Local businesses aren't exactly known for their web savviness or IT prowess. And for the most part, that's just fine. You'd be better off judging a prospective attorney on the suit he wears rather than the website he maintains, as that at least has some tangential relationship to practicing law. But usually, you'd just go with whomever a trusted colleague recommended, anyway.

For restaurants however, this is quickly changing. With smartphones becoming the norm, many people will use the web to discover the restaurants around them, see what menus they have, and get a general vibe for the place. And as such, local restaurants do become judged by their web savviness – or at least, their ability to maintain a halfway-decent website.

Ludovico Gardenghi found himself in this exact position when looking for a local eatery that offered take-out. He stumbled upon the website of a nearby place that, despite having a hideously orange, flash-only website, looked like it'd be a good place to get dinner. And as luck would have it, there was even big, orange button that shouted ORDER ONLINE NOW!!!!!

Clicking on that button led to a rather curious page that described the process for placing an order. The exact words on the page were in a different language, and it translated to something like this:

Order Online Today!
Already familiar with ordering online? Then just head to the online ordering system now. Otherwise, just follow these few simple steps.

Ordering online is really easy:
  1. After reading these instructions, click on the orange, "online ordering system" button below to sign-on to the system
  2. When you click on that link, you will be asked to open a connection to a remote server. Click the "accept" button to immediately sign-on, or click the "save" button to create a shortcut on your computer. With a shortcut, you'll then be able to directly access the online ordering system, even without opening our web site just by clicking on the icon (extension .rdp).
  3. Once you accept the connection, a grey screen will appear, asking you for a password. Do not enter a password here; just click the OK button to continue.
  4. Wait a few moments for the online ordering system to load.
  5. If you've already registered, just you can enter your user ID and password, otherwise click on "Register" button and fill out the registration form.
online ordering system

 

Clicking on the hideously orange "online ordering system" button downloaded an .rdp file:

    screen mode id:i:2
    autoreconnection enabled:i:1
    username:s:beneeats
    domain:s:
    alternate shell:s:
    shell working directory:s:
    disable wallpaper:i:1
    disable full window drag:i:0
    disable menu anims:i:0
    disable themes:i:0
    disable cursor setting:i:0
    bitmapcachepersistenable:i:1

 

And opening that .rdp file of course opened a connection to their server using Remote Desktop Connection.

 

"I didn't try to log in as Administrator," wrote Ludovico, "mostly out of pity." Clicking the OK button did exactly what it advertised:

 

"I couldn't help myself and pressed Ctrl-Alt-End. This brought up Task Manager, allowing me to run anything I'd want (cmd.exe and explorer.exe were already in the history), or change the password, shut down the machine, etc.

 

Ludovico adds, "I did not dare to check if I could run things as other users, but I could see other users logged in ('cash desk', 'administration'), presumably so that the complete database of users, orders, and payments could be easily accessed from home. I visit this website from time to time and it has surprisingly survived over the past few years, though I would really love to know the story which led to this innovative online ordering system being created in the first place."

And that story, dear readers, I'll leave as an exercise of your imagination. Feel free to share your version of the story in the comments.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!