top | item 30933345

(no title)

When I was in college my friend figured out a major fast food chain had a flaw in its API with the way it validated coupon codes.

The server validated that the coupon code was legitimate, but the actual discount value of the coupon code was validated client side in JS for some reason.

So he could turn any 10% off coupon into a 100% off coupon by modifying the API requests during the checkout flow. I'm sure this was illegal but he ate a lot of free fast food before they ever fixed it.

discuss

No comments yet.