An unusual database exploit

Preston T
Preston T
Apr 5, 2020 · 1 min read

There are many topics about database security to talk about, but I’m not going to do that today. I came across an interesting way to purchase my contact lenses last year at ****.com (it’s my secret ^^). The web store lets you buy high quality lenses at an affordable price. However, just like other people, I searched around multiple stores to find a better price, and I took my time to do it. One day at work, I used my phone instead of my PC to see if the price of this product changed and noticed the price dropped significantly compared to what I saw the day earlier. Got home, I hopped on my PC and checked the price again with the intent to buy. Surprisingly, the price was the same as the day before. Well, why was that?!

Turned out the mobile site and desktop site were accessing different databases! And the database for mobile site didn’t get updated for a while. At least that’s what I thought. So I went ahead and purchase the product at the “discount price”. Since it’s their fault for not having a good developer team, I didn’t do anything wrong here (no crime was committed!). Today I check out the website again. There are still some inconsistency of the prices among products.

There you have it, next time when you try to buy something, see if this trick works.

Preston’s security blog

since Medium removed my custom domain, stories have been…