A few days ago, the topic of #大学学生 using KFC loopholes to defraud more than 200,000 yuan# appeared on the Weibo hot search list, which attracted a lot of attention.
It is reported that Xu Mou, a college student at school, used the loopholes in the data synchronization between the KFC APP client and WeChat client to defraud the exchange coupons or meal codes, sell them to others for profit, and teach the method to his classmates to Parkson, the owner of KFC. The company caused a loss of more than 200,000 yuan.
Recently, the People’s Court of Xuhui District, Shanghai opened a court hearing on the case. Xu and five others were sentenced to imprisonment ranging from two years and six months to one year and three months and fined for fraud and Penalty.
KFC system has bugs, college students exploited loopholes and were convicted of fraud
In April 2018, Xu Mou, a student at a university in Jiangsu, accidentally discovered two vulnerabilities while using the KFC client to order food.
The first is to place an order with a package voucher on the APP client. After entering the pending payment state, no payment is made. Then, the voucher is refunded on the WeChat client, and then the previous client order is cancelled, and the redemption can be obtained again Coupons. In this way, you can get an exchange voucher if you haven't paid the penny.
The second is to first place an order with a package voucher on the APP client to be paid, return the voucher on the WeChat client, and then pay on the APP client, then the payment will be successful and the meal code can be obtained. This method is equivalent to defrauding a package without payment.
After discovering the loopholes in the KFC system, Xu sold the package products obtained in these two ways to others at a low price through online trading software to make illegal profits; at the same time, he passed the method to Ding and other 4 classmates.
As of the incident in October of the same year, Xu's actions caused Parkson to lose more than 58,000 yuan, and Ding and other four people caused Parkson to lose 80,900 to 47,000 yuan.
After the trial, the Shanghai Xuhui District People’s Court found that each defendant knew that the KFC APP client and WeChat client self-service ordering system under Yum’s brand had a data out-of-synchronization loophole, and they still conducted false transactions for the purpose of illegal possession, and then obtained illegally. The act of property is a crime of fraud.
According to the facts, nature, circumstances of the defendant’s crime, and the degree of harm to society, Xuhui Court found that Xu was guilty of fraud and sentenced him to two years in prison and a fine of RMB 6,000; he was sentenced to fixed-term imprisonment for the crime of imparting criminal methods. For ten months, he decided to execute two years and six months in prison and a fine of 6,000 yuan. Ding and other four people were respectively found to be fraud or fraud, and the crime of imparting criminal methods for the same reason. They were sentenced to two years to one year and three months in prison, and fined between 4,000 yuan and 1,000 yuan. And other penalties.
The relevant articles of the Criminal Law of the People's Republic of China are as follows:
Source: http://extwprlegs1.fao.org/docs/pdf/chn197566.pdf
"Wool" really smells? Be careful to be sentenced
At the time when various shopping festivals and promotional activities are prevalent, many people have experienced making up for full reduction, grabbing red envelopes, staying up late to buy...
But not everything is cheap. In the search engine, enter "Yu Mao was sentenced" and we will see a long list of links.
From these few incidents alone, we can see "theft," "fraud," and "illegal acquisition of computer information system data."
Although the wool is fragrant, it is necessary to "speak martial ethics."
Reference link: https://mp.weixin.qq.com/s/Te_xX9Sgpd4J66FuG1Hdcg
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。