Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
657,212 coordinated disclosures
411,882 fixed vulnerabilities
995 bug bounties with 1,996 websites
19,420 researchers, 1217 honor badges

k0tTop-50 VIP Open Redirect Reporter Top Security Researcher of the Month | Security Researcher Profile


Security researcher k0t has already helped fix 2221 vulnerabilities.



Researcher reputation:  2010

About me:
Penetration tester & webdev.

How to contact me:
[email protected]

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Bug Bounty Payment, Gift Card, T-Shirts.

Recommendations and Acknowledgements | Full List:

@hitcomnewmedia     17 November, 2020
    Twitter hitcomnewmedia Ralf from hitcom gmbh:
Thank you for reporting the vulnerability!
We already fixed it.
@WebShakeRU     10 November, 2020
    Twitter WebShakeRU Artyom from webshake.ru:
Thank you!
@lorenzoherrera     16 September, 2020
    Twitter lorenzoherrera Loren from Litmind:
k0t found an elusive XSS vulnerability in our site and provided us with a comprehensive report that allowed us to patch it. He's now in our hall of fame: https://www.litmind.com/bughunters
@mender_io     1 September, 2020
    Twitter mender_io Michael from mender.io:
k0t helped us by reporting an XSS vulnerability. We were able to fix the issue thanks to their report, their help is much appreciated!
@CPCuk     19 August, 2020
    Twitter CPCuk Rob from The CPC:
k0t helped disclose an XSS vulnerability on our website. With his help, we were able to patch this issue and close up the vulnerability. Thank you very much for your help, and thank you for helping to make the web a safer place.
@kkb5mobile     5 August, 2020
    Twitter kkb5mobile Shinichi Ueno from Kagoshima Broadcastiong corporation:
Thank you for pointing out the vulnerability.
Thanks to you, I was able to respond safely.
@TandyUKServers     27 July, 2020
    Twitter TandyUKServers James Tandy from TandyUK Servers:
This researcher found and responsibly disclosed several XSS vulnerabilities on our clients site.
Many Thanks for helping make the web a safer place in a responsible way.
@TandyUKServers     22 July, 2020
    Twitter TandyUKServers James Tandy from TandyUK Servers:
Thank you very much for reporting the XSS vulnerability and your quick response.
@tnyaritm     14 July, 2020
    Twitter tnyaritm Tamas from Mediashop:
Many thanks for your efforts to report the vulnerability and helped us to fix it. I recommend this researcher!
@vmarci21     27 June, 2020
    Twitter vmarci21 Marton :
Thank you for reporting the vulnerability!
Your report help us to improve our page security.
We are really appreciated your work.
@PaulKLeasure1     22 June, 2020
    Twitter PaulKLeasure1 PKLeasure from PKLeasure:
Ser found SQL injection vulnerability issues on one of the sites I work. Ser specified the issue by documenting with excellent clarity and provided the details needed to resolve the issue swiftly. Thank you Ser!
@VICTOR__Europe     25 May, 2020
    Twitter VICTOR__Europe Frank from VICTOR Europe GmbH:
Thank you for helping us to fix the critical SQL injection.
Friendly contact, thanks for the effort.
@tnyaritm     18 May, 2020
    Twitter tnyaritm Tamás from Telemarketing International:
Many thanks for your efforts to find and help for fixing the vulnerability on our webshop. I recommend your skills for every website owner!
@AnimeCons     18 May, 2020
    Twitter AnimeCons Patrick from FanCons:
Found a number of XSS issues we had open. Very helpful info!
@CartRover     15 May, 2020
    Twitter CartRover William from CartRover:
Thank you very much for your detailed report and helping to make our site more secure.
@rundumsbaby     14 May, 2020
    Twitter rundumsbaby rundumsbaby from rundumsbaby:
Thank you very much for reporting the XSS vulnerability and your quick response.
@Maik_U2     13 May, 2020
    Twitter Maik_U2 Maik from U2tour:
Thank you for finding SQLi and XSS bugs on our site. Great Work!
Thanks for making the web a securer place.
@RuncornLinnets     12 May, 2020
    Twitter RuncornLinnets Steve P from Runcorn Linnets FC:
Many thanks for finding and reporting the issue on our website. Really appreciate the responsible approach.
@seedfinder     6 May, 2020
    Twitter seedfinder j.a. from seedfinder:
thanks for using your time to make the world a better place - and specially for letting us know about the XSS problem!!! keep on the good work man!
@abyssws     4 May, 2020
    Twitter abyssws Technical support from Aprelium:
Thank you for spotting the XSS and for reporting it to us.

The overall exchange was friendly and very professional.
@MartySoft     30 April, 2020
    Twitter MartySoft liquidmaker :
Thank you k0t for finding the vulnerability.
Friendly contact, thanks for the effort.
@conbinijapan     20 April, 2020
    Twitter conbinijapan Tanaka from Conbini:
Thank you for the bug report.
I can recommend this security researcher.
@Hansaplastique     17 April, 2020
    Twitter Hansaplastique Hansaplastique from www.weethet.nl:
Excellent, and very detailed, reporting!
I highly recommend k0t!
@vovsoft     15 April, 2020
    Twitter vovsoft Vovsoft from Vovsoft:
Thank you helping us finding and fixing vulnerabilities.
@jbossman     13 April, 2020
    Twitter jbossman Jason Boss from 153news.net:
The world thanks you for helping 153news.net stay safe. We are extremely lucky to have hackers who will help humanity. God bless you brother.
@jbossman     13 April, 2020
    Twitter jbossman Jason Boss from 153news.net:
The world thanks you for helping 153news.net stay safe. We are extremely lucky to have hackers who will help humanity. God bless you brother.
@Rumskkurs     7 April, 2020
    Twitter Rumskkurs Andrey from UaBanks.com.ua:
Thank you for helping us find security problems on our website!
@admonaut     31 March, 2020
    Twitter admonaut Frank from Administartor Technology:
Many thanks for your support and assistance. Good job :-)
@aylab     31 March, 2020
    Twitter aylab Albert from YatesSolutions:
Thank you for informing me of the issue you found and being so thorough with your details, finding and fixing the problem would have been hard without it.
@reinisroz     5 March, 2020
    Twitter reinisroz Reinis from Orion.lv:
Thanks researcher for the xss vulnerability report. Appreciated!
@Travelmath     18 February, 2020
    Twitter Travelmath John from Travelmath:
Great job finding a vulnerability. I have fixed the issue now, thanks for your help!
@bigwavedave_ca     17 February, 2020
    Twitter bigwavedave_ca DaveB from BWD:
Many thanks to k0t for finding and reporting the XSS vulnerability on my website.
@juunkwan     17 February, 2020
    Twitter juunkwan juukwan from AID-DCC:
Thank you for your polite response.
It was very helpful.
@willytobler     12 February, 2020
    Twitter willytobler Gerhard Ziegler from local heroes:
Thank you very much for finding the XSS bug on our website and your responsible disclosure. You make the web a better place! Absolutely appreciated.
@MonnosGlobal     10 February, 2020
    Twitter MonnosGlobal Rafael Serrrano from MonnosGlobal:
Thank you for your work mate!
We really appreciated, thanks for your time help us.
The issue was reported promptly and follow up was fast.
@vavideode     3 February, 2020
    Twitter vavideode Vavideo from Vavideo:
Thank you for making the web safer!
@gexsi_search     17 January, 2020
    Twitter gexsi_search Kevin from Gexsi:
Many thanks for your support!
@LiveAgent     16 January, 2020
    Twitter LiveAgent Ondrej from LiveAgent:
Thank you for reporting issue with our WordPress. We thought it had been already well protected, but after your report we decided to improve the security further. Good job.
@sandrabouw     10 January, 2020
    Twitter sandrabouw Sandra from -:
Thanks for informing us and your quick replies.
@BBrunekreeft     1 January, 2020
    Twitter BBrunekreeft Bert Brunekreeft from Lobbes.nl:
Appreciated the discovery and notification of the xss vulnerability! Thanks!
@sandipkar44     25 December, 2019
    Twitter sandipkar44 Sandip Kar from LearnPick Technologies Inc:
k0t found a XSS Bug on our site, thanks for the research and the responsible disclosure!. Really appreciated.
@sanjurosaves     28 November, 2019
    Twitter sanjurosaves sanjurosaves from John E. Allen Inc.:
Thank you so much for finding the vulnerability in our website and prompting the patch!
@timban4phuong     26 November, 2019
    Twitter timban4phuong Hen Ho from Tim Ban Bon Phuong:
Dear k0t,
Thank you very much for your time, and professional help on this crucial security matter.
Your report helped us identify the source of the vulnerability right away.
@cloudrexx     14 November, 2019
    Twitter cloudrexx Thomas Wirz from Cloudrexx AG:
Thank you very much for making us aware of the issue and providing us a high quality vulnerability report which helped us identify the source of the vulnerability right away.
@fislerdata     13 November, 2019
    Twitter fislerdata fislerdata from FislerData:
Thank you for your work. The issue was reported promptly and follow up was fast.
@StaffsMatthew     7 November, 2019
    Twitter StaffsMatthew Matthew from scramble.gg:
Highly professional - spotted a number of issues with wordpress instance & was very fast at communicating. Internet hero!
@cpweather     30 October, 2019
    Twitter cpweather Christian from meteocentre.com:
Very nice to have warn me about a vulnerability! It has been patched very fast. Thanks for your kind help!
@cpweather     30 October, 2019
    Twitter cpweather Christian from meteocentre.com:
Very nice to have warn me about a vulnerability! It has been patched very fast. Thanks for your kind help!
@ziduniwien     10 October, 2019
    Twitter ziduniwien Zentraler Informatikdienst from University of Vienna:
Dear k0t,

The University of Vienna would like to thank you for your valuable contribution in finding a website security issue.

Your input is highly welcome and helps to raise the security level of our educational institution.

Servus and greetings from Vienna, Austria.
@pacotix     17 September, 2019
    Twitter pacotix Fran from Inxenio:
Thanks a lot for your finding!
@phdev6     12 September, 2019
    Twitter phdev6 ph-dev from Peter Hahn:
k0t found a XSS Bug on our site, thanks for the research and the responsible disclosure!
@westcacom     11 September, 2019
    Twitter westcacom Edwin from westca.com:
Thanks a lot for reporting a vulnerability on our website, you did an amazing work!
@dusalnet     7 September, 2019
    Twitter dusalnet blogmn.net from blogmn.net:
Thank you for identifying the XSS issue on my site! You have been very helpful!
@runlevelone     3 September, 2019
    Twitter runlevelone Per :
Thanks for your findings and swift response!
@primehalo     31 August, 2019
    Twitter primehalo Ken from absoluteanime:
Thank you for the help!
@SelectLine_GmbH     22 August, 2019
    Twitter SelectLine_GmbH Web-Team from SelectLine Software GmbH:
Thanks for pointing out a vulnerability on one of our websites. And for the professional support.
@convertunits     14 August, 2019
    Twitter convertunits John from Convert Units:
Great job finding a vulnerability. I have fixed the issue now, thanks for your help!
@testmynet     25 July, 2019
    Twitter testmynet Damon from TestMy.net:
Thank you for catching my unescaped variable!
@nitrc_info     19 July, 2019
    Twitter nitrc_info NITRC Team from NITRC:
Thank you for the report with proof of concept!
@AndyTrier     19 July, 2019
    Twitter AndyTrier Andreas from KV Trier-Saarburg:
He found the next bug on our Website! THANK YOU
Professional help, great work!
@AndyTrier     11 July, 2019
    Twitter AndyTrier Andreas from KV Trier-Saarburg:
Dear k0t, Thank You. You make a very good job. With your indications we can fixed the bug in few minutes. Thank you!
@AndyTrier     8 July, 2019
    Twitter AndyTrier Andreas from KV Trier-Saarburg:
Thank you for reporting XSS vulnerability. Great work!
@hearthstonehu     28 June, 2019
    Twitter hearthstonehu Bence from Hearthstone Hungary:
Thank you for reporting the XSS vulnerability on my website. You helped me find the issue, and now the website is safer, thanks to you!
@RMV1983     27 June, 2019
    Twitter RMV1983 Michael from eduvdom:
Thanks for the report of the security research. This helped to find and fix the problem.
@PaulAtTheHug     22 June, 2019
    Twitter PaulAtTheHug TallPaul from WalkLakes:
Not only found some XSS vulnerabilities but, by doing so, lead us to spot some others which hadn't yet been picked by anyone. So most helpful.
@opensolr     17 June, 2019
    Twitter opensolr Ciprian Dimofte from Opensolr SRL:
Thank you very much for your time, and professional help on this crucial security matter.
This could have been catastrophic for our business, would it not have been for your great work !
@aapit     6 June, 2019
    Twitter aapit David Spreekmeester from Grrr:
Thanks to k0t's sharp observations, we were made aware of a security issue and could patch it before it caused any troubles.
@wirismath     3 June, 2019
    Twitter wirismath Marketing & Communications from WIRIS MATH:
Thanks to k0t indications, we were able to fix a vulnerability in one of our websites quickly. Now this website is much safer for everyone
@MalagaCarCom     30 May, 2019
    Twitter MalagaCarCom Ruben from MalagaCar.com:
Hi k0t, we've followed your indications and have fixed the vulnerability in a few minutes. Thank you very much!
@ziduniwien     28 May, 2019
    Twitter ziduniwien Computer Center from University of Vienna:
Dear k0t,

The University of Vienna would like to thank you for your valuable contribution in finding multiple website security issues. Your input is highly welcome and helps to raise the security level of our educational institution.

Servus and greetings from Vienna, Austria.
@derbarkeeper     17 May, 2019
    Twitter derbarkeeper mixable from mixable:
Thank you for reporting XSS vulnerability. Great work!
@derbarkeeper     17 May, 2019
    Twitter derbarkeeper mixable from mixable:
Thanks k0t for reporting XSS vulnerability on our website!
@biblegateway     16 May, 2019
    Twitter biblegateway Bible Gateway from Bible Gateway:
This person's report was accurate and allowed us to implement a fix quickly. Thank you!
@everlats     13 May, 2019
    Twitter everlats Guillaume from Everlats:
Thanks k0t for your help! Great work!
@source_dr     7 May, 2019
    Twitter source_dr source_dr :
and thanks a trillion for the 3rd XSS vulnerability found !
@pavelmusil     2 May, 2019
    Twitter pavelmusil Pavel Musil from Musil:
Thank you for reporting XSS vulnerability
@source_dr     25 April, 2019
    Twitter source_dr source_dr :
Thank you for reporting XSS vulnerability :-)
@AniDBStatus     21 April, 2019
    Twitter AniDBStatus AniDB from AniDB:
Thank you for reporting this bug. We appreciate your work!
@myparadisio     18 April, 2019
    Twitter myparadisio Yves from Paradisio:
Thanks k0t, for pointed out two XSS vulnerabilities on our website!
Your input was very much appreciated!
@RESTPOSTENde     2 April, 2019
    Twitter RESTPOSTENde Christoph from GKS Handelssysteme GmbH:
Thanks k0t for disclosing another issue to us - With your support, we could patch it immediately.
@evergreen_uk     2 April, 2019
    Twitter evergreen_uk Andrew Cope from Evergreen:
Thanks k0t, much appreciated
@RESTPOSTENde     29 March, 2019
    Twitter RESTPOSTENde Christoph from GKS Handelssysteme GmbH:
Thanks k0t for pointing the finger to a vulnerability on our website. Through his support we were able to patch it in almost no time. It's guys like him that make the internet a better and safer place!
@evergreen_uk     28 March, 2019
    Twitter evergreen_uk Andrew from Evergreen:
Thanks k0t, you're a star!
@Shadertoy     27 March, 2019
    Twitter Shadertoy Note from Beautypi:
Thanks k0t for your research, it helped us make the website better. We appreciate your work!
@ClementBourgoin     26 March, 2019
    Twitter ClementBourgoin Clément Bourgoin from Biblys:
Thanks for warning me about a forgotten phpinfo file!
@interactmultim1     19 March, 2019
    Twitter interactmultim1 Christian from interact!multimedia:
Thank you k0t for reporting this bug. We appreciate your work!
@uniteddomains     1 March, 2019
    Twitter uniteddomains united-domains from united-domains:
Thank you k0t for reporting this bug. We appreciate your work!
@DomainMOD     14 February, 2019
    Twitter DomainMOD Greg Chetcuti from DomainMOD:
Thanks a lot for the report! We completely missed this vulnerability ourselves and are happy that you caught it!
@fisher_of_men11     14 February, 2019
    Twitter fisher_of_men11 Andy from Mudconnect.com:
Thank you for helping me find and fix the XSS vulnerability on mudconnect!
@dsmithgard     12 February, 2019
    Twitter dsmithgard Dan Smith from Patton Electronics:
Very helpful and responsive in helping me get my issue fixed.
@rtvde     7 February, 2019
    Twitter rtvde rtvde from rtv media Group GmbH:
Thanks a lot for pointing us to that XSS-flaw. It should now be fixed.
@astroseekcom     24 January, 2019
    Twitter astroseekcom Petr9 from Astro-Seek.com:
Thank you k0t for XSS vulnerability report. It has been fixed.
@laufpix     18 January, 2019
    Twitter laufpix laufpix from laufpix.de:
Thanks for reporting a vunlerability on our website. He provided all the information needed and responded extremely fast. Our website is more secure now.
@webdekd     11 January, 2019
    Twitter webdekd Note from Dek-D:
Thank you k0t for information that helped me fix vulnerabilities on my website.
@Mikroelektron11     9 January, 2019
    Twitter Mikroelektron11 Aleksa from MikroElektronika:
I wanted to thank you for reporting XSS flaw on our website, for helping us to make our site secure.
@_light_dem     7 January, 2019
    Twitter _light_dem Matteo from Mys:
Fast and professional on replay he helped us found a vulnerability Xss
@teachercorner     12 December, 2018
    Twitter teachercorner Chad from TeachersCorner:
Thank you kOt for notifying us of this bug, and tips on how to fix it. We appreciate your research!
@wirthundhorn     24 October, 2018
    Twitter wirthundhorn Support from dtv.de:
Thank you k0t for the quick response that helped us fixing vulnerabilities on the page!
@kathleenyano     24 July, 2018
    Twitter kathleenyano Kathleen :
Thank you k0t for finding an issue and providing a clear explanation of it. We are happy we were able to resolve it before it affected anyone and we couldn't have done it without your report.
@JayGilmore     8 May, 2018
    Twitter JayGilmore Jay Gilmore from MODX Systems, LLC:
k0t is a true professional. They provided all the information needed and responded extremely fast. What more could you ask for? Our site is more secure as a result.
@khusroks     23 March, 2018
    Twitter khusroks S Khan from Projectmanagement:
Thank you k0t for being helpful and professional in helping us patch vulnerabilities.
@tfencl     6 December, 2017
    Twitter tfencl toddf :
k0t found a vulnerability and quickly responded providing additional information and PoC examples. Thank you very much for the quick response and for making the Internet a little safer by bringing this to us.
@kovyrin     26 July, 2017
    Twitter kovyrin Oleksiy Kovyrin from Swiftype Inc:
k0t has identified an XSS vulnerability on our website, provided us with all the necessary details to reproduce the problem and was really helpful in testing the site after we have applied our fixes. Thank you!
@evergreen_uk     29 December, 2016
    Twitter evergreen_uk Chris from Evergreen Computing Ltd:
k0t located 2 vulnerabilities on our company site. When contacted k0t responded quickly with all the information needed to fix them and was quick to retest once they had been fixed. Thanks k0t!
@ActOnSoftware     29 November, 2016
    Twitter ActOnSoftware Jahvita Rastafari from Act-On Software:
With the assistance of k0t, we were able to identify and correct the issue quickly. Thank you for working with us to make the web a safer place for all.
@MagnusJacobi     23 November, 2016
    Twitter MagnusJacobi Magnus from Jigidi.com:
k0t located several vulnerabilities on our site and replied very fast with useful information.

Thanks for taking the time to help us.
@Mr_Papercut     26 October, 2016
    Twitter Mr_Papercut Mischa from Symbaloo:
Thank you k0t for the quick reply to our emails. The provided information was complete and helped us identify the issue right away. Let's keep on making the web a safer place

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:3266
Total reports on VIP sites:778
Total patched vulnerabilities:2221
Total vulnerabilities on Hold (Open Bug Bounty):29
Recommendations received:107
Active since:05.05.2016
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week



No posts in blog yet


Reported Vulnerabilities

All Submissions VIP Submissions

  Latest Patched

 04.12.2020 autobazar.eu
 04.12.2020 sitejabber.com
 04.12.2020 business-standard.com
 04.12.2020 brazzers.com
 04.12.2020 lsgkerala.gov.in
 04.12.2020 pearsoned.co.uk
 04.12.2020 fc.ele.me
 03.12.2020 sanhao.com
 03.12.2020 rsl.ru
 03.12.2020 shanebarker.com

  Latest Blog Posts

26.10.2020 by _r00t1ng_
Bypass Addslashes using Multibyte Character
26.10.2020 by _r00t1ng_
One Payload to Inject them all - MultiQuery Injection
26.10.2020 by _r00t1ng_
Routed SQL Injection
26.10.2020 by _r00t1ng_
DIOS the SQL Injectors Weapon
26.10.2020 by p4c3n0g3
How to find AngularJS XSS

  Recent Recommendations

@Crown_English     4 December, 2020
    Twitter Crown_English:
Vaishnav informed us of a minor vulnerability that we were able to very quickly fix. Many thanks.
@FabriceMarchon     4 December, 2020
    Twitter FabriceMarchon:
Thank you to HowardPotts.
He provided us some useful information about a potential security problem on our main website through openbugbounty.
We wouldn't have found it without his help. Thankfully it was an easy fix.
@CERT_rlp     3 December, 2020
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank H_chabik for a responsible and coordinated disclosure of multiple XSS vulnerabilities
@VMarvvy     3 December, 2020
    Twitter VMarvvy:
Thank you for reporting the bug and providing detail to fix it.
@obb_wr     2 December, 2020
    Twitter obb_wr:
Thanks Cyber_India for reporting the issue and for your prompt & friendly response.