{"id":206,"date":"2011-07-08T00:01:31","date_gmt":"2011-07-07T14:01:31","guid":{"rendered":"http:\/\/www.reenadu.com\/?p=206"},"modified":"2011-07-08T00:01:31","modified_gmt":"2011-07-07T14:01:31","slug":"dominos-pizza-5-95-mobile-ordering-site-exploit","status":"publish","type":"post","link":"https:\/\/nickdu.com\/?p=206","title":{"rendered":"Domino’s Pizza $5.95 mobile ordering site exploit"},"content":{"rendered":"

Domino’s Pizza<\/a> has new mobile ordering site, and any value or traditional pizza only $5.95 each pick up.
\nThis deal is for mobile user only. It will re-direct non-mobile user to normal online ordering site, and the price jumps up to $7.95.<\/p>\n

From technical perceptive, how does Domino’s server determine a mobile user? Normally a web request contains “User-Agent<\/em>” to help web server tell who is visiting. This is a typical example of web request. If we change the “User-Agent<\/em>” content, we can cheat domino’s web server and order $5.95 pizza.<\/p>\n

GET \/ HTTP\/1.1
\nHost: www.dominos.com.au
\nUser-Agent: Mozilla\/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko\/20110614 Firefox\/3.6.18<\/span>
\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8
\nAccept-Language: en-us,en;q=0.5
\nAccept-Encoding: gzip,deflate
\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
\nConnection: keep-alive<\/p>\n

OK, let’s do it!<\/p>\n

    \n
  1. Download user agent switcher<\/a> for your Firefox<\/a> and install.<\/li>\n
  2. Change user agent to iPhone<\/li>\n
  3. Star ordering from http:\/\/dominos.com.au\/mobile.aspx<\/a> and enjoy $5.95 pizza<\/li>\n<\/ol>\n

    \"\"<\/a><\/p>\n

     <\/p>\n","protected":false},"excerpt":{"rendered":"

    Domino’s Pizza has new mobile ordering site, and any value or traditional pizza only $5.95 each pick up. This deal is for mobile user only. It will re-direct non-mobile user to normal online ordering site, and the price jumps up to $7.95. From technical perceptive, how does Domino’s server determine a mobile user? Normally a … Continue reading “Domino’s Pizza $5.95 mobile ordering site exploit”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,8],"tags":[],"class_list":["post-206","post","type-post","status-publish","format-standard","hentry","category-it","category-web"],"_links":{"self":[{"href":"https:\/\/nickdu.com\/index.php?rest_route=\/wp\/v2\/posts\/206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nickdu.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nickdu.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nickdu.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nickdu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=206"}],"version-history":[{"count":0,"href":"https:\/\/nickdu.com\/index.php?rest_route=\/wp\/v2\/posts\/206\/revisions"}],"wp:attachment":[{"href":"https:\/\/nickdu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nickdu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nickdu.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}