Little Bobby Tables says hi.
the adjectives on the tip options are so weird lol What a shitty system to even exist
I want to know what it says under 30%.
“Best Service Ever!”
I think it’s “Best Service Ever”.
The picture on this page seems to have the same screen minus the red box.
Thank you, my curiosity is now fully satisfied!
“I’m drunk”
“Scammed”
“Best Service Ever!”
One day someone will use the SQL injection to execute code on the remote server to add message to the web site that tells the workers to unionise and demand actually fair wages and put an end to the whole tipping nonsense
Please write this code and I’ll do it
tomorrowwhen stuff opens today.
Jokes on you. Restaurant owner too rich, behavior is within normal range for IRS AI.
Though the AI is interested on how your bank account is higher than it’s supposed to be.
Joke’s* on you
(Short for “The joke is on you”.)
No, jokes. It’s plural because there are many jokes on you.
Thank’s.
Too complicated. Just enter a negative number.
No negative sign on the keyboard. But you can enter 2147483647
Risky gamble there
I’d love to know what this would actually do.
Edit: Thanks for the responses and lively discussion!!
Assuming the accounting system this thing links with both does not protect from SQL injection attacks (many don’t, despite it being easy to protect against) and also has a table named “Bills” with a field named “amount”; what this would do is go through every single Bills record and half the value in the amount field. This would completely fuck the system, particularly when it came to billing and tax filing as the numbers for accounts billing and receivable wouldn’t even come close to matching each other. The accounting department would have a hell of a time fixing the damage.
Need to throw a rand() in there to make it less easy to unfuck
In the amount/2 term?
Yup. Rand() chooses a random float value for each entry. By default I believe it’s anywhere between 0 and 1. So it may divide the first bill by .76, then the second by .23, then the third by 0.63, etc… So you’d end up with a completely garbage database because you can’t even undo it by multiplying all of the numbers by a set value.
Satan?
Also, by dividing by a number between 0 and 1, you increase the amount it looks like it billed. So income will look like it’s higher than outgoing funds, which will raise suspicions of embezzlement. And if someone actually is embezzling, whatever accounting tricks they’ve been using to hide it might just stop working because everything might need to be examined with a fine tooth comb. “Oh, the billing numbers aren’t right, and also it turns out the invoice numbers aren’t right either. Billing issue was tracked to a hack, but what’s going on with these invoices?”
if you’re trying to be malicious, wouldn’t it be better to multiply by
Rand()
instead of divide byRand()
?assuming there are a decent number of recorded sales, you’d end up seeing many of the calls to
Rand()
returning values very close to0
. so, if you’re dividing by those values, you’d end see lots of sales records reporting values in the thousands, millions, or even billions of dollars. i feel like that screams “software bug” more than anything. on the other hand, seeing lots of values multiplied by values close to 0 would certainly look weird, but it wouldn’t be as immediately suspicious.(of course a better thing would just be to use
Rand()
on a range other than[
) ]
Couldn’t they just *2 all the bills from before this was ran and straighten it out?
I imagine they could if they knew exactly what you did and when, but if it doesn’t get discovered until later and nobody knows what happened, it would probably be a bitch to figure out
It seems like it would be fairly easy to find. All you need to do is find out where the price drops massively, and work backwards from there, since it doesn’t change the code going forward.
Pretty sure it would be obvious to anyone working there that chicken tenders are $10 not $5. Even a quick glance at any single bill would show the issue.
EOM recon will be a bitch.
its an sql injection attack.
its rather unlikely that it works in a modern app.assuming this would work,
it injects a command in the sql database.it is assumed that the app runs a sql querry with the input field as a parameter e.g.
INSERT INTO "bills" (item, ammount, tip) VALUES ("steak", "20,00 $", "content of the custom tip goes here");
the semicolon indicates the end of the querry,
so the the text would cause the app to run an unfinished querry, and then start a new querry that messes up the content of the bills table.Further: xkcd.com/327
Is that Bobby?
Nothing. For one, it won’t let you enter letters. Two, the table structure to these POS systems are more nuanced than a simple bills table with am amounts field.
It’s amusing and all, but it’s not something you can do.
Source: work with, and develop around, these types of POS systems.
deleted by creator
Now if I could only bypass the float only input field…
F12 lol. The only issue with a dev console helping would be serverside checking
How do you press F12 on a touchscreen interface?
So I have to bluetooth my mobile device to the restaurant’s point of sale app?
You could probably also try peeling off the outer plastic of the device so you can access the USB port and plug in an external keyboard, but the person holding it might notice
you could also bring a regular keyboard and try to plug it in when the cashier isn’t looking. i’m sure that will go over well
Based username
Always nice to meet a fellow adventurer. See you in South Pront 👍
Can’t they trace it back to you since you’re using a card to get that prompt?
In my country, we can buy pre-paid credit cards in the supermarket using cash. I guess that is still traceable using supermarket security cameras and facial recognition, but if you’re attempting this, I’d make it as difficult as possible.
Prepaid VISA gift card purchased with cash.
Are there still places you can buy those that you wouldn’t be on camera and immediately trackable?
I’m not shitting on the idea, I’m just trying to make it as good as possible.
Masks don’t only protect from airborne viruses…
Paired with a hat or hoodie with IR LEDs.
I laughed a lot at this.
Does this actually even work any more? I figured most things protected against it nowadays.