Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 268,213 coordinated disclosures
157,045 fixed vulnerabilities
215,962 websites, 17,481 VIP websites
7,202 researchers, 6,915 subscribers

JOSEFOX | Security Researcher Profile


Security researcher JOSEFOX has already helped fix 120 vulnerabilities.



Researcher reputation:  120

Real name:
Youssef ABYAA

How to contact me:
You can contact me : https://twitter.com/josef0x
or : [email protected]

Experience in Application Security
1-3 years

Award / Bug Bounty I prefer:
> Bounty (Paypal)
> Swag (T-shirt)
> Public acknowledgement

Halls of Fame:
https://buffer.com/security
http://secure.sony.net/hallofthanks

Recommendations and Acknowledgements

    18 February, 2018
     jacobjovelou Jacob J from 1x Innovations AB:
Excellent researcher that helped us to find several XSS vulnerabilities on our website. Very friendly and professional communication.
    5 September, 2018
     levofski Chris Levy from Strategies:
Very helpfully found and gave us the details of a bad vulnerability in a website. Now patched thanks to the good information.
    14 June, 2018
     seokerwang Seoker Wang from Pointimize:
Thanks for pointing out the vulnerabilities. Very helpful and appreciated!
    2 April, 2018
     icarus200510 Saeyoung Lee from Bucheon city, Korea:
Thank you for notifying us of the issue with the XSS vulnerability.
Very helpful and very much appreciated.
    9 March, 2018
     schill_gmbh Ingo Schill from Schill GmbH & Co. KG:
Thanks for pointing out the error on our website in a professional manner. Very much appreciated.
    6 March, 2018
     ronnyadsetts Ronny Adsetts from Nikon Owner Magazine:
Thanks for pointing out the error on our website in a professional manner. Very much appreciated.
    7 February, 2018
     ComponentSpace Web Master from ComponentSpace:
Thank you for notifying us of the issue with the 3rd party forum software we are using.
    6 February, 2018
     Tomas_Vojta Tomas from Comptabilisation.fr:
Good JOB! Thank you for link for mistake where is broken our one GET parameter
    4 January, 2018
     AndrewRae Andrew Rae from PHPSUGAR.com:
We've patched the issue immediately with the help of JOSEFOX.

Very helpful in reporting the XSS vulnerability.

Please login via Twitter to add a recommendation

Awards and Achievements


Number of Secured Websites

10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Research Statistics



Total reports:380
Total reports on VIP sites:35
Total patched vulnerabilities:120
Total vulnerabilities on Hold (Open Bug Bounty):63
Recommendations received:9
Active since:13.12.2017

Open Bug Bounty Certificate



Reported Vulnerabilities

All Submissions VIP Submissions

Domain Reported Status Type
22.09.2018
On Hold
Cross Site Scripting
21.09.2018
On Hold
Cross Site Scripting
20.09.2018
On Hold
Cross Site Scripting
18.09.2018
On Hold
Cross Site Scripting
17.09.2018
On Hold
Cross Site Scripting
17.09.2018
On Hold
Cross Site Scripting
17.09.2018
On Hold
Cross Site Scripting
17.09.2018
On Hold
Cross Site Scripting
17.09.2018
On Hold
Cross Site Scripting
16.09.2018
On Hold
Cross Site Scripting
15.09.2018
On Hold
Cross Site Scripting
09.09.2018
On Hold
Cross Site Scripting
09.09.2018
On Hold
Cross Site Scripting
07.09.2018
On Hold
Cross Site Scripting
06.09.2018
On Hold
Cross Site Scripting
03.09.2018
On Hold
Open Redirect
02.09.2018
On Hold
Cross Site Scripting
01.09.2018
On Hold
Cross Site Scripting
01.09.2018
On Hold
Cross Site Scripting
01.09.2018
On Hold
Cross Site Scripting

  Latest Patched

      euronics.it
    Patched on 23.09.2018
      dailypioneer.com
    Patched on 23.09.2018
      bahn.de
    Patched on 22.09.2018
      krafta-musicas.co
    Patched on 22.09.2018
      gebraucht-kaufen.de
    Patched on 22.09.2018
      flirt4free.com
    Patched on 22.09.2018
      va.gov
    Patched on 22.09.2018
      soccer.com
    Patched on 21.09.2018
      getresponse.com
    Patched on 21.09.2018
      finam.ru
    Patched on 21.09.2018

  Recent Recommendations

    20 September, 2018
     Paruzzi_webm:
He pointed out a problem and was very helpfull in checking if I had fixed the problem.
    19 September, 2018
     franciscomesa:
Gh05tPT found a XSS vulnerability on our website and was quick to respond with technical detail. It's cool to find online researchers with this efficient profile.
    18 September, 2018
     iwayAG:
Thanks for the detailed report and the fast ans competent communication.
    18 September, 2018
     WebMore2:
Vielen Dank Armin für die gemeldete Schwachstelle. Wir könnten diese anhand deiner umfangreichen Informationen direkt beheben.
    18 September, 2018
     bencus23:
Thank you very much Rui for informing us about XSS (Cross Site Scripting) problem! You really helped us a lot! Big thanks!