[daraosn]

Don't understand the downvoting here.. Very irrational or emotional motivated. I'll explain why is a joke: $5,000 is nothing considering what could cost to Facebook if someone in a black market finds this, plus a CSRF vulnerability is from a Security 101 lecture nowadays. They do have the resources and should put more money to audit their production code and pay bigger bounties for someone who's not part of their company and finds a bug like this. Again, down voting non-sense.. this is not reddit guys, this is Hacker News.