[HN Gopher] Exploiting McDonald's APIs to hijack deliveries and ...
       ___________________________________________________________________
        
       Exploiting McDonald's APIs to hijack deliveries and order food for
       a penny
        
       Author : 2bluesc
       Score  : 33 points
       Date   : 2024-12-19 15:29 UTC (7 hours ago)
        
 (HTM) web link (eaton-works.com)
 (TXT) w3m dump (eaton-works.com)
        
       | bluetidepro wrote:
       | All that work for ONLY a $240 Amazon gift card is absolutely wild
       | to me. It still surprises me that people choose not exploit these
       | things when these mega corporations basically award them pennies
       | for finding major vulnerabilities like this.
        
         | joeyagreco wrote:
         | +1 to that. McDonald's is sending out a clear message that
         | exploits and vulnerabilities in the future will NOT be rewarded
         | when reported to them.
        
         | lern_too_spel wrote:
         | I was going to complain about that, but then I looked at their
         | bug bounty program: https://mcdelivery.co.in/bug-bounty
         | 
         | "The reward for a valid bug will be Rs. 2,500/- (Rupees Two
         | Thousand Five Hundred only) in the form of coupons (applicable
         | only in McDonald's India West & South). Such coupons shall
         | need to be used within the validity period mentioned therein
         | and shall not be, encashable or transferable."
         | 
         | That's less than $30 per bug _in non-transferable McDonald 's
         | coupons_ that only work in India, which is thousands of miles
         | away from the bug reporter. Compared to what he thought he
         | would get, a $240 Amazon gift card is a good deal.
        
       ___________________________________________________________________
       (page generated 2024-12-19 23:01 UTC)