Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
505,170 coordinated disclosures
276,072 fixed vulnerabilities
700 bug bounties with 1,400 websites
14,292 researchers, 1057 honor badges

k0t Top Security Researcher of the Month | Security Researcher Profile


Security researcher k0t has already helped fix 2002 vulnerabilities.



Researcher reputation:  1460

About me:
Penetration tester & webdev.

How to contact me:
[email protected]

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Bug Bounty Payment, Gift Card, T-Shirts.

Recommendations and Acknowledgements | Full List:

    18 February, 2020
     Travelmath John from Travelmath:
Great job finding a vulnerability. I have fixed the issue now, thanks for your help!
    17 February, 2020
     bigwavedave_ca DaveB from BWD:
Many thanks to k0t for finding and reporting the XSS vulnerability on my website.
    17 February, 2020
     juunkwan juukwan from AID-DCC:
Thank you for your polite response.
It was very helpful.
    12 February, 2020
     willytobler Gerhard Ziegler from local heroes:
Thank you very much for finding the XSS bug on our website and your responsible disclosure. You make the web a better place! Absolutely appreciated.
    10 February, 2020
     MonnosGlobal Rafael Serrrano from MonnosGlobal:
Thank you for your work mate!
We really appreciated, thanks for your time help us.
The issue was reported promptly and follow up was fast.
    3 February, 2020
     vavideode Vavideo from Vavideo:
Thank you for making the web safer!
    17 January, 2020
     gexsi_search Kevin from Gexsi:
Many thanks for your support!
    16 January, 2020
     LiveAgent Ondrej from LiveAgent:
Thank you for reporting issue with our WordPress. We thought it had been already well protected, but after your report we decided to improve the security further. Good job.
    10 January, 2020
     sandrabouw Sandra from -:
Thanks for informing us and your quick replies.
    1 January, 2020
     BBrunekreeft Bert Brunekreeft from Lobbes.nl:
Appreciated the discovery and notification of the xss vulnerability! Thanks!
    25 December, 2019
     sandipkar44 Sandip Kar from LearnPick Technologies Inc:
k0t found a XSS Bug on our site, thanks for the research and the responsible disclosure!. Really appreciated.
    28 November, 2019
     sanjurosaves sanjurosaves from John E. Allen Inc.:
Thank you so much for finding the vulnerability in our website and prompting the patch!
    26 November, 2019
     timban4phuong Hen Ho from Tim Ban Bon Phuong:
Dear k0t,
Thank you very much for your time, and professional help on this crucial security matter.
Your report helped us identify the source of the vulnerability right away.
    14 November, 2019
     cloudrexx Thomas Wirz from Cloudrexx AG:
Thank you very much for making us aware of the issue and providing us a high quality vulnerability report which helped us identify the source of the vulnerability right away.
    13 November, 2019
     fislerdata fislerdata from FislerData:
Thank you for your work. The issue was reported promptly and follow up was fast.
    7 November, 2019
     StaffsMatthew Matthew from scramble.gg:
Highly professional - spotted a number of issues with wordpress instance & was very fast at communicating. Internet hero!
    30 October, 2019
     cpweather Christian from meteocentre.com:
Very nice to have warn me about a vulnerability! It has been patched very fast. Thanks for your kind help!
    30 October, 2019
     cpweather Christian from meteocentre.com:
Very nice to have warn me about a vulnerability! It has been patched very fast. Thanks for your kind help!
    10 October, 2019
     ziduniwien Zentraler Informatikdienst from University of Vienna:
Dear k0t,

The University of Vienna would like to thank you for your valuable contribution in finding a website security issue.

Your input is highly welcome and helps to raise the security level of our educational institution.

Servus and greetings from Vienna, Austria.
    17 September, 2019
     pacotix Fran from Inxenio:
Thanks a lot for your finding!
    12 September, 2019
     phdev6 ph-dev from Peter Hahn:
k0t found a XSS Bug on our site, thanks for the research and the responsible disclosure!
    11 September, 2019
     westcacom Edwin from westca.com:
Thanks a lot for reporting a vulnerability on our website, you did an amazing work!
    7 September, 2019
     dusalnet blogmn.net from blogmn.net:
Thank you for identifying the XSS issue on my site! You have been very helpful!
    3 September, 2019
     runlevelone Per :
Thanks for your findings and swift response!
    31 August, 2019
     primehalo Ken from absoluteanime:
Thank you for the help!
    22 August, 2019
     SelectLine_GmbH Web-Team from SelectLine Software GmbH:
Thanks for pointing out a vulnerability on one of our websites. And for the professional support.
    14 August, 2019
     convertunits John from Convert Units:
Great job finding a vulnerability. I have fixed the issue now, thanks for your help!
    25 July, 2019
     testmynet Damon from TestMy.net:
Thank you for catching my unescaped variable!
    19 July, 2019
     nitrc_info NITRC Team from NITRC:
Thank you for the report with proof of concept!
    19 July, 2019
     AndyTrier Andreas from KV Trier-Saarburg:
He found the next bug on our Website! THANK YOU
Professional help, great work!
    11 July, 2019
     AndyTrier Andreas from KV Trier-Saarburg:
Dear k0t, Thank You. You make a very good job. With your indications we can fixed the bug in few minutes. Thank you!
    8 July, 2019
     AndyTrier Andreas from KV Trier-Saarburg:
Thank you for reporting XSS vulnerability. Great work!
    28 June, 2019
     hearthstonehu Bence from Hearthstone Hungary:
Thank you for reporting the XSS vulnerability on my website. You helped me find the issue, and now the website is safer, thanks to you!
    27 June, 2019
     RMV1983 Michael from eduvdom:
Thanks for the report of the security research. This helped to find and fix the problem.
    22 June, 2019
     PaulAtTheHug TallPaul from WalkLakes:
Not only found some XSS vulnerabilities but, by doing so, lead us to spot some others which hadn't yet been picked by anyone. So most helpful.
    17 June, 2019
     opensolr Ciprian Dimofte from Opensolr SRL:
Thank you very much for your time, and professional help on this crucial security matter.
This could have been catastrophic for our business, would it not have been for your great work !
    6 June, 2019
     aapit David Spreekmeester from Grrr:
Thanks to k0t's sharp observations, we were made aware of a security issue and could patch it before it caused any troubles.
    3 June, 2019
     wirismath Marketing & Communications from WIRIS MATH:
Thanks to k0t indications, we were able to fix a vulnerability in one of our websites quickly. Now this website is much safer for everyone
    30 May, 2019
     MalagaCarCom Ruben from MalagaCar.com:
Hi k0t, we've followed your indications and have fixed the vulnerability in a few minutes. Thank you very much!
    28 May, 2019
     ziduniwien Computer Center from University of Vienna:
Dear k0t,

The University of Vienna would like to thank you for your valuable contribution in finding multiple website security issues. Your input is highly welcome and helps to raise the security level of our educational institution.

Servus and greetings from Vienna, Austria.
    17 May, 2019
     derbarkeeper mixable from mixable:
Thank you for reporting XSS vulnerability. Great work!
    17 May, 2019
     derbarkeeper mixable from mixable:
Thanks k0t for reporting XSS vulnerability on our website!
    16 May, 2019
     biblegateway Bible Gateway from Bible Gateway:
This person's report was accurate and allowed us to implement a fix quickly. Thank you!
    13 May, 2019
     everlats Guillaume from Everlats:
Thanks k0t for your help! Great work!
    7 May, 2019
     source_dr source_dr :
and thanks a trillion for the 3rd XSS vulnerability found !
    2 May, 2019
     pavelmusil Pavel Musil from Musil:
Thank you for reporting XSS vulnerability
    25 April, 2019
     source_dr source_dr :
Thank you for reporting XSS vulnerability :-)
    21 April, 2019
     AniDBStatus AniDB from AniDB:
Thank you for reporting this bug. We appreciate your work!
    18 April, 2019
     myparadisio Yves from Paradisio:
Thanks k0t, for pointed out two XSS vulnerabilities on our website!
Your input was very much appreciated!
    2 April, 2019
     RESTPOSTENde Christoph from GKS Handelssysteme GmbH:
Thanks k0t for disclosing another issue to us - With your support, we could patch it immediately.
    2 April, 2019
     evergreen_uk Andrew Cope from Evergreen:
Thanks k0t, much appreciated
    29 March, 2019
     RESTPOSTENde Christoph from GKS Handelssysteme GmbH:
Thanks k0t for pointing the finger to a vulnerability on our website. Through his support we were able to patch it in almost no time. It's guys like him that make the internet a better and safer place!
    28 March, 2019
     evergreen_uk Andrew from Evergreen:
Thanks k0t, you're a star!
    27 March, 2019
     Shadertoy Note from Beautypi:
Thanks k0t for your research, it helped us make the website better. We appreciate your work!
    26 March, 2019
     ClementBourgoin Clément Bourgoin from Biblys:
Thanks for warning me about a forgotten phpinfo file!
    19 March, 2019
     interactmultim1 Christian from interact!multimedia:
Thank you k0t for reporting this bug. We appreciate your work!
    1 March, 2019
     uniteddomains united-domains from united-domains:
Thank you k0t for reporting this bug. We appreciate your work!
    14 February, 2019
     DomainMOD Greg Chetcuti from DomainMOD:
Thanks a lot for the report! We completely missed this vulnerability ourselves and are happy that you caught it!
    14 February, 2019
     fisher_of_men11 Andy from Mudconnect.com:
Thank you for helping me find and fix the XSS vulnerability on mudconnect!
    12 February, 2019
     dsmithgard Dan Smith from Patton Electronics:
Very helpful and responsive in helping me get my issue fixed.
    7 February, 2019
     rtvde rtvde from rtv media Group GmbH:
Thanks a lot for pointing us to that XSS-flaw. It should now be fixed.
    24 January, 2019
     astroseekcom Petr9 from Astro-Seek.com:
Thank you k0t for XSS vulnerability report. It has been fixed.
    18 January, 2019
     laufpix laufpix from laufpix.de:
Thanks for reporting a vunlerability on our website. He provided all the information needed and responded extremely fast. Our website is more secure now.
    11 January, 2019
     webdekd Note from Dek-D:
Thank you k0t for information that helped me fix vulnerabilities on my website.
    9 January, 2019
     Mikroelektron11 Aleksa from MikroElektronika:
I wanted to thank you for reporting XSS flaw on our website, for helping us to make our site secure.
    7 January, 2019
     _light_dem Matteo from Mys:
Fast and professional on replay he helped us found a vulnerability Xss
    12 December, 2018
     teachercorner Chad from TeachersCorner:
Thank you kOt for notifying us of this bug, and tips on how to fix it. We appreciate your research!
    24 October, 2018
     wirthundhorn Support from dtv.de:
Thank you k0t for the quick response that helped us fixing vulnerabilities on the page!
    24 July, 2018
     kathleenyano Kathleen :
Thank you k0t for finding an issue and providing a clear explanation of it. We are happy we were able to resolve it before it affected anyone and we couldn't have done it without your report.
    8 May, 2018
     JayGilmore Jay Gilmore from MODX Systems, LLC:
k0t is a true professional. They provided all the information needed and responded extremely fast. What more could you ask for? Our site is more secure as a result.
    23 March, 2018
     khusroks S Khan from Projectmanagement:
Thank you k0t for being helpful and professional in helping us patch vulnerabilities.
    6 December, 2017
     tfencl toddf :
k0t found a vulnerability and quickly responded providing additional information and PoC examples. Thank you very much for the quick response and for making the Internet a little safer by bringing this to us.
    26 July, 2017
     kovyrin Oleksiy Kovyrin from Swiftype Inc:
k0t has identified an XSS vulnerability on our website, provided us with all the necessary details to reproduce the problem and was really helpful in testing the site after we have applied our fixes. Thank you!
    29 December, 2016
     evergreen_uk Chris from Evergreen Computing Ltd:
k0t located 2 vulnerabilities on our company site. When contacted k0t responded quickly with all the information needed to fix them and was quick to retest once they had been fixed. Thanks k0t!
    29 November, 2016
     ActOnSoftware Jahvita Rastafari from Act-On Software:
With the assistance of k0t, we were able to identify and correct the issue quickly. Thank you for working with us to make the web a safer place for all.
    23 November, 2016
     MagnusJacobi Magnus from Jigidi.com:
k0t located several vulnerabilities on our site and replied very fast with useful information.

Thanks for taking the time to help us.
    26 October, 2016
     Mr_Papercut Mischa from Symbaloo:
Thank you k0t for the quick reply to our emails. The provided information was complete and helped us identify the issue right away. Let's keep on making the web a safer place

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:2979
Total reports on VIP sites:749
Total patched vulnerabilities:2002
Total vulnerabilities on Hold (Open Bug Bounty):139
Recommendations received:77
Active since:05.05.2016
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week



No posts in blog yet


Reported Vulnerabilities

All Submissions VIP Submissions

Domain Reported Status Type
20.02.2020
On Hold
Cross Site Scripting
19.02.2020
On Hold
Cross Site Scripting
19.02.2020
On Hold
Improper Access Control 
19.02.2020
On Hold
Cross Site Scripting
19.02.2020
On Hold
Cross Site Scripting
18.02.2020
On Hold
Cross Site Scripting
17.02.2020
On Hold
Cross Site Scripting
17.02.2020
On Hold
Cross Site Scripting
17.02.2020
On Hold
Improper Access Control 
17.02.2020
On Hold
Cross Site Scripting
17.02.2020
On Hold
Cross Site Scripting
17.02.2020
On Hold
Open Redirect
17.02.2020
On Hold
Improper Access Control 
16.02.2020
On Hold
Cross Site Scripting
16.02.2020
On Hold
Cross Site Scripting
16.02.2020
On Hold
Cross Site Scripting
16.02.2020
On Hold
Cross Site Scripting
16.02.2020
On Hold
Cross Site Scripting
14.02.2020
On Hold
Cross Site Scripting
14.02.2020
On Hold
Cross Site Scripting

  Latest Patched

 20.02.2020 reachlocal.com
 20.02.2020 info.reco.ws
 20.02.2020 job-hunt.org
 19.02.2020 olis.ri.gov
 19.02.2020 ppt.cc
 19.02.2020 cjdropshipping.com
 19.02.2020 koton.com
 19.02.2020 band.uol.com.br
 19.02.2020 myrealtrip.com
 19.02.2020 w3techs.com

  Latest Blog Posts

10.02.2020 by 0xrocky
Stored XSS on h2biz.net
10.02.2020 by ismailtsdln
SQL Injection Payload List
20.01.2020 by Rando02355205
XSS on "www.alibaba.com" (Alibaba WAF 405) Bypassed.
16.01.2020 by Open Bug Bounty
Brief Recap of Open Bug Bounty’s Record Growth in 2019
12.01.2020 by JCQ_47
WAF Cloudflare Bypass XSS at Nexusmods.com

  Recent Recommendations

    19 February, 2020
     UKClimbing:
Thanks for finding the XSS bug. Great communication.
    18 February, 2020
     Travelmath:
Great job finding a vulnerability. I have fixed the issue now, thanks for your help!
    18 February, 2020
     MotoDriveTv:
Thanks you Rajesh for reporting a bug without wanting to gain anything from it. Your quick response enabled us to swiftly fix the flaws you found, great help!
    18 February, 2020
     giroud_francois:
Thanks for notifying flaw, and for the answers ! Your support on fixing the issues was helpful... Friendly contact.
    17 February, 2020
     bigwavedave_ca:
Many thanks to k0t for finding and reporting the XSS vulnerability on my website.