

Hacking Starbucks to get unlimited coffee - homakov
http://sakurity.com/blog/2015/05/21/starbucks.html

======
ejcx
Nice bugs. Race conditions are fun. Different race conditions were posted here
a couple weeks ago as well for those who don't know[0].

Race conditions for stuff like "gifts" and "credit/debit" is generally an
afterthought and REALLY obvious to bug hunters. It takes less than a minute to
create PoC code to perform the attack. This one is actually really slick.

[0] -
[https://news.ycombinator.com/item?id=9443867](https://news.ycombinator.com/item?id=9443867)

------
marvel_boy
Starbucks behaviour in this case is very bad. You have discovered a serious
bug, showed them and they treat you like a criminal !

