Hunt Thread

[Leon]

ajw- You did every thing correct. Last night the person I spoke with said they aren't really allowed to post on chat boards. I doubt they will come on here to explain it. best regards

[ajw]

Ok, given that the auction is over, I've had multiple requests for the information and the knowledge that Hunt is apparently fixing the problem, I'm going to pull back the curtain and show people what happened. Another reason I'm doing this now is because Hunt appears to have fixed the problem because I can no longer replicate what I was able to do on Wednesday night. If anyone disagrees, let me know.

A couple of weeks ago, I bookmarked the following URL because I could not figure out how to easily see the items I had bid on and their current status:

http://www.huntauctions.com/phone/re...bidder_id=####

The "####" at the end was my bidder ID. After bookmarking this, I could view the page from other computers and did not need to log into see my bid status. On Wednesday night, it finally dawned on me that it was very strange that I could see my information without logging in.

I looked at the URL and simply changed the #### to another number. Bam. There there was another bidder's name, address, email, phone and list of bids. The bids included not just their current bid, but also their max bid.

It didn't take too long to determine the highest bidder ID number and then work backwards. I'm not a computer guy, but I suspect your local high school has dozens of kids that could design a simple program to plug in all possible #### combinations and save the bid information. That would probably give you a full list of every bid made to that point. Obviously, that would not be a good thing.

Now that you see how easy it is, I am confident you will agree that it is unlikely that I am the first person to discover this flaw. I hope that no one used this to disadvantage other bidders. I further hope that Hunt will use this publicity as an opportunity to upgrade their website design. In fact, it was the lousy design that caused me to bookmark the page in the first place, thus leading me to my discovery.

Does this all make sense?

ajw

[glchen]

ajw, the issue is still not completely fixed yet. Please see the PM I sent you.

[ajw]

Quote:

Originally Posted by glchen

ajw, the issue is still not completely fixed yet. Please see the PM I sent you.

Jeez. That is true. It turns out there's another way to do the same thing. I just emailed Sonny at Hunt to let him know...

[HRBAKER]

Might be time for a website upgrade, or I guess we can fax in bids.

[slidekellyslide]

For a company that does several millions of dollars in business per year they can surely afford to move to the same auction design that just about every auction house besides REA is now using. I was one to never complain about their archaic website because I didn't have any problems navigating it, but I wasn't even aware that they could see my max bid.

[calvindog]

I don't even really look at Hunt anymore. The software is so lame, the ability to search, etc. It's a shame and there really is no good reason why they can't come into the 21st century with their platform.

[caramelcard]

I'm pretty sure their auction software will not support back scans as well.

[Leon]

Quote:

Originally Posted by caramelcard

I'm pretty sure their auction software will not support back scans as well.

Thanks Rob....that actually made me LOL....

[Rob D.]

Quote:

Originally Posted by caramelcard

I'm pretty sure their auction software will not support back scans as well.

A couple auctions ago they offered a fairly scarce version of a 1954 Indians pennant that had printing on both sides (a different design on each side). Now, wouldn't common sense dictate that if the only selling point of this pennant was the fact it had printing on both sides, an action house would, wait for it ... provide photos of both sides?

To Hunt's credit, it took only two e-mails and a phone call before they finally provided the second scan.

[oldjudge]

Where does one find their own bidder number?