|
|
|
|
|
|
by stickydink
2460 days ago
|
|
|
There was a much less juicy bug in the previous iteration of Chipotle's website. Due to demand, the pickup time would often be several hours away from time of ordering. But there was no server validation of the time being sent. A little manipulation of the dropdown picker, and you could send any time (or indeed, any text at all), and it would be printed on the ticket at the restaurant. It was so easy that half our office was able to figure out that you can right click the picker, "Inspect", then type in any time you like. |
|
|