Skip to content

Latest commit

 

History

History
27 lines (19 loc) · 1014 Bytes

README.md

File metadata and controls

27 lines (19 loc) · 1014 Bytes

McFux

PoC for abusing McDonald's deals system

Exploiting the fact that any account doesn't require any email confermation and using fuzzed device/account infos, making two requests (one for registering the account and the other one to reedem the code) gets unlimited coupons.

24/08/2019 Update: McD updated their backend, so this PoC is no longer working.

Requirements

  • Python >= 3.7
  • Java >= 8
  • Install requests using pip3 install requests --user

Usage

Run via python3 mcfux.py

It opens a webserver on 127.0.0.1:8081 where you can get a coupon code (15916) as proof of the generation.

TODO

  • Make this work with the new >=2.0 McD app update
  • Rewrite the x-plexure-api-key generaton in Python

Future development

An updated version of this PoC will be done eventually.

Legal stuff

Is a PoC not inteded to harm/be used in any circumstances other than testing. I take no responsibilities for any usage of this code. It was fun to make, that's it.