Domino’s Pizza $5.95 mobile ordering site exploit

Domino’s Pizza has new mobile ordering site, and any value or traditional pizza only $5.95 each pick up.
This deal is for mobile user only. It will re-direct non-mobile user to normal online ordering site, and the price jumps up to $7.95.

From technical perceptive, how does Domino’s server determine a mobile user? Normally a web request contains “User-Agent” to help web server tell who is visiting. This is a typical example of web request. If we change the “User-Agent” content, we can cheat domino’s web server and order $5.95 pizza.

GET / HTTP/1.1
Host: www.dominos.com.au
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive

OK, let’s do it!

  1. Download user agent switcher for your Firefox and install.
  2. Change user agent to iPhone
  3. Star ordering from http://dominos.com.au/mobile.aspx and enjoy $5.95 pizza