I actually saw something like that on a recipe once /******************\ * comment * ******************* * no ketchup pls * \******************/ what I find funny about this styling is that it's a comment that would work with lot of compilers (except those that dislike \*)
McDonalds had a double bacon burger on their app, it was bugged. $0.00 per burger. I ordered the maximum ammount, 20. The looks on their faces, priceless like their burger.
It was actually a whole double menu that was supposed to cost 9,99€, we ate nothing but mcdonalds for 3 days straight lmao but then it got fixed but i was sick of burgers for a few weeks anyways
@@memes_gbc674 good ones, like good vegan burgers, are so delicious you can barely tell the difference. That's from eating _cheap_ vegan sausage rolls, not the fancy Greggs ones. I'm not even vegetarian, I will eat meat sausages and meat burgers, I'm just trying to cut down my meat consumption. Though it will be nice when synthetic (but real) lab grown meat becomes a product rather than the various successful small scale experiments it so far is.
Similar exploits like this were very common ~15+ years ago when first online shops came into existence. E.g. you could order a TV for 500€ and a refrigerator for 400€, but you would enter in the quantity field for TV -1 instead of 1. So they would charge you 500-400 = 100€ and they would send you both items.
axlrose76 I member. Also, they used to implement an HTML option field, which could be edited, so you could change the time your order got processed (talking about fastfood chains here)
My work allowed us to add comments to an HTML job board that we had on our Intranet through an input dialogue box. I showed them that anyone could add their own code using injection, and instead of fixing it, they said "well now if anything happens, we know it was you"..... *._.*
You're in good company. Richard Feynman had kinda the same thing happen when working on the Manhattan Project. He found that other physicists were exposing their safe combinations, writing them down in obvious places or something like that. He dutifully reported it to his bosses. The boss' reaction? Everybody, be careful of Richard Feynman. He's seen your safe combinations.
When I was a sysadmin I found the exact kind of raw, injectable, SQL string in the company's main web app code... which had quite a large part of the government (regions and medical sector) as a costumer. I warned the dev team (and C-levels) of this, as it's quite a serious flaw. It was ignored completely until I demonstrated how to dump the database into the web page itself... this came with an added "bonus": the majority of user passwords were stored in raw text, shown right there on the page! Now, this is completely inexcusable in anything made in C# or VB, as LINQ and Entity framework both provide protection against this and are often much faster than "home rolled" solutions if you know what you're doing. They are also both much quicker to implement, benchmark and debug. Additionally, by designing a secure system from the beginning, you and the company end up using less money and time down the road for fixes, court and damage control. Far too often programmers are told to blindly follow instructions from higher with no regard for security, or they have to keep to a tight deadline, meaning they are more often than not encouraged to jump the lowest part of the fence. As a developer myself, I have been told by C-levels to skimp on security measures too... needless to say, i've always either told them "no" to their face or silently implemented the nescessary measures, full well knowing it could get me into trouble (and it has). Needless to say, if that happened, i've told the C-levels how much trouble they and their company could get into if such a flaw was to be exploited, especially now, under GDPR, where a backlash from the court system is also a very real possibility. GDPR requires that companies (provided they store personal data) take as many technical (ie. dev-wise) and organizational (C-level-wise) precautions as possible to curb or limit leakage of private personal information. By this, if you develop for a company within the EU or they conduct trade with the EU (especially with individuals), I strongly encourage you to take a hard stance on security. The price of noncompliance is up to €20 million or 4% of the company's global revenue, whichever one is higher. Additionally you may face charges in your local nation if the security standards are deemed poor. Also the price might become much, much higher in the end... especially if media gets involved. For all the downtrodden programmers and developers out there: Remember, you are the experts, you have final control of what to add, you have the say if you see a problem. If you get ignored or get in trouble for that, act loyal and in the company's interest. If C-level still aren't satisfied, leave... immediately!
@@Tylonfoxx I was so confused... I thought you were trying to write a code syntax there. Just say fuck. It doesn't matter in the comment section, you won't get monetized here anyway ;)
I did some further research: The printer of these recipies uses a monospaced font with a line-width of (at least) 42 characters, counting from the quantity Integer to the Euro-Sign. In good IT-Fashion, I shall label the first column with the Order Quantity as Column 0, hence the € sign is in Column 41. ITEM NAMES: - the order quantity for single-digit quantities is printed in Column 0 - the name of the ordered item starts in Column 2 - the name is printed in all CAPS and has NO Symbol at the end - the name and quantity are aligned to the left ITEM EXTRAS: - extras to the order such as extra Bacon are written one line underneath the order - the extras have a offset of 2 chars, placing the quantity in Column 2 - extras are not written in caps, but in normal writing (first Upper for nouns, rest lower) - like the order name itself, the extras are aligned to the left PRICING: - the prices are aligned RIGHT, placing the € sign in Column 41 - prices have two decimal places after the comma (Column 37) and an additional space between the price and the € sign - thus prices start in Column 36 for items less than 10€ and in Column 35 for orders >10€ (if you order >100€ you don't need this trick, stop reading) COMMENTS: - Comments are placed ABOVE the list of ordered Items - there are at least three rows padding between the Comment and the Order - apparently Comments are center-aligned on column 20 (judging by the placement of "ersetzen") - it is UNCLEAR if comments are allowed to reach into Column 0 and Column 40/41/42 - it is also unclear how comments that are >42 characters in one line are wrapped on the next best space or mid-word, and where exactly the limit of chars per line is ================================================================== CONCLUSION: Under the presumption that Comments are not allowed to start in Column 0, it would be best to start the comment with a Space, thus placing the Item Name in Column 2 just like the other items. This way, it looks like the printer simply "swallowed" the quantity. The comment is then to be padded with Spaces to a length of 35 characters total. Then (hoping the line break occurs after Column 39) the price is appended to the comment. I would not use a € sign but end the line after the second decimal place, as that way we are guaranteed to stay within a unbroken width (as the "e" of "Soße" is clearly in Column 39, above the second decimal places). Since it is unclear wether HTML formatting is allowed or not, I would try that in a unsuspicious way by saying something like "Please with NO pickles, since I am Allergic". This way even IF the formatting is printed verbatim AND someone asks unpleasant questions, you can always argue that you tried that since it is of literally vital importance and you wanted to make that clear.
Team Fortress 2 on the Orange Box for the Xbox 360 had something similar to this. You needed a program to bypass one thing but it was an easy process. The game engine, Source, had built in commands that you could execute using Xbox Gamertags. All you needed to do was create a bunch of offline gamertags on the Xbox, transfer them over to a USB drive, load up the USB drive into a computer, then load the profiles into a program that could rename them to anything. The program was needed because the only way to issue a command would be like ";r_gravity 100" and needed to use special characters that would normally not be acceptable. Then after renaming them to all commands, just load the USB back into the Xbox, and sign into each profile to inject a command while in the game.
Once some guys drove around with injection code printed out in paper and taped over their license plate. They would intentionally go over the speed limit, causing the camera to photograph them and automarically scan the picture for the license plate. After the cde was injected in the camera it would delete everything in the tempoary storage, practically erasing every instance of speeding before the cops could collect the data at the end of the day. Some heroes don't wear capes.
This is an interesting concept. I wonder how they knew what code the cameras were running. I assume it would be a custom OS. Speed cameras wouldn't just run Windows XP. Where was this done?
Hoàng Trần Minh Doubt... but possible? He'd have to know how the camera's system operates.. if the system polls the database for the license number then it is possible if it is not a prepared statement, but there are many things into this that makes me think it's fake.
Isaac P, While this situation does seem unlikely (but possible) to me, it wouldn’t be unreasonable to assume it was some common OS. I’ve seen many similar types of systems, and they tend to just run some version of Windows or Linux (or sometimes some other Unix-like OS), and if not, they still could have insider knowledge of the system.
Nothing But The Austin I guess that's true. Windows is everywhere. One time I went to a bank to register for an account and their machines ran windows XP.
Holiday Inn's reservation system, Holidex, had a comment field for requests by the guest which *the guest could see on their receipt* and a field for internal-only comments from employees that the guest couldn't see. So a reservation's agent wrote "Guest is an a**hole" in the wrong field and that comment was printed on her reservation and receipt along with the commenter's name. Hilarity issued.
These errors are alwyas funny... But they're also a very important lesson in tailoring a UI to prevent these mistakes, especially if the target group are amateur computer users that use the system in a stressful environment :-) It also stresses my biggest pet peeve of software development; that devs never get to observe and talk to the target group to gauge their abilities and cast light on the specific needs of the target group. Often there are consultants involved and said "consultants" neither understand or have the academics to see the things that are required by a dev to make an optimal solution ot to know what is and isn't possible. Combine that with unrealistic deadlines and other corporate "fluff" it's very understandable that so many solutions out there are so badly made as they are. In the end, the dev has to do much more work to fix and correct bugs, as well as fix broken expectations, instead of the company being able to cash in the money and reputation and move on to the next project...
It might be a story based off on a Tech Talk about airplane tickets. Which you actually could use SQL injections back in time at check in, for example in the name field. An even more advanced attempt was made using EAN codes, which some of the standards you can exploit as well.
I believe this was unintentional. The channel Half as Interestirng has a video on something like this, although I don't know if this was the same ocurrence of licence plate SQL injection.
I worked at chipotle for a while and when you just glance down at online orders I have made an extra item of food more than once. With the hurry to get the item out the door it’s pretty easy to mess up
Inject it to look identical to the lower order section. See if bolding is possible in the comments field. You could make an order of full comments and possibly one actual .99p item.
Wait... would using the comment section to make it look like it has a less price than it actually has, and using full-width charactes also work? Full-width characters on receipt printers look almost indistinguishable from bold characters, I will have to test this. 1 CHEESEBURGER 0.99€
Agent M Noone checks if the total price is correct (at least at Fastfood restaurants) so it should be fine if he orders more than just a cheeseburger. Actually in this case the price of the commented cheeseburger shouldn't be lowered to disguise it even more since he should get it for free anyway.
Today i had a conversation about how someone bought a whole shopping card of fruits for less then a dolllar. It's been only noticeable after that person had left the shop, as the total price seemed a little off. There is a self serving machines at the shop that has it's weight calculator broken. So on the recipient it is displaying a fixed weight of 0.012 KG for each bag of fruits and vegetables. Looking through the receipts now it's hard to notice the pattern straight away, due to the large quantity of products it has. Tomorrow I'll go and try buy something from the same spot and see if it's still happening. Btw, this vid was on top of my home feed, those consequences sometimes makes me wonder if my phone is listening to me xD
your illustrations, story and style is awesome! I could keep on bingeing on your other videos. What you've explored and experimented are really good dude!
Some shops don't verify the sign of quantity, and you can request for -1 t-shirt, but how the payment bridge can't pay you back, you can buy -1 t-shirt and +1 another t-shirt so that is $0, but if the payment bridge refuses because need a min of payment, you can play with that.... -1 t-shirt + +2 t-shirt to get 1 free t-shirt on the price of 1
I used to work for McDonald's developing the back end software. It was really complex and prone to exploits and, whenever these happened, McDonald's would typically honor the order, as they were learning with the mistake.
There's a bug with the McDonald's app where a certain validation error (I won't go into it until they fix it) will add the burger to your order without adding the cost. The receipt ends up with the cost added up - and another item for an "online price mismatch" negating that amount. End result: I get a free burger. Found be accident when I received four more burgers than I had ordered.
This is cool. There was a game this one joint put up on Facebook. Get three stars in a row and you get a burger. Didn't take me long to figure it out and after some basic memory manipulation, I received an email. Printed it out and went to the nearest restaurant they had. They were so hesitant to give me a free burger but luckily one manager knew about the game and confirmed my printed email was legit. Needless to say, the burger tasted good (:
"So what does this teach us" It teaches us that you now know that it's possible with that food place, and you have the receipt, so you can now do this trick and get free food!
This reminds me of all the times I get free food at the Wendy's I like to go to. The employees don't understand what substituting the fries means so I would end up with free fries all the time.
naja gibt nicht wirklich viele deutschsprachige länder mit dem "€" als Währung, eig. nur DE und AT und da DE ca. 10x Einwohner hat ist es die wahrscheinlicherere Antwort...
could you explain how they make the coupons for ordering sites online?? they just gave me one copupon for a 10 pesos discount and it said it was on use. so that makes me wonder how they generate the coupons
The very same thing happened to me once, I also offered to pay, but the guy said it was fine. In my case though, I noticed the comment, deleted it, and it was still sent to the store.
Did you pay on delivery or did you paid online? I've had a similar experience (with a discount) but I still had to pay my order, even if it was their mistake.
SQL should have built in injection prevention. Every single program from every single system should not have to remember to filter queries all the time.
I kinda dont get this.. well i do know what happens, but basically how do you avoid this as a host. I mean couldnt you end any string with a ") or whatever the respective language uses. How would you ever teach a programm what the users end of input is and where the actual end of input is?
We used to do this in AOL chat rooms to make it look like another user was an assist, by typing an invisible carriage return + his name + colon + inane comment, such as.... VideoNOLA: Who here wears orange underwear? Patrick1001: I wear orange underwear!
char buff[15]; int somethingimportant = 0; gets(buff); a buffer overflow is the same thing. basically, you're writing into memory, and if you can access the stack, you can execute whatever you want. some are more complicated than others, but some websites really don't like >2GB usernames.
I was thinking exactly the same thing some days ago while ordering a pizza online :) Why if you copy the exact layout of all the receipt and then make it looks like there are two different receipt from your single order? :D
Just to be clear, they are not making food based on paper tickets or your receipt, your comment would come up on a digital screen in the same font as the itemized order.
So I have a pizza hut near me that I can easily fool for free food. What I would do is order a Meat Lovers pizza online but take out one of the meat toppings. since Meat lover usually means all of these meats they never really check the order. when I get the wrong order or if someone checks after the pizza has already been made and it was wrong, I usually end up getting the pizza with the incorrect things plus the pizza with the correct toppings for no extra price.
Rule 1: Never trust the client. Nothing the client sends to the server can be truly trusted, and must always be sanity tested, sanitized for potential string escapes, etc.
What if you ordered a burger with the comments being something akin to XKCD's name in "Exploits of a Mom" (can't remember the number)? Also, I'm curious, do you simply not like the King sauce or is it not vegan and as such you changed it (I'm guessing you're vegan based on the request for such a sauce)?
I’m new at programming and this is what i understand : Normally comment field will look like this comment “” But if you put *“ somecommand “* in it Then it will be something like this comment “ “ somecommand “ “ Which mean _comment_ will be “ “ And also run _somecommand_ too Is what i understand right? If not please explain a bit, thanks.
basically yes for example in php+sql you would do something like hello'); DROP TABLE USERS;-- because the original request is something like SELECT * FROM users where (name='.$_GET['username'].' and password='.$_GET['pwd'].'); .$_GET['username']. is replaced with hello'); DROP TABLE USERS;-- giving SELECT * FROM users where (name='hello'); DROP TABLE USERS;-- and password='.$_GET['pwd'].'); the -- indicates the rest of the line is a comment, and so the sql processor does the select request, and then deletes the table named users. luckily dumb instances like that are kinda rare, but they still exist on some servers no one's been bothered to update, and anyway, it works so why update it? (because one day or another it's going to be broken by some kind without anything better to do)
Ich arbeite bei Burger King im Lieferservice! Der Von ist anders,aber die Bestellungen laufen normal über ein System namens arrival ab. Eine Bestellung kommt an, wir müssen es ausdrucken, aber auch gleichzeitig in die Kasse eintragen. der sogenannte Hack, funktioniert hier leider nicht, da wir, also die Lieferfahrer, immer den Preis mit den Items abgleichen sollen. das heißt, steht auf den Kassenbon, und dementsprechend auch im System ein anderer Preis, als ich im kassensystem eingegeben habe, müsste ich das aus eigener Tasche bezahlen.
Should have used /* */ to make it clear it was a comment
Underrated.
I actually saw something like that on a recipe once
/******************\
* comment *
*******************
* no ketchup pls *
\******************/
what I find funny about this styling is that it's a comment that would work with lot of compilers (except those that dislike \*)
Hoàng Trần Minh or // or #
This got a literal lol from me
Axidentely inject code and the coment is never printed because it is now comented!
McDonalds had a double bacon burger on their app, it was bugged. $0.00 per burger. I ordered the maximum ammount, 20. The looks on their faces, priceless like their burger.
How long ago was this?
r/thathappened
@@stillred r/ihavereddit; r/nothingeverhappens
Zenocut :D
It was actually a whole double menu that was supposed to cost 9,99€, we ate nothing but mcdonalds for 3 days straight lmao but then it got fixed but i was sick of burgers for a few weeks anyways
Mc Donald’s update 1.4.3
-Fixed free burger glitch
-Minor bug fixes and optimizations
Nope, this was Burger King....
Yes, but that exploit could also have affected McDonald's, just like Spectre affected AMD and some ARM processors apart from Intel.
Fake
- Herobrine removed
holy shit I found my clone
Now I have to protect my web apps from burger injection. Thanks a lot.
@@angelsv don't.
Call
Vegan
Burgers
Burgers
$burger$-I NEED EGG BURGER
@@kas-lw7xz what are we supposed to call them, sausages?
pixel girl vegan sausages 😳
@@memes_gbc674 good ones, like good vegan burgers, are so delicious you can barely tell the difference. That's from eating _cheap_ vegan sausage rolls, not the fancy Greggs ones. I'm not even vegetarian, I will eat meat sausages and meat burgers, I'm just trying to cut down my meat consumption. Though it will be nice when synthetic (but real) lab grown meat becomes a product rather than the various successful small scale experiments it so far is.
Similar exploits like this were very common ~15+ years ago when first online shops came into existence. E.g. you could order a TV for 500€ and a refrigerator for 400€, but you would enter in the quantity field for TV -1 instead of 1. So they would charge you 500-400 = 100€ and they would send you both items.
axlrose76 I member. Also, they used to implement an HTML option field, which could be edited, so you could change the time your order got processed (talking about fastfood chains here)
axlrose76 client-side stuff like that was always rife for exploits. Change prices in hidden form fields etc.
and then they wounderd why the TV stockpile is empty whe there should be 2 left?
Wait... wouldn't it be 400-500 = -100 € (in other words, they *pay* you)? What you described would be if you enter the -1 in the 400 € refrigerator.
I did that and they took my TV
My work allowed us to add comments to an HTML job board that we had on our Intranet through an input dialogue box. I showed them that anyone could add their own code using injection, and instead of fixing it, they said "well now if anything happens, we know it was you"..... *._.*
Yeah, that's a big hint to run from there while you can....
Take that as a red flag. I wouldn't stay in there for too long, really.
You're in good company. Richard Feynman had kinda the same thing happen when working on the Manhattan Project. He found that other physicists were exposing their safe combinations, writing them down in obvious places or something like that. He dutifully reported it to his bosses. The boss' reaction? Everybody, be careful of Richard Feynman. He's seen your safe combinations.
Tehom he also guessed them based on birthdays etc. What you're saying sounds slightly inaccurate
Then use it
When I was a sysadmin I found the exact kind of raw, injectable, SQL string in the company's main web app code... which had quite a large part of the government (regions and medical sector) as a costumer. I warned the dev team (and C-levels) of this, as it's quite a serious flaw.
It was ignored completely until I demonstrated how to dump the database into the web page itself... this came with an added "bonus": the majority of user passwords were stored in raw text, shown right there on the page!
Now, this is completely inexcusable in anything made in C# or VB, as LINQ and Entity framework both provide protection against this and are often much faster than "home rolled" solutions if you know what you're doing. They are also both much quicker to implement, benchmark and debug.
Additionally, by designing a secure system from the beginning, you and the company end up using less money and time down the road for fixes, court and damage control.
Far too often programmers are told to blindly follow instructions from higher with no regard for security, or they have to keep to a tight deadline, meaning they are more often than not encouraged to jump the lowest part of the fence.
As a developer myself, I have been told by C-levels to skimp on security measures too... needless to say, i've always either told them "no" to their face or silently implemented the nescessary measures, full well knowing it could get me into trouble (and it has).
Needless to say, if that happened, i've told the C-levels how much trouble they and their company could get into if such a flaw was to be exploited, especially now, under GDPR, where a backlash from the court system is also a very real possibility.
GDPR requires that companies (provided they store personal data) take as many technical (ie. dev-wise) and organizational (C-level-wise) precautions as possible to curb or limit leakage of private personal information. By this, if you develop for a company within the EU or they conduct trade with the EU (especially with individuals), I strongly encourage you to take a hard stance on security.
The price of noncompliance is up to €20 million or 4% of the company's global revenue, whichever one is higher. Additionally you may face charges in your local nation if the security standards are deemed poor. Also the price might become much, much higher in the end... especially if media gets involved.
For all the downtrodden programmers and developers out there: Remember, you are the experts, you have final control of what to add, you have the say if you see a problem. If you get ignored or get in trouble for that, act loyal and in the company's interest. If C-level still aren't satisfied, leave... immediately!
@@Tylonfoxx I was so confused... I thought you were trying to write a code syntax there.
Just say fuck. It doesn't matter in the comment section, you won't get monetized here anyway ;)
1 COUNTRY BURGER 1,49 €
1 extra patty ,99 €
I know it probably won't work.
haha my first thought exactly
Classic receipt XSS.
next time make the comment COUNTRY BURGER so it is in bold like the other items ;)
and change the price to make it a bit lower
I did some further research:
The printer of these recipies uses a monospaced font with a line-width of (at least) 42 characters, counting from the quantity Integer to the Euro-Sign. In good IT-Fashion, I shall label the first column with the Order Quantity as Column 0, hence the € sign is in Column 41.
ITEM NAMES:
- the order quantity for single-digit quantities is printed in Column 0
- the name of the ordered item starts in Column 2
- the name is printed in all CAPS and has NO Symbol at the end
- the name and quantity are aligned to the left
ITEM EXTRAS:
- extras to the order such as extra Bacon are written one line underneath the order
- the extras have a offset of 2 chars, placing the quantity in Column 2
- extras are not written in caps, but in normal writing (first Upper for nouns, rest lower)
- like the order name itself, the extras are aligned to the left
PRICING:
- the prices are aligned RIGHT, placing the € sign in Column 41
- prices have two decimal places after the comma (Column 37) and an additional space between the price and the € sign
- thus prices start in Column 36 for items less than 10€ and in Column 35 for orders >10€
(if you order >100€ you don't need this trick, stop reading)
COMMENTS:
- Comments are placed ABOVE the list of ordered Items
- there are at least three rows padding between the Comment and the Order
- apparently Comments are center-aligned on column 20 (judging by the placement of "ersetzen")
- it is UNCLEAR if comments are allowed to reach into Column 0 and Column 40/41/42
- it is also unclear how comments that are >42 characters in one line are wrapped on the next best space or mid-word, and where exactly the limit of chars per line is
==================================================================
CONCLUSION:
Under the presumption that Comments are not allowed to start in Column 0, it would be best to start the comment with a Space, thus placing the Item Name in Column 2 just like the other items. This way, it looks like the printer simply "swallowed" the quantity. The comment is then to be padded with Spaces to a length of 35 characters total. Then (hoping the line break occurs after Column 39) the price is appended to the comment. I would not use a € sign but end the line after the second decimal place, as that way we are guaranteed to stay within a unbroken width (as the "e" of "Soße" is clearly in Column 39, above the second decimal places).
Since it is unclear wether HTML formatting is allowed or not, I would try that in a unsuspicious way by saying something like "Please with NO pickles, since I am Allergic". This way even IF the formatting is printed verbatim AND someone asks unpleasant questions, you can always argue that you tried that since it is of literally vital importance and you wanted to make that clear.
Xevailo Intresting and well researched comment!
Xevailo kudos on that lol
I'd rather just pay for the burger
SQL injection? No.
XSS injection? No.
HTML injection? No.
Real-life injection? Yes.
Hotel? Trivago.
@ArraysStartAtThePowerOf0 :lul:
html injection are part of xss bruh
THAT I DID NOT EXPECT
Team Fortress 2 on the Orange Box for the Xbox 360 had something similar to this. You needed a program to bypass one thing but it was an easy process. The game engine, Source, had built in commands that you could execute using Xbox Gamertags. All you needed to do was create a bunch of offline gamertags on the Xbox, transfer them over to a USB drive, load up the USB drive into a computer, then load the profiles into a program that could rename them to anything. The program was needed because the only way to issue a command would be like ";r_gravity 100" and needed to use special characters that would normally not be acceptable. Then after renaming them to all commands, just load the USB back into the Xbox, and sign into each profile to inject a command while in the game.
Once some guys drove around with injection code printed out in paper and taped over their license plate. They would intentionally go over the speed limit, causing the camera to photograph them and automarically scan the picture for the license plate. After the cde was injected in the camera it would delete everything in the tempoary storage, practically erasing every instance of speeding before the cops could collect the data at the end of the day.
Some heroes don't wear capes.
This is an interesting concept. I wonder how they knew what code the cameras were running. I assume it would be a custom OS. Speed cameras wouldn't just run Windows XP.
Where was this done?
Hoàng Trần Minh
Doubt... but possible?
He'd have to know how the camera's system operates.. if the system polls the database for the license number then it is possible if it is not a prepared statement, but there are many things into this that makes me think it's fake.
AA A Try it out and let us know
Isaac P,
While this situation does seem unlikely (but possible) to me, it wouldn’t be unreasonable to assume it was some common OS. I’ve seen many similar types of systems, and they tend to just run some version of Windows or Linux (or sometimes some other Unix-like OS), and if not, they still could have insider knowledge of the system.
Nothing But The Austin I guess that's true. Windows is everywhere. One time I went to a bank to register for an account and their machines ran windows XP.
I'd like to have a "Cheese Burger'); DROP table Burgers;"
Normal people: oh cool got a free burger accidentally
This dude: Burger injection vulernability
Fake
Address is not 127.0.0.1
there's no place like home
there's no place like home
there's no place like home
Do you wish to access *LocalHost*
Wait that's MY WEBSITE STOPPPPPPP
@@rabbitdrink dddddooooonnnnnnn'''tttt pppppaaaannnniiiiicccccc!!!!!!
Holiday Inn's reservation system, Holidex, had a comment field for requests by the guest which *the guest could see on their receipt* and a field for internal-only comments from employees that the guest couldn't see. So a reservation's agent wrote "Guest is an a**hole" in the wrong field and that comment was printed on her reservation and receipt along with the commenter's name. Hilarity issued.
These errors are alwyas funny...
But they're also a very important lesson in tailoring a UI to prevent these mistakes, especially if the target group are amateur computer users that use the system in a stressful environment :-)
It also stresses my biggest pet peeve of software development; that devs never get to observe and talk to the target group to gauge their abilities and cast light on the specific needs of the target group. Often there are consultants involved and said "consultants" neither understand or have the academics to see the things that are required by a dev to make an optimal solution ot to know what is and isn't possible. Combine that with unrealistic deadlines and other corporate "fluff" it's very understandable that so many solutions out there are so badly made as they are.
In the end, the dev has to do much more work to fix and correct bugs, as well as fix broken expectations, instead of the company being able to cash in the money and reputation and move on to the next project...
This happened recently with an homophobic insulat...
That is like when a guy changed the number plate of his car with an SQL query that droped all the tables.
Where and when did this happen? I'd like to research this more.
It might be a story based off on a Tech Talk about airplane tickets. Which you actually could use SQL injections back in time at check in, for example in the name field.
An even more advanced attempt was made using EAN codes, which some of the standards you can exploit as well.
Found this but no info that it worked :( hackaday.com/2014/04/04/sql-injection-fools-speed-traps-and-clears-your-record/
I believe this was unintentional. The channel Half as Interestirng has a video on something like this, although I don't know if this was the same ocurrence of licence plate SQL injection.
i just wanted how to know how to get free burgers, didn’t realize this was for programming
burger overflow = diabetes
it actually underflows to malnourishment
I worked at chipotle for a while and when you just glance down at online orders I have made an extra item of food more than once. With the hurry to get the item out the door it’s pretty easy to mess up
Bobby tables would have loved this
Inject it to look identical to the lower order section. See if bolding is possible in the comments field. You could make an order of full comments and possibly one actual .99p item.
man you're so bad
I think i will try it
@@LStranck did it work?
@@base4037 it wont work because if you add shit at the top and then just pay for fries the bill will be way lower than it should
# You’d have to order enough food that the free item doesn’t make the price stand out.
Wait... would using the comment section to make it look like it has a less price than it actually has, and using full-width charactes also work? Full-width characters on receipt printers look almost indistinguishable from bold characters, I will have to test this.
1 CHEESEBURGER 0.99€
You might be onto something!
Do they even render full width characters?
upload.wikimedia.org/wikipedia/commons/0/0b/ReceiptSwiss.jpg
Probably. I haven't tried it yet.
and it won't be counted towards the total price
Agent M Noone checks if the total price is correct (at least at Fastfood restaurants) so it should be fine if he orders more than just a cheeseburger. Actually in this case the price of the commented cheeseburger shouldn't be lowered to disguise it even more since he should get it for free anyway.
"Burger Injection Vuln" I want to see this vuln on my customer pentest reports ^^
I had little to no idea of what code injections were before now. Mind blown. Thanks! Great help!
Today i had a conversation about how someone bought a whole shopping card of fruits for less then a dolllar. It's been only noticeable after that person had left the shop, as the total price seemed a little off. There is a self serving machines at the shop that has it's weight calculator broken. So on the recipient it is displaying a fixed weight of 0.012 KG for each bag of fruits and vegetables. Looking through the receipts now it's hard to notice the pattern straight away, due to the large quantity of products it has. Tomorrow I'll go and try buy something from the same spot and see if it's still happening.
Btw, this vid was on top of my home feed, those consequences sometimes makes me wonder if my phone is listening to me xD
Important lesson for all users: Never implicitly trust an IT system :-)
Went from a great story to a fucking lesson real fast
your illustrations, story and style is awesome! I could keep on bingeing on your other videos. What you've explored and experimented are really good dude!
You make top quality content from really stupid things. Love it!
Hackerman
@GameCrunch r/whoooosh r/ihavereddit
Some shops don't verify the sign of quantity, and you can request for -1 t-shirt, but how the payment bridge can't pay you back, you can buy -1 t-shirt and +1 another t-shirt so that is $0, but if the payment bridge refuses because need a min of payment, you can play with that.... -1 t-shirt + +2 t-shirt to get 1 free t-shirt on the price of 1
That was a nice analogy. Well done mdude
I used to work for McDonald's developing the back end software. It was really complex and prone to exploits and, whenever these happened, McDonald's would typically honor the order, as they were learning with the mistake.
Lol this example is brilliant. I couldnt had thought of a better irl analogy than this.
There's a bug with the McDonald's app where a certain validation error (I won't go into it until they fix it) will add the burger to your order without adding the cost. The receipt ends up with the cost added up - and another item for an "online price mismatch" negating that amount.
End result: I get a free burger. Found be accident when I received four more burgers than I had ordered.
Should've put the burger at the end, and made it bold for emphasis, and made sure it was the correct burger by putting the price next to it.
gleich mal bei bk bestellen... :P
This is cool. There was a game this one joint put up on Facebook. Get three stars in a row and you get a burger. Didn't take me long to figure it out and after some basic memory manipulation, I received an email. Printed it out and went to the nearest restaurant they had. They were so hesitant to give me a free burger but luckily one manager knew about the game and confirmed my printed email was legit. Needless to say, the burger tasted good (:
"So what does this teach us"
It teaches us that you now know that it's possible with that food place, and you have the receipt, so you can now do this trick and get free food!
Imagine comment
Country Burger 1.5
next time when you go to Germany and order online
I was half expecting him to say he re-ordered using formatting to make the comment look identical to the items on the order lol
This reminds me of all the times I get free food at the Wendy's I like to go to. The employees don't understand what substituting the fries means so I would end up with free fries all the time.
I KNEW YOU WERE GERMAN, HA!
Or you just live in germany :3
Oder er lebt in einem anderen deutschsprachigen Land.
Wollte ich damit auch irgendwie sagen, einfach doof formuliert xd
naja gibt nicht wirklich viele deutschsprachige länder mit dem "€" als Währung, eig. nur DE und AT und da DE ca. 10x Einwohner hat ist es die wahrscheinlicherere Antwort...
So kann man es auch sehen.
"I KNEW YOU WERE GERMAN, HA!" - Many of his other videos and his accent is a dead giveaway....
This is life changing.
Great analogy, man!
Use bold text on the site to print bold on the receipt therefore making it indistinguishable.
fantastic explanation, loved the burger injection exploit
could you explain how they make the coupons for ordering sites online?? they just gave me one copupon for a 10 pesos discount and it said it was on use. so that makes me wonder how they generate the coupons
The title gave me so much hope..
It's the vulnerability of lax behaviour of the programmer, not an injection vulnerability! We must keep on our toes!
idk why but this online textbook thing that we did at school allowed you to use the tag for some reason oh and html and css
The very same thing happened to me once, I also offered to pay, but the guy said it was fine. In my case though, I noticed the comment, deleted it, and it was still sent to the store.
I'd try looking into whether you can find documentation for the printer and see if you can inject anything else into your receipt
This is an awesome example.
Love your channel
You could make the comment look like a purchase by adding a price at the end
Don't you just hate it when you accidently hack your nearby Fast Food Restaurant?
Did you pay on delivery or did you paid online?
I've had a similar experience (with a discount) but I still had to pay my order, even if it was their mistake.
it was probably paid online since the top says "bereits bezahlt" which translates to already paid
Noch ein Deutscher Programmierer.
Schön zu sehen
Gute Aussprache und guter Content!
You are awesome!
Wow, dein und Kurzgesagts Englisch ist das Einzige was ich bisher gehört habe, wo es nicht sofort erkennbar ist, dass man Deutscher ist. 👍
Because you're German ^^
SQL should have built in injection prevention. Every single program from every single system should not have to remember to filter queries all the time.
I kinda dont get this.. well i do know what happens, but basically how do you avoid this as a host.
I mean couldnt you end any string with a ") or whatever the respective language uses.
How would you ever teach a programm what the users end of input is and where the actual end of input is?
This is think out the box !
We used to do this in AOL chat rooms to make it look like another user was an assist, by typing an invisible carriage return + his name + colon + inane comment, such as....
VideoNOLA: Who here wears orange underwear?
Patrick1001: I wear orange underwear!
This is one of the reasons why I prefer compiled languages.
char buff[15];
int somethingimportant = 0;
gets(buff);
a buffer overflow is the same thing.
basically, you're writing into memory, and if you can access the stack, you can execute whatever you want.
some are more complicated than others, but some websites really don't like >2GB usernames.
Burger injection sounds funny haha xD but u nailed it bro! Very nice
I like what i've watched so far ;) kinda wanna get back to learning C++ again xD HÄSHTAG Subscribed
Thanks! I will use this injection vulnerability to have a burger payload.
Hackerman hacks a human being.
I lost it at "UNINTENDED SOCIAL ENGINEERING ATTACK" 🤣
Thanks for telling me how to get free food, J. Random Sushi Restaurant won't know what hit them
I was thinking exactly the same thing some days ago while ordering a pizza online :) Why if you copy the exact layout of all the receipt and then make it looks like there are two different receipt from your single order? :D
Matteo Bucci Oh, smart, that would probably work (though I don’t think it should be tried)
It would be a scam and you could be charged for it... not sure that it's worth it for a pizza.
Once I asked for Keema as an extra topping on my Ultimate chicken pizza from pizza hut and they gave me a separate Keema pizza for free
Just to be clear, they are not making food based on paper tickets or your receipt, your comment would come up on a digital screen in the same font as the itemized order.
Wow, I learned few days ago about sql injection, and this video is a perfect example (and explanation )of what happened. great job!
2:38 : Minecraft hurt sounds
Interesting... Gonna try that a time.... However I don't know if BK delivers here...
I would suggest you hit enter once after
"COUNTRY BURGER"
So the comment comes in the line beneath like with the other items
So I have a pizza hut near me that I can easily fool for free food. What I would do is order a Meat Lovers pizza online but take out one of the meat toppings. since Meat lover usually means all of these meats they never really check the order. when I get the wrong order or if someone checks after the pizza has already been made and it was wrong, I usually end up getting the pizza with the incorrect things plus the pizza with the correct toppings for no extra price.
No. I NEED to be able to execute bitmaps and wave files. For reasons.
only 27k... you deserve at least 20 times more but still gg :P
Bug report:
UNPATCHED Burger Injection Vulnerability (BIV)
Threat level: Severe
Rule 1: Never trust the client. Nothing the client sends to the server can be truly trusted, and must always be sanity tested, sanitized for potential string escapes, etc.
Especially because you already paid, so they didn't bother rechecking if the overall price is correct.
What if you ordered a burger with the comments being something akin to XKCD's name in "Exploits of a Mom" (can't remember the number)?
Also, I'm curious, do you simply not like the King sauce or is it not vegan and as such you changed it (I'm guessing you're vegan based on the request for such a sauce)?
I think he just likes the vegan sauce better. He's probably not vegan because HE'S ORDERING A BURGER FOR CRYING OUT LOUD.
I didn't download this video... How did this get here?
What a funny mess up from Burger Kings
Wo hast du bestellt ?
I’m new at programming and this is what i understand :
Normally comment field will look like this
comment “”
But if you put *“ somecommand “* in it
Then it will be something like this
comment “ “ somecommand “ “
Which mean _comment_ will be “ “
And also run _somecommand_ too
Is what i understand right? If not please explain a bit, thanks.
basically yes for example in php+sql you would do something like
hello'); DROP TABLE USERS;--
because the original request is something like
SELECT * FROM users where (name='.$_GET['username'].' and password='.$_GET['pwd'].');
.$_GET['username']. is replaced with hello'); DROP TABLE USERS;--
giving
SELECT * FROM users where (name='hello'); DROP TABLE USERS;-- and password='.$_GET['pwd'].');
the -- indicates the rest of the line is a comment, and so the sql processor does the select request, and then deletes the table named users.
luckily dumb instances like that are kinda rare, but they still exist on some servers no one's been bothered to update, and anyway, it works so why update it? (because one day or another it's going to be broken by some kind without anything better to do)
I wouldn't bother about it. I see a free burger, say "My bad, totally forgot" and enjoy my free meal :D :D
I really thought you were going to exploit it, and write a comment simulating an actual order with bold letters and a price.
Did he just misused a poor low priority thread who made a small mistake as a segway to teach about injections?
Monster.
Your explanation is very good
Are you there on LinkedIn
Great Video
Next time I order I'm gonna comment "1 CHEESEBURGER $1.49"
Just for pentesting reasons of course...
Ich arbeite bei Burger King im Lieferservice! Der Von ist anders,aber die Bestellungen laufen normal über ein System namens arrival ab. Eine Bestellung kommt an, wir müssen es ausdrucken, aber auch gleichzeitig in die Kasse eintragen. der sogenannte Hack, funktioniert hier leider nicht, da wir, also die Lieferfahrer, immer den Preis mit den Items abgleichen sollen. das heißt, steht auf den Kassenbon, und dementsprechend auch im System ein anderer Preis, als ich im kassensystem eingegeben habe, müsste ich das aus eigener Tasche bezahlen.
Now I'm hungry and want a chilicheese burger but they don't deliver here :(
my god, what on earth is a CHICKEN NUGGET BURGER
Isn't there a way to make the text bold tho and just add a price at the end