Injection Vulnerabilities - or: How I got a free Burger

Поделиться
HTML-код
  • Опубликовано: 24 дек 2024

Комментарии • 520

  • @hoangtran4736
    @hoangtran4736 6 лет назад +2017

    Should have used /* */ to make it clear it was a comment

    • @landonpowell6296
      @landonpowell6296 6 лет назад +39

      Underrated.

    • @satibel
      @satibel 6 лет назад +103

      I actually saw something like that on a recipe once
      /******************\
      * comment *
      *******************
      * no ketchup pls *
      \******************/
      what I find funny about this styling is that it's a comment that would work with lot of compilers (except those that dislike \*)

    • @skaterboy708
      @skaterboy708 6 лет назад +9

      Hoàng Trần Minh or // or #

    • @AAA-bo1uo
      @AAA-bo1uo 6 лет назад +5

      This got a literal lol from me

    • @alfoncejean8826
      @alfoncejean8826 6 лет назад +15

      Axidentely inject code and the coment is never printed because it is now comented!

  • @Void_Dragon
    @Void_Dragon 6 лет назад +616

    McDonalds had a double bacon burger on their app, it was bugged. $0.00 per burger. I ordered the maximum ammount, 20. The looks on their faces, priceless like their burger.

    • @Abdega
      @Abdega 6 лет назад +8

      How long ago was this?

    • @stillred
      @stillred 6 лет назад +33

      r/thathappened

    • @TsarofTrolling
      @TsarofTrolling 6 лет назад +66

      @@stillred r/ihavereddit; r/nothingeverhappens

    • @stillred
      @stillred 6 лет назад +3

      Zenocut :D

    • @LucaBl
      @LucaBl 6 лет назад +31

      It was actually a whole double menu that was supposed to cost 9,99€, we ate nothing but mcdonalds for 3 days straight lmao but then it got fixed but i was sick of burgers for a few weeks anyways

  • @thatpersonwithamlpiconwhos2861
    @thatpersonwithamlpiconwhos2861 6 лет назад +1955

    Mc Donald’s update 1.4.3
    -Fixed free burger glitch
    -Minor bug fixes and optimizations

    • @CoolKoon
      @CoolKoon 6 лет назад +70

      Nope, this was Burger King....

    • @GRBtutorials
      @GRBtutorials 6 лет назад +38

      Yes, but that exploit could also have affected McDonald's, just like Spectre affected AMD and some ARM processors apart from Intel.

    • @poabeaving
      @poabeaving 6 лет назад +3

      Fake

    • @Tom_Carrion
      @Tom_Carrion 6 лет назад +58

      - Herobrine removed

    • @zashbot
      @zashbot 6 лет назад +3

      holy shit I found my clone

  • @ndm13
    @ndm13 7 лет назад +807

    Now I have to protect my web apps from burger injection. Thanks a lot.

    • @kas-lw7xz
      @kas-lw7xz 5 лет назад +1

      @@angelsv don't.
      Call
      Vegan
      Burgers
      Burgers

    • @want-diversecontent3887
      @want-diversecontent3887 4 года назад

      $burger$-I NEED EGG BURGER

    • @DissociatedWomenIncorporated
      @DissociatedWomenIncorporated 4 года назад +4

      @@kas-lw7xz what are we supposed to call them, sausages?

    • @memes_gbc674
      @memes_gbc674 4 года назад +1

      pixel girl vegan sausages 😳

    • @DissociatedWomenIncorporated
      @DissociatedWomenIncorporated 4 года назад

      @@memes_gbc674 good ones, like good vegan burgers, are so delicious you can barely tell the difference. That's from eating _cheap_ vegan sausage rolls, not the fancy Greggs ones. I'm not even vegetarian, I will eat meat sausages and meat burgers, I'm just trying to cut down my meat consumption. Though it will be nice when synthetic (but real) lab grown meat becomes a product rather than the various successful small scale experiments it so far is.

  • @axlrose76
    @axlrose76 7 лет назад +804

    Similar exploits like this were very common ~15+ years ago when first online shops came into existence. E.g. you could order a TV for 500€ and a refrigerator for 400€, but you would enter in the quantity field for TV -1 instead of 1. So they would charge you 500-400 = 100€ and they would send you both items.

    • @sem8973
      @sem8973 7 лет назад +96

      axlrose76 I member. Also, they used to implement an HTML option field, which could be edited, so you could change the time your order got processed (talking about fastfood chains here)

    • @MarkPentler
      @MarkPentler 6 лет назад +40

      axlrose76 client-side stuff like that was always rife for exploits. Change prices in hidden form fields etc.

    • @hausaffe100
      @hausaffe100 6 лет назад +74

      and then they wounderd why the TV stockpile is empty whe there should be 2 left?

    • @GRBtutorials
      @GRBtutorials 6 лет назад +55

      Wait... wouldn't it be 400-500 = -100 € (in other words, they *pay* you)? What you described would be if you enter the -1 in the 400 € refrigerator.

    • @tergy
      @tergy 6 лет назад +159

      I did that and they took my TV

  • @IMmoreRANDOMthanYOU
    @IMmoreRANDOMthanYOU 6 лет назад +468

    My work allowed us to add comments to an HTML job board that we had on our Intranet through an input dialogue box. I showed them that anyone could add their own code using injection, and instead of fixing it, they said "well now if anything happens, we know it was you"..... *._.*

    • @CoolKoon
      @CoolKoon 6 лет назад +192

      Yeah, that's a big hint to run from there while you can....

    • @Minecraftminer3000
      @Minecraftminer3000 6 лет назад +130

      Take that as a red flag. I wouldn't stay in there for too long, really.

    • @Tehom1
      @Tehom1 6 лет назад +104

      You're in good company. Richard Feynman had kinda the same thing happen when working on the Manhattan Project. He found that other physicists were exposing their safe combinations, writing them down in obvious places or something like that. He dutifully reported it to his bosses. The boss' reaction? Everybody, be careful of Richard Feynman. He's seen your safe combinations.

    • @user-zu1ix3yq2w
      @user-zu1ix3yq2w 6 лет назад +9

      Tehom he also guessed them based on birthdays etc. What you're saying sounds slightly inaccurate

    • @rabbitdrink
      @rabbitdrink 6 лет назад +5

      Then use it

  • @Tylonfoxx
    @Tylonfoxx 6 лет назад +79

    When I was a sysadmin I found the exact kind of raw, injectable, SQL string in the company's main web app code... which had quite a large part of the government (regions and medical sector) as a costumer. I warned the dev team (and C-levels) of this, as it's quite a serious flaw.
    It was ignored completely until I demonstrated how to dump the database into the web page itself... this came with an added "bonus": the majority of user passwords were stored in raw text, shown right there on the page!
    Now, this is completely inexcusable in anything made in C# or VB, as LINQ and Entity framework both provide protection against this and are often much faster than "home rolled" solutions if you know what you're doing. They are also both much quicker to implement, benchmark and debug.
    Additionally, by designing a secure system from the beginning, you and the company end up using less money and time down the road for fixes, court and damage control.
    Far too often programmers are told to blindly follow instructions from higher with no regard for security, or they have to keep to a tight deadline, meaning they are more often than not encouraged to jump the lowest part of the fence.
    As a developer myself, I have been told by C-levels to skimp on security measures too... needless to say, i've always either told them "no" to their face or silently implemented the nescessary measures, full well knowing it could get me into trouble (and it has).
    Needless to say, if that happened, i've told the C-levels how much trouble they and their company could get into if such a flaw was to be exploited, especially now, under GDPR, where a backlash from the court system is also a very real possibility.
    GDPR requires that companies (provided they store personal data) take as many technical (ie. dev-wise) and organizational (C-level-wise) precautions as possible to curb or limit leakage of private personal information. By this, if you develop for a company within the EU or they conduct trade with the EU (especially with individuals), I strongly encourage you to take a hard stance on security.
    The price of noncompliance is up to €20 million or 4% of the company's global revenue, whichever one is higher. Additionally you may face charges in your local nation if the security standards are deemed poor. Also the price might become much, much higher in the end... especially if media gets involved.
    For all the downtrodden programmers and developers out there: Remember, you are the experts, you have final control of what to add, you have the say if you see a problem. If you get ignored or get in trouble for that, act loyal and in the company's interest. If C-level still aren't satisfied, leave... immediately!

    • @Notski
      @Notski 4 года назад +8

      @@Tylonfoxx I was so confused... I thought you were trying to write a code syntax there.
      Just say fuck. It doesn't matter in the comment section, you won't get monetized here anyway ;)

  • @DigitalYojimbo
    @DigitalYojimbo 6 лет назад +73

    1 COUNTRY BURGER 1,49 €
    1 extra patty ,99 €
    I know it probably won't work.

  • @benjulesprice
    @benjulesprice 6 лет назад +482

    next time make the comment COUNTRY BURGER so it is in bold like the other items ;)

    • @benjulesprice
      @benjulesprice 6 лет назад +63

      and change the price to make it a bit lower

    • @Xevailo
      @Xevailo 6 лет назад +304

      I did some further research:
      The printer of these recipies uses a monospaced font with a line-width of (at least) 42 characters, counting from the quantity Integer to the Euro-Sign. In good IT-Fashion, I shall label the first column with the Order Quantity as Column 0, hence the € sign is in Column 41.
      ITEM NAMES:
      - the order quantity for single-digit quantities is printed in Column 0
      - the name of the ordered item starts in Column 2
      - the name is printed in all CAPS and has NO Symbol at the end
      - the name and quantity are aligned to the left
      ITEM EXTRAS:
      - extras to the order such as extra Bacon are written one line underneath the order
      - the extras have a offset of 2 chars, placing the quantity in Column 2
      - extras are not written in caps, but in normal writing (first Upper for nouns, rest lower)
      - like the order name itself, the extras are aligned to the left
      PRICING:
      - the prices are aligned RIGHT, placing the € sign in Column 41
      - prices have two decimal places after the comma (Column 37) and an additional space between the price and the € sign
      - thus prices start in Column 36 for items less than 10€ and in Column 35 for orders >10€
      (if you order >100€ you don't need this trick, stop reading)
      COMMENTS:
      - Comments are placed ABOVE the list of ordered Items
      - there are at least three rows padding between the Comment and the Order
      - apparently Comments are center-aligned on column 20 (judging by the placement of "ersetzen")
      - it is UNCLEAR if comments are allowed to reach into Column 0 and Column 40/41/42
      - it is also unclear how comments that are >42 characters in one line are wrapped on the next best space or mid-word, and where exactly the limit of chars per line is
      ==================================================================
      CONCLUSION:
      Under the presumption that Comments are not allowed to start in Column 0, it would be best to start the comment with a Space, thus placing the Item Name in Column 2 just like the other items. This way, it looks like the printer simply "swallowed" the quantity. The comment is then to be padded with Spaces to a length of 35 characters total. Then (hoping the line break occurs after Column 39) the price is appended to the comment. I would not use a € sign but end the line after the second decimal place, as that way we are guaranteed to stay within a unbroken width (as the "e" of "Soße" is clearly in Column 39, above the second decimal places).
      Since it is unclear wether HTML formatting is allowed or not, I would try that in a unsuspicious way by saying something like "Please with NO pickles, since I am Allergic". This way even IF the formatting is printed verbatim AND someone asks unpleasant questions, you can always argue that you tried that since it is of literally vital importance and you wanted to make that clear.

    • @PatrikKron
      @PatrikKron 6 лет назад +31

      Xevailo Intresting and well researched comment!

    • @memoriasIT
      @memoriasIT 6 лет назад +3

      Xevailo kudos on that lol

    • @jbexta
      @jbexta 6 лет назад +29

      I'd rather just pay for the burger

  • @ishikani
    @ishikani 6 лет назад +73

    SQL injection? No.
    XSS injection? No.
    HTML injection? No.
    Real-life injection? Yes.
    Hotel? Trivago.

    • @ishikani
      @ishikani 6 лет назад

      @ArraysStartAtThePowerOf0 :lul:

    • @兽Arufisu
      @兽Arufisu 4 года назад

      html injection are part of xss bruh

    • @2k7u
      @2k7u 4 года назад

      THAT I DID NOT EXPECT

  • @LightsJusticeZ
    @LightsJusticeZ 6 лет назад +15

    Team Fortress 2 on the Orange Box for the Xbox 360 had something similar to this. You needed a program to bypass one thing but it was an easy process. The game engine, Source, had built in commands that you could execute using Xbox Gamertags. All you needed to do was create a bunch of offline gamertags on the Xbox, transfer them over to a USB drive, load up the USB drive into a computer, then load the profiles into a program that could rename them to anything. The program was needed because the only way to issue a command would be like ";r_gravity 100" and needed to use special characters that would normally not be acceptable. Then after renaming them to all commands, just load the USB back into the Xbox, and sign into each profile to inject a command while in the game.

  • @hoangtran4736
    @hoangtran4736 6 лет назад +136

    Once some guys drove around with injection code printed out in paper and taped over their license plate. They would intentionally go over the speed limit, causing the camera to photograph them and automarically scan the picture for the license plate. After the cde was injected in the camera it would delete everything in the tempoary storage, practically erasing every instance of speeding before the cops could collect the data at the end of the day.
    Some heroes don't wear capes.

    • @isaacp1218
      @isaacp1218 6 лет назад +15

      This is an interesting concept. I wonder how they knew what code the cameras were running. I assume it would be a custom OS. Speed cameras wouldn't just run Windows XP.
      Where was this done?

    • @AAA-bo1uo
      @AAA-bo1uo 6 лет назад +20

      Hoàng Trần Minh
      Doubt... but possible?
      He'd have to know how the camera's system operates.. if the system polls the database for the license number then it is possible if it is not a prepared statement, but there are many things into this that makes me think it's fake.

    • @isaacp1218
      @isaacp1218 6 лет назад

      AA A Try it out and let us know

    • @TheGrooseIsLoose
      @TheGrooseIsLoose 6 лет назад +1

      Isaac P,
      While this situation does seem unlikely (but possible) to me, it wouldn’t be unreasonable to assume it was some common OS. I’ve seen many similar types of systems, and they tend to just run some version of Windows or Linux (or sometimes some other Unix-like OS), and if not, they still could have insider knowledge of the system.

    • @isaacp1218
      @isaacp1218 6 лет назад +2

      Nothing But The Austin I guess that's true. Windows is everywhere. One time I went to a bank to register for an account and their machines ran windows XP.

  • @Littlefighter1911
    @Littlefighter1911 6 лет назад +19

    I'd like to have a "Cheese Burger'); DROP table Burgers;"

  • @kxdsh
    @kxdsh 4 года назад +3

    Normal people: oh cool got a free burger accidentally
    This dude: Burger injection vulernability

  • @LStranck
    @LStranck 7 лет назад +321

    Fake
    Address is not 127.0.0.1

    • @whateverppl1229
      @whateverppl1229 6 лет назад +14

      there's no place like home
      there's no place like home
      there's no place like home

    • @hanro50
      @hanro50 6 лет назад +12

      Do you wish to access *LocalHost*

    • @rabbitdrink
      @rabbitdrink 6 лет назад +15

      Wait that's MY WEBSITE STOPPPPPPP

    • @Thect
      @Thect 6 лет назад

      @@rabbitdrink dddddooooonnnnnnn'''tttt pppppaaaannnniiiiicccccc!!!!!!

  • @brian-beeler
    @brian-beeler 6 лет назад +61

    Holiday Inn's reservation system, Holidex, had a comment field for requests by the guest which *the guest could see on their receipt* and a field for internal-only comments from employees that the guest couldn't see. So a reservation's agent wrote "Guest is an a**hole" in the wrong field and that comment was printed on her reservation and receipt along with the commenter's name. Hilarity issued.

    • @Tylonfoxx
      @Tylonfoxx 6 лет назад +6

      These errors are alwyas funny...
      But they're also a very important lesson in tailoring a UI to prevent these mistakes, especially if the target group are amateur computer users that use the system in a stressful environment :-)
      It also stresses my biggest pet peeve of software development; that devs never get to observe and talk to the target group to gauge their abilities and cast light on the specific needs of the target group. Often there are consultants involved and said "consultants" neither understand or have the academics to see the things that are required by a dev to make an optimal solution ot to know what is and isn't possible. Combine that with unrealistic deadlines and other corporate "fluff" it's very understandable that so many solutions out there are so badly made as they are.
      In the end, the dev has to do much more work to fix and correct bugs, as well as fix broken expectations, instead of the company being able to cash in the money and reputation and move on to the next project...

    • @Valery0p5
      @Valery0p5 2 года назад

      This happened recently with an homophobic insulat...

  • @c0ldw1nd27
    @c0ldw1nd27 6 лет назад +31

    That is like when a guy changed the number plate of his car with an SQL query that droped all the tables.

    • @isaacp1218
      @isaacp1218 6 лет назад +4

      Where and when did this happen? I'd like to research this more.

    • @AntiAtheismIsUnstoppable
      @AntiAtheismIsUnstoppable 5 лет назад +1

      It might be a story based off on a Tech Talk about airplane tickets. Which you actually could use SQL injections back in time at check in, for example in the name field.
      An even more advanced attempt was made using EAN codes, which some of the standards you can exploit as well.

    • @bamberghh1691
      @bamberghh1691 4 года назад +1

      Found this but no info that it worked :( hackaday.com/2014/04/04/sql-injection-fools-speed-traps-and-clears-your-record/

    • @ees4.
      @ees4. 2 года назад +1

      I believe this was unintentional. The channel Half as Interestirng has a video on something like this, although I don't know if this was the same ocurrence of licence plate SQL injection.

  • @bananaFPS
    @bananaFPS 6 лет назад +21

    i just wanted how to know how to get free burgers, didn’t realize this was for programming

  • @quantumbracket6995
    @quantumbracket6995 6 лет назад +83

    burger overflow = diabetes

    • @nmmeswey3584
      @nmmeswey3584 4 года назад +2

      it actually underflows to malnourishment

  • @christopherhorton1995
    @christopherhorton1995 6 лет назад +6

    I worked at chipotle for a while and when you just glance down at online orders I have made an extra item of food more than once. With the hurry to get the item out the door it’s pretty easy to mess up

  • @ChrisTuttlePlant
    @ChrisTuttlePlant 6 лет назад +19

    Bobby tables would have loved this

  • @Aff3ct000
    @Aff3ct000 7 лет назад +51

    Inject it to look identical to the lower order section. See if bolding is possible in the comments field. You could make an order of full comments and possibly one actual .99p item.

    • @anasarkawi4331
      @anasarkawi4331 7 лет назад +11

      man you're so bad

    • @LStranck
      @LStranck 7 лет назад

      I think i will try it

    • @base4037
      @base4037 6 лет назад

      @@LStranck did it work?

    • @25566
      @25566 6 лет назад

      @@base4037 it wont work because if you add shit at the top and then just pay for fries the bill will be way lower than it should

    • @TheGrooseIsLoose
      @TheGrooseIsLoose 6 лет назад

      # You’d have to order enough food that the free item doesn’t make the price stand out.

  • @cyancoyote7366
    @cyancoyote7366 7 лет назад +113

    Wait... would using the comment section to make it look like it has a less price than it actually has, and using full-width charactes also work? Full-width characters on receipt printers look almost indistinguishable from bold characters, I will have to test this.
    1 CHEESEBURGER           0.99€

    • @ArbelFS3
      @ArbelFS3 7 лет назад +1

      You might be onto something!

    • @DarklinkXXXX
      @DarklinkXXXX 7 лет назад +8

      Do they even render full width characters?

    • @cyancoyote7366
      @cyancoyote7366 7 лет назад +8

      upload.wikimedia.org/wikipedia/commons/0/0b/ReceiptSwiss.jpg
      Probably. I haven't tried it yet.

    • @AgentM124
      @AgentM124 7 лет назад +2

      and it won't be counted towards the total price

    • @deadp4nda457
      @deadp4nda457 7 лет назад +10

      Agent M Noone checks if the total price is correct (at least at Fastfood restaurants) so it should be fine if he orders more than just a cheeseburger. Actually in this case the price of the commented cheeseburger shouldn't be lowered to disguise it even more since he should get it for free anyway.

  • @SebastianVetter
    @SebastianVetter 7 лет назад +15

    "Burger Injection Vuln" I want to see this vuln on my customer pentest reports ^^

  • @lukelastname1020
    @lukelastname1020 6 лет назад

    I had little to no idea of what code injections were before now. Mind blown. Thanks! Great help!

  • @Vladeeer
    @Vladeeer 6 лет назад +22

    Today i had a conversation about how someone bought a whole shopping card of fruits for less then a dolllar. It's been only noticeable after that person had left the shop, as the total price seemed a little off. There is a self serving machines at the shop that has it's weight calculator broken. So on the recipient it is displaying a fixed weight of 0.012 KG for each bag of fruits and vegetables. Looking through the receipts now it's hard to notice the pattern straight away, due to the large quantity of products it has. Tomorrow I'll go and try buy something from the same spot and see if it's still happening.
    Btw, this vid was on top of my home feed, those consequences sometimes makes me wonder if my phone is listening to me xD

    • @Tylonfoxx
      @Tylonfoxx 6 лет назад +1

      Important lesson for all users: Never implicitly trust an IT system :-)

  • @mthwr
    @mthwr 6 лет назад +2

    Went from a great story to a fucking lesson real fast

  • @user-wq2kj8vr5i
    @user-wq2kj8vr5i 6 лет назад

    your illustrations, story and style is awesome! I could keep on bingeing on your other videos. What you've explored and experimented are really good dude!

  • @albiin900
    @albiin900 6 лет назад +2

    You make top quality content from really stupid things. Love it!

  • @agoatwithnonamd
    @agoatwithnonamd 6 лет назад +30

    Hackerman

  • @alitomix
    @alitomix 5 лет назад

    Some shops don't verify the sign of quantity, and you can request for -1 t-shirt, but how the payment bridge can't pay you back, you can buy -1 t-shirt and +1 another t-shirt so that is $0, but if the payment bridge refuses because need a min of payment, you can play with that.... -1 t-shirt + +2 t-shirt to get 1 free t-shirt on the price of 1

  • @MeanSoybean
    @MeanSoybean 6 лет назад +1

    That was a nice analogy. Well done mdude

  • @gteixeira
    @gteixeira 4 года назад

    I used to work for McDonald's developing the back end software. It was really complex and prone to exploits and, whenever these happened, McDonald's would typically honor the order, as they were learning with the mistake.

  • @laharl2k
    @laharl2k 4 года назад

    Lol this example is brilliant. I couldnt had thought of a better irl analogy than this.

  • @ifconfigurator
    @ifconfigurator 6 лет назад +1

    There's a bug with the McDonald's app where a certain validation error (I won't go into it until they fix it) will add the burger to your order without adding the cost. The receipt ends up with the cost added up - and another item for an "online price mismatch" negating that amount.
    End result: I get a free burger. Found be accident when I received four more burgers than I had ordered.

  • @skyeturner5003
    @skyeturner5003 6 лет назад

    Should've put the burger at the end, and made it bold for emphasis, and made sure it was the correct burger by putting the price next to it.

  • @MoeZarella
    @MoeZarella 7 лет назад +75

    gleich mal bei bk bestellen... :P

  • @eminence_
    @eminence_ 6 лет назад

    This is cool. There was a game this one joint put up on Facebook. Get three stars in a row and you get a burger. Didn't take me long to figure it out and after some basic memory manipulation, I received an email. Printed it out and went to the nearest restaurant they had. They were so hesitant to give me a free burger but luckily one manager knew about the game and confirmed my printed email was legit. Needless to say, the burger tasted good (:

  • @DowzerWTP72
    @DowzerWTP72 6 лет назад

    "So what does this teach us"
    It teaches us that you now know that it's possible with that food place, and you have the receipt, so you can now do this trick and get free food!

  • @TianyuQi
    @TianyuQi 4 года назад

    Imagine comment
    Country Burger 1.5
    next time when you go to Germany and order online

  • @kieranhendy
    @kieranhendy 3 года назад

    I was half expecting him to say he re-ordered using formatting to make the comment look identical to the items on the order lol

  • @SyphistPrime
    @SyphistPrime 6 лет назад

    This reminds me of all the times I get free food at the Wendy's I like to go to. The employees don't understand what substituting the fries means so I would end up with free fries all the time.

  • @PsychotherapistSam
    @PsychotherapistSam 6 лет назад +80

    I KNEW YOU WERE GERMAN, HA!
    Or you just live in germany :3

    • @philippirl
      @philippirl 6 лет назад +11

      Oder er lebt in einem anderen deutschsprachigen Land.

    • @PsychotherapistSam
      @PsychotherapistSam 6 лет назад +6

      Wollte ich damit auch irgendwie sagen, einfach doof formuliert xd

    • @joejoe4games
      @joejoe4games 6 лет назад +4

      naja gibt nicht wirklich viele deutschsprachige länder mit dem "€" als Währung, eig. nur DE und AT und da DE ca. 10x Einwohner hat ist es die wahrscheinlicherere Antwort...

    • @philippirl
      @philippirl 6 лет назад

      So kann man es auch sehen.

    • @CoolKoon
      @CoolKoon 6 лет назад +13

      "I KNEW YOU WERE GERMAN, HA!" - Many of his other videos and his accent is a dead giveaway....

  • @jamesflames6987
    @jamesflames6987 6 лет назад

    This is life changing.

  • @ri-gor
    @ri-gor 6 лет назад

    Great analogy, man!

  • @RhysTheTroll
    @RhysTheTroll 6 лет назад +1

    Use bold text on the site to print bold on the receipt therefore making it indistinguishable.

  • @Kamel419
    @Kamel419 6 лет назад

    fantastic explanation, loved the burger injection exploit

  • @Tomytoka
    @Tomytoka 6 лет назад +1

    could you explain how they make the coupons for ordering sites online?? they just gave me one copupon for a 10 pesos discount and it said it was on use. so that makes me wonder how they generate the coupons

  • @bas_kar_na_yar
    @bas_kar_na_yar 6 лет назад

    The title gave me so much hope..

  • @PHAD-tc2ic
    @PHAD-tc2ic 6 лет назад

    It's the vulnerability of lax behaviour of the programmer, not an injection vulnerability! We must keep on our toes!

  • @sierra991
    @sierra991 6 лет назад

    idk why but this online textbook thing that we did at school allowed you to use the tag for some reason oh and html and css

  • @jubbelidiot
    @jubbelidiot 6 лет назад

    The very same thing happened to me once, I also offered to pay, but the guy said it was fine. In my case though, I noticed the comment, deleted it, and it was still sent to the store.

  • @rabbitdrink
    @rabbitdrink 6 лет назад

    I'd try looking into whether you can find documentation for the printer and see if you can inject anything else into your receipt

  • @dustynakaandbjrn7792
    @dustynakaandbjrn7792 6 лет назад

    This is an awesome example.

  • @redactedllc.1864
    @redactedllc.1864 7 лет назад

    Love your channel

  • @TheLucasWing
    @TheLucasWing 6 лет назад

    You could make the comment look like a purchase by adding a price at the end

  • @kaninchengaming-inactive-6529
    @kaninchengaming-inactive-6529 5 лет назад +1

    Don't you just hate it when you accidently hack your nearby Fast Food Restaurant?

  • @theosls3820
    @theosls3820 7 лет назад +1

    Did you pay on delivery or did you paid online?
    I've had a similar experience (with a discount) but I still had to pay my order, even if it was their mistake.

    • @Setep2k
      @Setep2k 7 лет назад +2

      it was probably paid online since the top says "bereits bezahlt" which translates to already paid

  • @4crafters597
    @4crafters597 6 лет назад

    Noch ein Deutscher Programmierer.
    Schön zu sehen
    Gute Aussprache und guter Content!

  • @jody5661
    @jody5661 6 лет назад

    You are awesome!

  • @ThePikmania
    @ThePikmania 6 лет назад

    Wow, dein und Kurzgesagts Englisch ist das Einzige was ich bisher gehört habe, wo es nicht sofort erkennbar ist, dass man Deutscher ist. 👍

    • @tiloalo
      @tiloalo 6 лет назад

      Because you're German ^^

  • @Vitorruy1
    @Vitorruy1 6 лет назад

    SQL should have built in injection prevention. Every single program from every single system should not have to remember to filter queries all the time.

  • @ThePamimo
    @ThePamimo 5 лет назад

    I kinda dont get this.. well i do know what happens, but basically how do you avoid this as a host.
    I mean couldnt you end any string with a ") or whatever the respective language uses.
    How would you ever teach a programm what the users end of input is and where the actual end of input is?

  • @ergo6450
    @ergo6450 6 лет назад

    This is think out the box !

  • @VideoNOLA
    @VideoNOLA 5 лет назад

    We used to do this in AOL chat rooms to make it look like another user was an assist, by typing an invisible carriage return + his name + colon + inane comment, such as....
    VideoNOLA: Who here wears orange underwear?
    Patrick1001: I wear orange underwear!

  • @jagc2206
    @jagc2206 6 лет назад

    This is one of the reasons why I prefer compiled languages.

    • @satibel
      @satibel 6 лет назад

      char buff[15];
      int somethingimportant = 0;
      gets(buff);
      a buffer overflow is the same thing.
      basically, you're writing into memory, and if you can access the stack, you can execute whatever you want.
      some are more complicated than others, but some websites really don't like >2GB usernames.

  • @Mr784_
    @Mr784_ 6 лет назад

    Burger injection sounds funny haha xD but u nailed it bro! Very nice

  • @NuclearDesert
    @NuclearDesert 6 лет назад +1

    I like what i've watched so far ;) kinda wanna get back to learning C++ again xD HÄSHTAG Subscribed

  • @AJ12Gamer
    @AJ12Gamer 6 лет назад

    Thanks! I will use this injection vulnerability to have a burger payload.

  • @bagandtag4391
    @bagandtag4391 6 лет назад

    Hackerman hacks a human being.

  • @figloalds
    @figloalds 5 лет назад

    I lost it at "UNINTENDED SOCIAL ENGINEERING ATTACK" 🤣

  • @OpenKeith
    @OpenKeith 5 лет назад

    Thanks for telling me how to get free food, J. Random Sushi Restaurant won't know what hit them

  • @MatteoBucci95
    @MatteoBucci95 6 лет назад +2

    I was thinking exactly the same thing some days ago while ordering a pizza online :) Why if you copy the exact layout of all the receipt and then make it looks like there are two different receipt from your single order? :D

    • @PatrikKron
      @PatrikKron 6 лет назад +1

      Matteo Bucci Oh, smart, that would probably work (though I don’t think it should be tried)

    • @tiloalo
      @tiloalo 6 лет назад +1

      It would be a scam and you could be charged for it... not sure that it's worth it for a pizza.

  • @vanshajrai6089
    @vanshajrai6089 6 лет назад

    Once I asked for Keema as an extra topping on my Ultimate chicken pizza from pizza hut and they gave me a separate Keema pizza for free

  • @pgibsonorg
    @pgibsonorg 4 года назад

    Just to be clear, they are not making food based on paper tickets or your receipt, your comment would come up on a digital screen in the same font as the itemized order.

  • @noamw3841
    @noamw3841 7 лет назад +2

    Wow, I learned few days ago about sql injection, and this video is a perfect example (and explanation )of what happened. great job!

  • @angish1
    @angish1 4 года назад +1

    2:38 : Minecraft hurt sounds

  • @jhbonarius
    @jhbonarius 6 лет назад

    Interesting... Gonna try that a time.... However I don't know if BK delivers here...

  • @TheGamingSyndrom
    @TheGamingSyndrom 6 лет назад +1

    I would suggest you hit enter once after
    "COUNTRY BURGER"
    So the comment comes in the line beneath like with the other items

  • @LegendConsole
    @LegendConsole 6 лет назад

    So I have a pizza hut near me that I can easily fool for free food. What I would do is order a Meat Lovers pizza online but take out one of the meat toppings. since Meat lover usually means all of these meats they never really check the order. when I get the wrong order or if someone checks after the pizza has already been made and it was wrong, I usually end up getting the pizza with the incorrect things plus the pizza with the correct toppings for no extra price.

  • @zyxwvutsrqponmlkh
    @zyxwvutsrqponmlkh 6 лет назад

    No. I NEED to be able to execute bitmaps and wave files. For reasons.

  • @darthmath1071
    @darthmath1071 7 лет назад

    only 27k... you deserve at least 20 times more but still gg :P

  • @r.pizzamonkey7379
    @r.pizzamonkey7379 5 лет назад

    Bug report:
    UNPATCHED Burger Injection Vulnerability (BIV)
    Threat level: Severe

  • @Shigbeard
    @Shigbeard 4 года назад

    Rule 1: Never trust the client. Nothing the client sends to the server can be truly trusted, and must always be sanity tested, sanitized for potential string escapes, etc.

  • @TheCorship
    @TheCorship 5 лет назад

    Especially because you already paid, so they didn't bother rechecking if the overall price is correct.

  • @klobiforpresident2254
    @klobiforpresident2254 6 лет назад

    What if you ordered a burger with the comments being something akin to XKCD's name in "Exploits of a Mom" (can't remember the number)?
    Also, I'm curious, do you simply not like the King sauce or is it not vegan and as such you changed it (I'm guessing you're vegan based on the request for such a sauce)?

    • @Jono997
      @Jono997 5 лет назад

      I think he just likes the vegan sauce better. He's probably not vegan because HE'S ORDERING A BURGER FOR CRYING OUT LOUD.

  • @Viewer2812
    @Viewer2812 6 лет назад

    I didn't download this video... How did this get here?

  • @EhRandomGuy
    @EhRandomGuy 6 лет назад

    What a funny mess up from Burger Kings

  • @AzraelFM
    @AzraelFM 6 лет назад

    Wo hast du bestellt ?

  • @nopparuj
    @nopparuj 6 лет назад

    I’m new at programming and this is what i understand :
    Normally comment field will look like this
    comment “”
    But if you put *“ somecommand “* in it
    Then it will be something like this
    comment “ “ somecommand “ “
    Which mean _comment_ will be “ “
    And also run _somecommand_ too
    Is what i understand right? If not please explain a bit, thanks.

    • @satibel
      @satibel 6 лет назад

      basically yes for example in php+sql you would do something like
      hello'); DROP TABLE USERS;--
      because the original request is something like
      SELECT * FROM users where (name='.$_GET['username'].' and password='.$_GET['pwd'].');
      .$_GET['username']. is replaced with hello'); DROP TABLE USERS;--
      giving
      SELECT * FROM users where (name='hello'); DROP TABLE USERS;-- and password='.$_GET['pwd'].');
      the -- indicates the rest of the line is a comment, and so the sql processor does the select request, and then deletes the table named users.
      luckily dumb instances like that are kinda rare, but they still exist on some servers no one's been bothered to update, and anyway, it works so why update it? (because one day or another it's going to be broken by some kind without anything better to do)

  • @CZghost
    @CZghost 6 лет назад

    I wouldn't bother about it. I see a free burger, say "My bad, totally forgot" and enjoy my free meal :D :D

  • @elbarto8282
    @elbarto8282 6 лет назад +1

    I really thought you were going to exploit it, and write a comment simulating an actual order with bold letters and a price.

  • @DerSolinski
    @DerSolinski 6 лет назад +3

    Did he just misused a poor low priority thread who made a small mistake as a segway to teach about injections?
    Monster.

  • @dxsp1d3r
    @dxsp1d3r 6 лет назад

    Your explanation is very good
    Are you there on LinkedIn

  • @itaybarok9405
    @itaybarok9405 2 года назад

    Great Video

  • @l_szabi
    @l_szabi 4 года назад

    Next time I order I'm gonna comment "1 CHEESEBURGER $1.49"
    Just for pentesting reasons of course...

  • @mr.masterbit2045
    @mr.masterbit2045 6 лет назад

    Ich arbeite bei Burger King im Lieferservice! Der Von ist anders,aber die Bestellungen laufen normal über ein System namens arrival ab. Eine Bestellung kommt an, wir müssen es ausdrucken, aber auch gleichzeitig in die Kasse eintragen. der sogenannte Hack, funktioniert hier leider nicht, da wir, also die Lieferfahrer, immer den Preis mit den Items abgleichen sollen. das heißt, steht auf den Kassenbon, und dementsprechend auch im System ein anderer Preis, als ich im kassensystem eingegeben habe, müsste ich das aus eigener Tasche bezahlen.

  • @norgeek
    @norgeek 6 лет назад

    Now I'm hungry and want a chilicheese burger but they don't deliver here :(

  • @ToxicallyMasculinelol
    @ToxicallyMasculinelol 5 лет назад

    my god, what on earth is a CHICKEN NUGGET BURGER

  • @mobalol7549
    @mobalol7549 6 лет назад

    Isn't there a way to make the text bold tho and just add a price at the end