In 2021 the company Dr. Oetker held a promotion to create one of their products. As part of this promotion they created a raffle. Everytime you bought one of their cakes, you received a code which you could use on their website.
I noticed that their website was very unsecure and vulnerable. As there were no rate limit checks, codes could simply be bruteforced, which is what this script does.
As of writing this (November 2021), the promotion is long over and the website not available anymore. I notified Dr. Oetker of this vulnerability shortly after discovering and testing it. I heard back from them in a very short email afterwards, neither confirming nor denying that they were going to fix the vulnerability. It stayed up for the remainder of the promotion.
I'm making this repository public for archival purposes.