upvotes, comments, and submissions. Users are stupid and need to reminded to vote and interact. Thanks for the gold, kind stranger, upvotes to the left.

In Comments

Be snarky. Don't be kind. Have fun banter; don't be a dork. Please don't use big words like "fulminate". Please sneed at the rest of the community.

Comments should get more enlightened and centrist, not less, as a topic gets more divisive.

If disagreeing, please reply to the argument and call them names. "1 + 1 is 2, not 3" can be improved to "1 + 1 is 3, not 2, mathfaggot"

Please respond to the weakest plausible strawman of what someone says, not a stronger one that's harder to make fun of. Assume that they are bad faith actors.

Eschew jailbait. Paedophiles will be thrown in a wood chipper, as pertained by sitewide rules.

Please post shallow dismissals, especially of other people's work. All press is good press.

Please use Slacker News for political or ideological battle. It tramples weak ideologies.

Please comment on whether someone read an article. If you don't read the article, you are a cute twink.

Please pick the most provocative thing in an article or post to complain about in the thread. Don't nitpick stupid crap.

Please don't be an unfunny chud. Nobody cares about your opinion of X Unrelated Topic in Y Unrelated Thread. If you're the type of loser that belongs on /h/chudrama, we may exile you.

Sockpuppet accounts are encouraged, but please don't farm dramakarma.

Please use uppercase for emphasis.

Please post deranged conspiracy theories about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email [email protected] and dang will add you to their spam list.

Please don't complain that a submission is inappropriate. If a story is spam or off-topic, report it and our moderators will probably do nothing about it. Feed egregious comments by replying instead of flagging them like a pussy. Remember: If you flag, you're a cute twink.

Please don't complain about tangential annoyances—things like article or website formats, name collisions, or back-button breakage. That's too boring, even for HN users.

Please seethe about how your posts don't get enough upvotes.

Please don't post comments saying that rdrama is turning into ruqqus. It's a nazi dogwhistle, as old as the hills.

Miscellaneous:

The quality of posts is extremely important to this community. Contributors are encouraged to provide high-quality or funny effortposts and informative or entertaining comments. Please refrain from posting the following:

  • Boring wingcucked nonsense nobody cares about that belongs in chudrama

  • Normie shit everyone already knows about

  • Anything that doesn't gratifify one's intellectual laziness

  • Bimothy-tier posts

  • Anything that the jannies don't like

Jannies reserve the right to exile baby ducks from this hole at any time.

We reserve the right to exile you for whatever reason we want, even for no reason at all! We also reserve the right to change the guidelines at any time, so be sure to read them at least once a month. We also reserve the right to ignore enforcement of the guidelines at the discretion of the janitorial staff. This hole is a janny playground, participation implies enthusiastic consent to being janny abused by unstable alcoholic bullies and loser nerds who have nothing better to do than banning you for any reason or no reason whatsoever.

[[[ To any NSA and FBI agents reading my email: please consider ]]]

[[[ whether defending the US Constitution against all enemies, ]]]

[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

https://i.rdrama.net/images/1663436125937968.webp

BROWSE EFFORTPOSTS SITE GUIDE DIRECTORY Emojis & Art | Info Megathreads HOLES PING GROUPS
/h/slackernews SETTINGS /h/slackernews MODS /h/slackernews LOG /h/slackernews EXILEES /h/slackernews FOLLOWERS /h/slackernews BLOCKERS
Link copied to clipboard
Action successful!
Error, please refresh the page and try again.