How A Hacker Got Chance To Get Free Pizza For Life Due To A Bug In Pizza App



What will you do if you find out a way to get free pizza for life? Even if you are a responsible and honest person, this offer is enough to test you.

The same situation was presented in front of Paul Price, a security consultant from the UK, who found a bug in the British version of Domino’s Pizza app. He found that app’s API didn’t process the payments correctly.

As a result, if a user had enough technical knowledge, it would allow him/her to take advantage of the loophole and trick the pizza ordering application to accept invalid payments and ordering a free pizza.

“Errr, what? It looks like my order was placed without a valid payment,” Price wrote in a blog post. “Surely this is an oversight/edge case and Dominos’s will have back office checks in place before physically starting to prepare my order…right?”

Well, Price didn’t believe if the trick worked. So, to confirm the same, he called Domino’s to double check and he came to know that his pizza was being prepared.

“I called the store and they confirm they have received my order and it will be delivered within the next 20 minutes. My first thought:awesome. My second thought: shit” — he writes in his blog post.

It turns out that when the pizza came at his doorstep, Price told the delivery guy that there must have been a mistake with the order as he never made the payment. So, he paid £26 and kept his conscience clean.

Domino’s Pizza have since resolved this bug. So, Price decided to share the story with others.

“We take security extremely seriously and discovered this issue last year during one of our frequent reviews. We are pleased to say it was resolved very quickly,” says Rod Brooks, Domino’s head of IT.

— Paul Price

Source: http://fossbytes.com
Share on Google Plus

About Seang Anouksar

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment

0 comments:

Post a Comment