[ad_1]
As PC builders everywhere struggle to buy graphics cards, one internet user says he discovered a software bug in AMD’s online store to easily land GPUs.
On Wednesday, Reddit user “originofspices,” who asked that we not use his real name, posted about the bug, which he suspects scalpers knew about long before he found it. “I’m sure other people had discovered this months before I did. It was so easy to find,” he told us in a Reddit chat. “100% actual scalpers had discovered this vector and were buying up lots of parts.”
The bug essentially created a backdoor to AMD’s online store, which has been releasing limited supplies of Radeon graphics cards every Thursday or Friday. During the restocks, normal users have to navigate an often frustrating experience. For example, the site can buckle under the traffic or the GPU product won’t be added to a cart.
However, originofspices says he was able to bypass the whole process, including the store’s anti-bot measures, thanks to the bug. “My vector created a permanent link that would allow you to attempt to add any product to cart,” he explained. “The link could be hammered 24/7 without any restriction. The return would be a JSON packet that either showed failure or success.”
As a result, the moment AMD restocked an item, it could be quickly added to a cart. The same bug also exposed the inventory levels to the Radeon cards sold on AMD’s online store, as well as which warehouse would ship the product.
Since November, originofspices has been trying to buy a new graphics card amid the ongoing chip shortage. In February, he began exploring the computer code of AMD’s online store in the hopes of learning how to land a Radeon GPU during a product restock.
However, he says he’s no computer hacker, or an expert in vulnerability discovery. Instead, the easily discoverable bug may underscore some poor design choices on AMD’s site, which is run by e-commerce provider Digital River.
“The AMD web store that is run by Digital River was not well designed and was easily exploitable by unskilled users such as myself,” originofspices said.
He later used the bug to help him buy a Radeon RX 6900XT card. But if you’re a desperate PC consumer hoping to exploit the vulnerability, you’re out of luck. Originofspices reported the vulnerability to AMD, and he says it’s now patched.
Neither Digital River nor AMD immediately responded to a request for comment. But originofspices says AMD sent him a T-shirt to thank him for the discovery. With the bug now patched, he’s hoping scalpers will have a tougher time obtaining GPUs from AMD’s website, which could make it easier for normal consumers to land one.
“I was just fed up with scalpers buying up all of the parts and selling them at big markups. The fact that the bug is fixed and (hopefully) more end users can buy parts is the thing I’m pleased about,” he said.
[ad_2]
Source link