Some time ago, I exposed an e-shop for blatantly lying about the number of people viewing their products. Their public source code contained a JavaScript function that randomized the number. Since then, the administrators of the e-shop have quietly removed the code from their website.
Well, we are once again exploring the source code of a website, but this time there’s nothing crooked involved. The website that I’ll be showing you today simply exposed hidden promo codes in their public code.
We’ll be looking at a chain of indoor water parks called Great Wolf Lodge today, though I want you to know that it’s actually quite common that websites expose what would be internal information publicly through poor code.
I’ll explain every step along the way, so you can follow along and use the methods I mention in this article to explore the source codes for other websites. And, trust me, you can find all sorts of interesting tidbits in source codes.
Here’s what we’ll do:
Let’s start by navigating over to our subject: Great Wolf. Right-click just about anywhere on the website and select “View source.” Hit CTRL+F (or CMD+F) to search the code and type “promocode.” We will find two variables in particular that interest me: “dealPromoCodeApiUrl” and “promoCodeList.” The first variable contains a partial URL to a JSON-file (a file with some structured data) that sounds like it would contain promo codes. The second variable is an array (a collection) of promo codes.
If we take the URL found in the aforementioned variable and add “greatwolf.com” to the beginning of it, we’ll end up with this URL: https://www.greatwolf.com/content/experience-fragments/gwl/poconos/experience-fragment/master/_jcr_content/root/plan.json.
At the time of writing, upon visiting that URL, I am greeted with four different promo codes:
Skip the extension — just come straight here.
We’ve built a fast, permanent tool you can bookmark and use anytime.
Go To Paywall Unblock Tool