Some critics of President Donald Trump have tried to lock Trump branded goods over the past few days by leaving thousands of products in shopping carts in online stores. However, this attack has become a sort of resistance meme that reminds me of the recent pranks of President Tulsa Rally, but I'm not sure if the scam actually stopped selling goods in Trump's store.
Earlier this week, TikTok and Twitter users started posting. Videos and messages claiming to "buy" the entire supply of items such as Trump baseballs and "Baby Lives Matter" are placed in a shopping cart indefinitely for other visitors to use. The attack obviously included two or more sites: Trump's official campaign shop and his non-political themed Trump gift shop.
Note: All trump baseballs are sold out because the shopping cart is worth over $9000. Buying
— jocelyn (@ jocelyn90028) June 26, 2020
This is a real exploit version called the “Reject Inventory” attack. Basically I buy a large number of limited stock items (or something like restaurant reservations and hotel rooms) but don't complete the transaction. It works if the user actually reserves the product in the store when the user puts it in the shopping cart, and if there is no limit to the number of items that can be purchased at one time, it is most effective if the content of the shopping cart does not expire even after a certain period of time. The attacker uses the bot to constantly refresh fake purchases.
There is not much evidence that is incorrectly marked as sold out as a result of reservation, but some evidence suggests that the store jammer is wrong. For example, popular tweet claim known to have purchased the entire supply of baseball from non-campaign TrumpStore.com. There are no screen shots showing the results, but the replies include "sold out" error shots for other items in the store, including water bottles and hats .
However, Verge duplicated this error message, and does not mean that the inventory is locked. A message pops up when one person fills a shopping cart with all available item inventory and returns to the item and tries to add it. (In my case, 13 navy/red baseball balls seem to be out of stock, so it's prone to errors.) However, visitors to other sites can still put their products in different shopping carts. This message seems to prevent one person from placing a single order that cannot be fulfilled in the store. It is possible that the store has changed in the last 12 hours, but there are no signs of change.
Trump's campaign site works differently. Until recently, users can change the quantity of shopping cart items to any number, and the video shows people ordering hundreds of thousands of dollars for hundreds of thousands of dollars, proceeding to the payment page, and simply not entering a card. Theoretically, this could make the campaign site more vulnerable, and the site removed the ability to add multiple items at once, suggesting that the webmaster may have been plundered by a predatory threat.
Trump spokesman solved the problem exactly. On Twitter, campaign manager Brad Farr scale admitted the provocation of one of the first accounts posted for the attack. I'm done." Unfortunately, his answer was simply "I think you owe salt", which rarely mentions Trump's actual web development best practices.
Banned statements about Trump's campaign, but did not immediately respond to 's email. There is no evidence in Verge that Trump supporters failed to purchase items. I found a video that does bulk orders but doesn't show items that are out of stock later. (Baby onesie is currently [매진] but there is a 21 hour time interval and there are no playful orders and solid links.) Shopify, which powers Trump's campaign store, also didn't answer the question.
In the last attempt to prove the claim, I decided to remove the multiple order option to test for possible exploits that could not be resolved. Indiscriminately cut the total inventory for just one item. A small amount of Verge simultaneously filled the cart with a pair of $70 Trump/Pence gold cuff links, items with significantly lower demand and higher production costs than autographs or T-shirts with one click at a time.
Together with 4 Verge Authors temporarily book a total of 16,371 points Cufflinks (approximately $1,145 million) exceeding the largest single item order (10,000 shirts) seen on TikTok ("Add to Cart "Using glitch to quickly add multiple copies of an item by clicking the link repeatedly]
- Trump's campaign store previously "stored" the item in a shopping cart for individual shoppers, but stopped it after the attack. In case there was no practical reason to remove multiple orders.
- The attack was never a threat because the store did not contain the product in the shopping cart. However, the campaign removed multiple order fields because it gave the impression that they were playing with huge orders in a week after being humiliated by TikTok teenagers.
- The Trump campaign has at least 16,372 pairs of novelty cuff links in stock, ready to withstand these attacks and possibly .
Regardless of which is correct, it seems clear that putting one into Trump's campaign is far more meaningful than actually being uncomfortable for Trump fans. However, Trump is often famous for his president who is more concerned about perception than reality. So the fake orders would have served their purpose anyway.