Ethical Hacking
Rahul Mohanraj, a security researcher was interested in getting millions of miles from United Airlines bounty program. The researcher found a minor bug on United Airlines website but decided not to report because it would not get much from it. So he decided to continue his research. As he went through the website, he found out that when changing secondary email to primary did not had CSRF token (Cross Site Request Forgery). He reported this bug and was awarded 50,000 miles from United Airlines.
So what is CSRF?
Cross-Site Request Forgery (CSRF) is a type of attack when malicious website, email, blog, message causes a user’s web browser to perform unwanted action normally with malicious intention.
