- This trending Twitter hashtag is a lot less sexy than you think Sunday 7:23 PM
- TikTok users share life-changing realizations they’ve had while in the shower Sunday 7:04 PM
- People are torn over viral TikTok of girl cleaning friend’s room Sunday 4:01 PM
- Did Pete Buttigieg seriously just rip-off a famous Obama speech? Sunday 2:50 PM
- The most dangerous TikTok challenges we’ve seen—so far Sunday 2:22 PM
- PewDiePie wants Bernie Sanders to host meme review Sunday 1:44 PM
- Hilary Duff records confrontation with ‘creep’ taking photos of kids Sunday 1:08 PM
- BTS may have used Twitch streamer’s voice in song without permission Sunday 12:15 PM
- Gigi Hadid absolutely obliterates Jake Paul over Zayn Malik diss Sunday 10:26 AM
- People really want Chris Matthews fired after he compared Sanders’ Nevada win to Nazi invasion of France Sunday 9:35 AM
- Bernie Sanders wins Nevada Caucuses Saturday 6:54 PM
- MSNBC is out of its mind over Sanders leading Nevada Saturday 5:20 PM
- Kim Kardashian dragged for using makeup to darken her hands Saturday 4:13 PM
- TikTok users show how they turned their vehicles into incredible tiny homes Saturday 3:44 PM
- Woman iconically pranks man who sent her an unsolicited d*ck pic Saturday 2:25 PM
Domino’s Android app allowed for fake payments resulting in unlimited free pizza
Sorry, Domino’s has fixed the bug.
The latest benefit to having even basic coding skills is access to unlimited free Domino’s pizza. At least it was until Paul Price, a security consultant from the UK, notified the chain of the delicious payment flaw he discovered.
In his blog titled Domino’s: Pizza and Payment, Price describes intercepting and changing the values of code given by Domino’s payment gateway Datacash after he had attempted to pay with a made-up credit card number through the Domino’s Android app.
As expected the card is declined and the App shows an error message. Let’s try our luck by intercepting the response and changing some values around. I start a new order and set breakpoints on the HTTP endpoint for the DataCash API. Once the breakpoint triggers on the response, I change the <reason> attribute value to ACCEPTED and <status> to 1 (which means transaction accepted according to the DataCash documentation).
The payment went through and Domino’s Pizza Tracker notified him that his pizza was being prepared. Price still wasn’t convinced that the modification he made wouldn’t be stopped somewhere down the line so he called up his local Domino’s to find out how far his fake payment went. Turns out Price was 20 minutes away from devouring a pizza he didn’t pay a pence to purchase, a bittersweet moment as he described it.
My first thought:awesome. My second thought: shit.
Price took the high road and told the delivery driver of the flaw with payments made using Domino’s mobile application. Domino’s has since resolved the issue.
“We take security extremely seriously and discovered this issue last year during one of our frequent reviews. We are pleased to say it was resolved very quickly,” Rod Brooks, Domino’s head of IT, told Motherboard in a statement.
What is interesting to note is that Price cites the incident as having occurred three years ago, and Domino’s claims to have discovered the issue just last year. That’s a lot of free pizza for those whose taste buds fought off their conscience.