The computer science student at L.J. College of Engineering in Ahmedabad didn’t actually travel on the ticket, but he did alert Air India officials to the ‘bug’ – technical loopholes on a website that can allow a potential user to manipulate it to his/her advantage.
“My curiosity knows no bounds. I’ve always wondered if it’d be possible to travel across the world for free,” says Kanishk Sajnani, who recently revealed in a blog post (https://medium.com/@kanishksajnani/how-i-could-have-travelled-the-world-for-free-5bb10ac46ae5) that he had, in November 2015, booked a business class ticket on Air India’s website from New Delhi to San Francisco for just one rupee. “When my friends got to know about the one rupee ticket, they were amazed and wanted me to book tickets for them too.”
The computer science student at L.J. College of Engineering in Ahmedabad didn’t actually travel on the ticket, but he did alert Air India officials to the ‘bug’ – technical loopholes on a website that can allow a potential user to manipulate it to his/her advantage. Air India’s wasn’t the only website the 21-year-old ethical hacker has managed to find bugs in. He’s also alerted Faasos, ClearTrip and SpiceJet to similar bugs on their web portals. Sajnani says he was prompted put out this information in a public domain earlier this month by news of massive leak of information of Zomato’s users’ email addresses and passwords to “acquaint people of the loopholes in various well-known companies that they rely on”.
Internationally, people like Sajnani, who alert companies to ‘bugs’ in their online portals are rewarded (bug bounties) for pointing out loopholes and for not exploiting the same. Air India merely thanked Sajnani and offered him an internship, which he declined. Nevertheless, after his blog post went viral, HackerOne, a private bug bounty platform, sent him ‘The Swag’ — a hamper that includes Tshirt/hoodie and stickers bearing their name.
Sajnani learnt to look for bugs purely out of his curiosity by trawling through pages on Google. “I’d often read articles about people hacking into Facebook/Google and getting recognized and even recruited by these big companies or by the hacking community,” says Sajnani. This fascinated him so much that in June 2015 he started researching online on how to find bugs, and by October 2015, he’d detected his first bug on the Faasos platform.
Bug bounty
When a hacker/researcher discovers and flags bugs in a software or networks, they’re rewarded with a ‘bug bounty’.
Bug bounty programs are common in technology and IT companies, banks and even at govt agencies.
Between 2014-2016, Snapchat paid $70,000 to 125 researchers, whereas the US Govt’s programme paid $70,000 in all to the researchers in March 2016 as bug bounties.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Kanishk Sajnani")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}