Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

Platform update: please use our new authentication mechanism to securely use the Open Bug Bounty Platform.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,647,947 coordinated disclosures
1,296,509 fixed vulnerabilities
1,895 bug bounty programs, 3,774 websites
42,011 researchers, 1,626 honor badges

_metamorfosec_ | Security Researcher Profile

Security researcher _metamorfosec_ has already helped fix 4276 vulnerabilities.

Researcher reputation:  630

Real name:

About me:
Security Researcher, Independent Software Vendor, Self-Published Author

Contact email:
[email protected]

Alternative Contacts:
[email protected]

Award / Bug Bounty I prefer:
I assume that you have (1) respect, (2) negotiation skill, & (3) read and understood

I prefer:
Bounty (50-500 USD/EUR, preferably 250)
Recommendation/Free Stuff/etc

Follow me on:

Ethics and Rules:
irfan is required to abide by the ethics and rules of the Open Bug Bounty project. If you reasonably believe that rules are not respected, please report this to us.

Recommendations and Acknowledgements

@PSM_DiegoGB     29 September, 2022
    Twitter PSM_DiegoGB Diego from PSM:
Thanks for reporting the XSS problem. We have fixed the vulnerability on our website.
@scegliesmarode     18 July, 2022
    Twitter scegliesmarode Wolfgang from SCEGliesmarode:
Thanks to metamorfosec for reporting the XSS problem on our websites.
I could fix the problem in a very short time.
Professional communication and quick and detailed responses.
Thanks alot!
@MrMoney84315336     12 July, 2022
    Twitter MrMoney84315336 Jens Weck from Mr-Money Software GmbH:
Thanks for reporting the XSS problem on our websites.
We were able to fix the problem within 3 hours.
Great job - thank you
@WebtunGrafix     21 March, 2022
    Twitter WebtunGrafix Thomas from Webtun Grafix:
Thank you for noticing the problem of one of our customers and that we were able to resolve it quickly.
Thank you!
@AirChildVA     11 March, 2022
    Twitter AirChildVA Matthias Hoffmann from AirChildVA:
We would like to thank metamorfosec for reporting some XSS-Vulnerabilities on our site responsible. We did fix those now.
@skyynet_de     19 November, 2021
    Twitter skyynet_de Ingo from Skyynet:
Thanks for informing me about a general PHP malfunction which could be used to scam people on my website.
@AxelZim98609454     20 October, 2021
    Twitter AxelZim98609454 Axel from deltacity:
Thank you very much for finding and evaluating a vulnerability on our website. We really appreciate your help!
@MMWin     6 October, 2021
    Twitter MMWin Cole from MusicMaster, Inc.:
Very quick response and very helpful! We were able to patch the vulnerability quickly and privately.
@meanstest     24 September, 2021
    Twitter meanstest Albin from LegalConsumer:
Thanks for the detailed report and helping us zero in and fix this problem quickly!
@bjdean     29 April, 2021
    Twitter bjdean bjdean from Home_co_uk:
Very helpful and responsive to queries, which assisted us both with resolving the reported issues and working with with OpenBugBounty.

Shows the first 10 recommendations. See all.

Please login via Twitter to add a recommendation

Honor Badges

Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

10+ Recommends
25+ Recommends
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics

Total reports:21105
Total reports on VIP sites:184
Total patched vulnerabilities:4276
Total vulnerabilities on Hold (Open Bug Bounty):409
Recommendations received:49
Active since:30.04.2018

Open Bug Bounty Certificate

Researcher Certificate

Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

No posts in blog yet

  Latest Patched


  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    23 November, 2023
Grace à Hatim_cf on a pu corrigé une faille mineure de sécurité.
    22 November, 2023
On behalf of our users on one of the pages hosted at, I'd like to thank Niko for his effort in finding and responsibly reporting an XSS vuln in one of our user's sites. The XSS was quickly patched after Niko's detailed report making the web a safer place again. Thanks!
    22 November, 2023
Ronald identified an XSS vulnerability on our site which could be fixed fast. Thanks for the provided information!
    4 November, 2023
Thank you for fixing the XSS vulnerability
    13 October, 2023
I am highly recommending Sajid for web assessments and penetrating testing. Sajid was highly professional and detailed in t heir approach towards finding vulnerabilities.