/Eaton Zveare

Exploiting McDonald’s APIs To Hijack Deliveries And Order Food For A Penny tl;dr: “I took a step back and looked at the cart object and an idea came to mind. The cart object was able to accept item updates, but could it accept price updates too? I put together a PUT request to update the price. Surprisingly, it worked.”

featured in #576