Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 467,175 coordinated disclosures
249,301 fixed vulnerabilities
616 bug bounties with 1238 websites
12,579 researchers, 974 honor badges

0xrocky Top VIP Security Researcher of the Month | Security Researcher Profile


Security researcher 0xrocky has already helped fix 1642 vulnerabilities.



Researcher reputation:  90

Real name:
Michele Corrias

About me:
I'm completing my M.Sc. degree in Computer Science at University of Milan (UniMi), Italy. More, I work for an ICT company in Milan.

How to contact me:
- e-mail: mhl dot crr at gmail dot com

Alternative Contacts:
- LinkedIn
- Twitter

Certifications & Diplomas:
- B.Sc. degree in Computer Science (UniMi)
- High school diploma

Experience in Application Security
< 1 year

Award / Bug Bounty I prefer:
A thanksgiving and a brief recommendation in my researcher profile will be really appreciated, but if you would like I'm open to:

- donations
- swag
- kudos
- hall of fame

Follow me on:
Twitter
LinkedIn

Recommendations and Acknowledgements

    4 November, 2019
     fabriziopandol5 fabrizio pandolfi from Minsait (Indra Company):
Thanks 0xrocky for identifying an XSS vulnerability and for letting us know and helping solve it. His collaboration was fundamental to solving our problems. Great security researcher to work with. Keep up the good work!
    18 October, 2019
     Cineca1969 Press Office from Cineca:
Thank you 0xrocky for identifying a vulnerability and making us aware of it. Great security researcher to work with. Keep up the good work!
    17 October, 2019
     CosimoGdM CGdM from I1G:
A kudos to 0xrocky for his professional work in not using the identified vulnerabilities and alerting us
    17 October, 2019
     nickinckin Nicola Inchingolo from Arpa Puglia:
Thanks to 0xrocky for identifying the vulnerability. Now we patched the vulnerability.
    13 September, 2019
     DiEsse DiEsse from Jobbydoo:
Big thanks to 0xrocky for identifying and responsibly disclosing a vulnerability on our site!

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:1979
Total reports on VIP sites:36
Total patched vulnerabilities:1642
Total vulnerabilities on Hold (Open Bug Bounty):308
Recommendations received:5
Active since:19.07.2019
Top Security Researcher Awards: Top Security Researcher of the Month

Open Bug Bounty Certificate



17.10.2019  Stored XSS

I navigated this website: https://www.edilportale.com, an Italian web portal on construction. I found out that it was vulnerable to reflected XSS, as seen in the image.

Reflected XSS

Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

Domain Reported Status Type
07.11.2019
On Hold
Cross Site Scripting
07.11.2019
On Hold
Improper Access Control 
07.11.2019
On Hold
Cross Site Scripting
07.11.2019
On Hold
Cross Site Scripting
07.11.2019
On Hold
Cross Site Scripting
06.11.2019
On Hold
Cross Site Scripting
05.11.2019
On Hold
Improper Access Control 
05.11.2019
On Hold
Cross Site Scripting
05.11.2019
On Hold
Cross Site Scripting
05.11.2019
On Hold
Cross Site Scripting
05.11.2019
On Hold
Improper Access Control 
05.11.2019
On Hold
Improper Access Control 
05.11.2019
On Hold
Cross Site Scripting
05.11.2019
On Hold
Cross Site Scripting
03.11.2019
On Hold
Improper Access Control 
03.11.2019
On Hold
Cross Site Scripting
03.11.2019
On Hold
Improper Access Control 
03.11.2019
On Hold
Improper Access Control 
03.11.2019
On Hold
Improper Access Control 
03.11.2019
On Hold
Improper Access Control 

  Latest Patched

 12.11.2019 in-pocasi.cz
 12.11.2019 icecreamapps.com
 12.11.2019 qm41.com
 12.11.2019 booklooker.de
 11.11.2019 darty.com
 11.11.2019 rb.ru
 08.11.2019 brickset.com
 08.11.2019 lyricstranslate.com
 08.11.2019 mxplayer.in
 08.11.2019 le.utah.gov

  Latest Blog Posts

30.10.2019 by Nep_1337_1998
Denial of Service vulnerability in script-loader.php (CVE-2018-6389)
17.10.2019 by 0xrocky
Stored XSS
17.10.2019 by geeknik
The "S" in IOT is for Security
16.10.2019 by Fadavvi
Best XSS Vectors
01.10.2019 by Renzi25031469
#Security 100%

  Recent Recommendations

    12 November, 2019
     tonykhent:
thank you!
    12 November, 2019
     tonykhent:
Highly professional - spotted a number of issues with wordpress instance & was very fast at communicating. Internet hero!
    12 November, 2019
     tonykhent:
Highly professional - spotted a number of issues with wordpress instance & was very fast at communicating. Internet hero!
    12 November, 2019
     funzonekul:
Thank you for the assistance. Clearly stated issue, clear report. Thank you for your work
    12 November, 2019
     funzonekul:
Thank you for the assistance. Clearly stated issue, clear report. Thank you for your work