Pointer
Sponsorship
/Eaton Zveare
Exploiting McDonald’s APIs To Hijack Deliveries And Order Food For A Penny
#Security
tl;dr:
“I took a step back and looked at the cart object and an idea came to mind. The cart object was able to accept item updates, but could it accept price updates too? I put together a PUT request to update the price. Surprisingly, it worked.”
featured in
#576