Usually, companies seem to have that kind of an arrogant response. However, in this incredibly unbelievable instance that personally occured to me ...sometimes they just didn't care when we told them about their hole!.
My friends and I were shopping for a good price on a computer game. We came across a site, eCompare.com, that had links to good prices on the game around the net. One of the prices was too good to be true: $5.99! This is on a new game that costs $50-$60 normally.
Upon closer examination, we saw that the price for the item was actually contained in the link for the item. In other words, the link looked something like this (NOT the real URL).... http://www.blahblahblah.com/item/blahblah.cgi?itemid=324823984&price=5.99
Through a little experimentation, we found that this trick worked for ANY item on the site! Being the good little boy scouts we are, we called them up and told them about it. The phone operator's response? You won't believe it. He basically said, "No, I've never heard of that feature before...I would go ahead and try for the lowest price". A week later, I called AGAIN and told them... and got the same response. I sent them 2 emails on the topic but they never responded.
As of today, they still haven't fixed this hole yet (although the links have been removed from eCompare.com) My friend actually ordered and recieved a $950 item for $95 dollars this way. I ordered some items too. Is this morally wrong of us? Under any normal circumstances, I'd say "yes". But considering the company itself told us to "go for it".... is it really wrong?
Moral issues aside, I wonder what they could do to us for taking advantage of this hole? Considering this hole could legitimately be stumbled upon simply by a typo when you're entering the URL... they'd have a hard time proving that we were "hacking". Unbelievably sloppy coding on the whole entire site, to be honest.
By the way... we also found that you can put negative numbers for the item price. I wonder if they'd actually mail you a check along with your item? ;-)
Also I just want to clarify: eCompare.com isn't the site with the hole... they have links to many other sites and the site with the hole was one of them. Don't mail me asking about which site it is either, I'm not saying. ;)
Anime, game, and music reviews at www.bootyproject.org... by fans, for fans.