Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
557,611 coordinated disclosures
357,000 fixed vulnerabilities
846 bug bounties with 1,635 websites
17,406 researchers, 1156 honor badges

k0t Top Security Researcher of the Month | Security Researcher Profile


Security researcher k0t has already helped fix 2160 vulnerabilities.



Researcher reputation:  1920

About me:
Penetration tester & webdev.

How to contact me:
[email protected]

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Bug Bounty Payment, Gift Card, T-Shirts.

Recommendations and Acknowledgements | Full List:

    5 August, 2020
     kkb5mobile Shinichi Ueno from Kagoshima Broadcastiong corporation:
Thank you for pointing out the vulnerability.
Thanks to you, I was able to respond safely.
    27 July, 2020
     TandyUKServers James Tandy from TandyUK Servers:
This researcher found and responsibly disclosed several XSS vulnerabilities on our clients site.
Many Thanks for helping make the web a safer place in a responsible way.
    22 July, 2020
     TandyUKServers James Tandy from TandyUK Servers:
Thank you very much for reporting the XSS vulnerability and your quick response.
    14 July, 2020
     tnyaritm Tamas from Mediashop:
Many thanks for your efforts to report the vulnerability and helped us to fix it. I recommend this researcher!
    27 June, 2020
     vmarci21 Marton :
Thank you for reporting the vulnerability!
Your report help us to improve our page security.
We are really appreciated your work.
    22 June, 2020
     PaulKLeasure1 PKLeasure from PKLeasure:
Ser found SQL injection vulnerability issues on one of the sites I work. Ser specified the issue by documenting with excellent clarity and provided the details needed to resolve the issue swiftly. Thank you Ser!
    25 May, 2020
     VICTOR__Europe Frank from VICTOR Europe GmbH:
Thank you for helping us to fix the critical SQL injection.
Friendly contact, thanks for the effort.
    18 May, 2020
     tnyaritm Tamás from Telemarketing International:
Many thanks for your efforts to find and help for fixing the vulnerability on our webshop. I recommend your skills for every website owner!
    18 May, 2020
     AnimeCons Patrick from FanCons:
Found a number of XSS issues we had open. Very helpful info!
    15 May, 2020
     CartRover William from CartRover:
Thank you very much for your detailed report and helping to make our site more secure.
    14 May, 2020
     rundumsbaby rundumsbaby from rundumsbaby:
Thank you very much for reporting the XSS vulnerability and your quick response.
    13 May, 2020
     Maik_U2 Maik from U2tour:
Thank you for finding SQLi and XSS bugs on our site. Great Work!
Thanks for making the web a securer place.
    12 May, 2020
     RuncornLinnets Steve P from Runcorn Linnets FC:
Many thanks for finding and reporting the issue on our website. Really appreciate the responsible approach.
    6 May, 2020
     seedfinder j.a. from seedfinder:
thanks for using your time to make the world a better place - and specially for letting us know about the XSS problem!!! keep on the good work man!
    4 May, 2020
     abyssws Technical support from Aprelium:
Thank you for spotting the XSS and for reporting it to us.

The overall exchange was friendly and very professional.
    30 April, 2020
     MartySoft liquidmaker :
Thank you k0t for finding the vulnerability.
Friendly contact, thanks for the effort.
    20 April, 2020
     conbinijapan Tanaka from Conbini:
Thank you for the bug report.
I can recommend this security researcher.
    17 April, 2020
     Hansaplastique Hansaplastique from www.weethet.nl:
Excellent, and very detailed, reporting!
I highly recommend k0t!
    15 April, 2020
     vovsoft Vovsoft from Vovsoft:
Thank you helping us finding and fixing vulnerabilities.
    13 April, 2020
     jbossman Jason Boss from 153news.net:
The world thanks you for helping 153news.net stay safe. We are extremely lucky to have hackers who will help humanity. God bless you brother.
    7 April, 2020
     Rumskkurs Andrey from UaBanks.com.ua:
Thank you for helping us find security problems on our website!
    31 March, 2020
     admonaut Frank from Administartor Technology:
Many thanks for your support and assistance. Good job :-)
    31 March, 2020
     aylab Albert from YatesSolutions:
Thank you for informing me of the issue you found and being so thorough with your details, finding and fixing the problem would have been hard without it.
    5 March, 2020
     reinisroz Reinis from Orion.lv:
Thanks researcher for the xss vulnerability report. Appreciated!
    18 February, 2020
     Travelmath John from Travelmath:
Great job finding a vulnerability. I have fixed the issue now, thanks for your help!
    17 February, 2020
     bigwavedave_ca DaveB from BWD:
Many thanks to k0t for finding and reporting the XSS vulnerability on my website.
    17 February, 2020
     juunkwan juukwan from AID-DCC:
Thank you for your polite response.
It was very helpful.
    12 February, 2020
     willytobler Gerhard Ziegler from local heroes:
Thank you very much for finding the XSS bug on our website and your responsible disclosure. You make the web a better place! Absolutely appreciated.
    10 February, 2020
     MonnosGlobal Rafael Serrrano from MonnosGlobal:
Thank you for your work mate!
We really appreciated, thanks for your time help us.
The issue was reported promptly and follow up was fast.
    3 February, 2020
     vavideode Vavideo from Vavideo:
Thank you for making the web safer!
    17 January, 2020
     gexsi_search Kevin from Gexsi:
Many thanks for your support!
    16 January, 2020
     LiveAgent Ondrej from LiveAgent:
Thank you for reporting issue with our WordPress. We thought it had been already well protected, but after your report we decided to improve the security further. Good job.
    10 January, 2020
     sandrabouw Sandra from -:
Thanks for informing us and your quick replies.
    1 January, 2020
     BBrunekreeft Bert Brunekreeft from Lobbes.nl:
Appreciated the discovery and notification of the xss vulnerability! Thanks!
    25 December, 2019
     sandipkar44 Sandip Kar from LearnPick Technologies Inc:
k0t found a XSS Bug on our site, thanks for the research and the responsible disclosure!. Really appreciated.
    28 November, 2019
     sanjurosaves sanjurosaves from John E. Allen Inc.:
Thank you so much for finding the vulnerability in our website and prompting the patch!
    26 November, 2019
     timban4phuong Hen Ho from Tim Ban Bon Phuong:
Dear k0t,
Thank you very much for your time, and professional help on this crucial security matter.
Your report helped us identify the source of the vulnerability right away.
    14 November, 2019
     cloudrexx Thomas Wirz from Cloudrexx AG:
Thank you very much for making us aware of the issue and providing us a high quality vulnerability report which helped us identify the source of the vulnerability right away.
    13 November, 2019
     fislerdata fislerdata from FislerData:
Thank you for your work. The issue was reported promptly and follow up was fast.
    7 November, 2019
     StaffsMatthew Matthew from scramble.gg:
Highly professional - spotted a number of issues with wordpress instance & was very fast at communicating. Internet hero!
    30 October, 2019
     cpweather Christian from meteocentre.com:
Very nice to have warn me about a vulnerability! It has been patched very fast. Thanks for your kind help!
    30 October, 2019
     cpweather Christian from meteocentre.com:
Very nice to have warn me about a vulnerability! It has been patched very fast. Thanks for your kind help!
    10 October, 2019
     ziduniwien Zentraler Informatikdienst from University of Vienna:
Dear k0t,

The University of Vienna would like to thank you for your valuable contribution in finding a website security issue.

Your input is highly welcome and helps to raise the security level of our educational institution.

Servus and greetings from Vienna, Austria.
    17 September, 2019
     pacotix Fran from Inxenio:
Thanks a lot for your finding!
    12 September, 2019
     phdev6 ph-dev from Peter Hahn:
k0t found a XSS Bug on our site, thanks for the research and the responsible disclosure!
    11 September, 2019
     westcacom Edwin from westca.com:
Thanks a lot for reporting a vulnerability on our website, you did an amazing work!
    7 September, 2019
     dusalnet blogmn.net from blogmn.net:
Thank you for identifying the XSS issue on my site! You have been very helpful!
    3 September, 2019
     runlevelone Per :
Thanks for your findings and swift response!
    31 August, 2019
     primehalo Ken from absoluteanime:
Thank you for the help!
    22 August, 2019
     SelectLine_GmbH Web-Team from SelectLine Software GmbH:
Thanks for pointing out a vulnerability on one of our websites. And for the professional support.
    14 August, 2019
     convertunits John from Convert Units:
Great job finding a vulnerability. I have fixed the issue now, thanks for your help!
    25 July, 2019
     testmynet Damon from TestMy.net:
Thank you for catching my unescaped variable!
    19 July, 2019
     nitrc_info NITRC Team from NITRC:
Thank you for the report with proof of concept!
    19 July, 2019
     AndyTrier Andreas from KV Trier-Saarburg:
He found the next bug on our Website! THANK YOU
Professional help, great work!
    11 July, 2019
     AndyTrier Andreas from KV Trier-Saarburg:
Dear k0t, Thank You. You make a very good job. With your indications we can fixed the bug in few minutes. Thank you!
    8 July, 2019
     AndyTrier Andreas from KV Trier-Saarburg:
Thank you for reporting XSS vulnerability. Great work!
    28 June, 2019
     hearthstonehu Bence from Hearthstone Hungary:
Thank you for reporting the XSS vulnerability on my website. You helped me find the issue, and now the website is safer, thanks to you!
    27 June, 2019
     RMV1983 Michael from eduvdom:
Thanks for the report of the security research. This helped to find and fix the problem.
    22 June, 2019
     PaulAtTheHug TallPaul from WalkLakes:
Not only found some XSS vulnerabilities but, by doing so, lead us to spot some others which hadn't yet been picked by anyone. So most helpful.
    17 June, 2019
     opensolr Ciprian Dimofte from Opensolr SRL:
Thank you very much for your time, and professional help on this crucial security matter.
This could have been catastrophic for our business, would it not have been for your great work !
    6 June, 2019
     aapit David Spreekmeester from Grrr:
Thanks to k0t's sharp observations, we were made aware of a security issue and could patch it before it caused any troubles.
    3 June, 2019
     wirismath Marketing & Communications from WIRIS MATH:
Thanks to k0t indications, we were able to fix a vulnerability in one of our websites quickly. Now this website is much safer for everyone
    30 May, 2019
     MalagaCarCom Ruben from MalagaCar.com:
Hi k0t, we've followed your indications and have fixed the vulnerability in a few minutes. Thank you very much!
    28 May, 2019
     ziduniwien Computer Center from University of Vienna:
Dear k0t,

The University of Vienna would like to thank you for your valuable contribution in finding multiple website security issues. Your input is highly welcome and helps to raise the security level of our educational institution.

Servus and greetings from Vienna, Austria.
    17 May, 2019
     derbarkeeper mixable from mixable:
Thank you for reporting XSS vulnerability. Great work!
    17 May, 2019
     derbarkeeper mixable from mixable:
Thanks k0t for reporting XSS vulnerability on our website!
    16 May, 2019
     biblegateway Bible Gateway from Bible Gateway:
This person's report was accurate and allowed us to implement a fix quickly. Thank you!
    13 May, 2019
     everlats Guillaume from Everlats:
Thanks k0t for your help! Great work!
    7 May, 2019
     source_dr source_dr :
and thanks a trillion for the 3rd XSS vulnerability found !
    2 May, 2019
     pavelmusil Pavel Musil from Musil:
Thank you for reporting XSS vulnerability
    25 April, 2019
     source_dr source_dr :
Thank you for reporting XSS vulnerability :-)
    21 April, 2019
     AniDBStatus AniDB from AniDB:
Thank you for reporting this bug. We appreciate your work!
    18 April, 2019
     myparadisio Yves from Paradisio:
Thanks k0t, for pointed out two XSS vulnerabilities on our website!
Your input was very much appreciated!
    2 April, 2019
     RESTPOSTENde Christoph from GKS Handelssysteme GmbH:
Thanks k0t for disclosing another issue to us - With your support, we could patch it immediately.
    2 April, 2019
     evergreen_uk Andrew Cope from Evergreen:
Thanks k0t, much appreciated
    29 March, 2019
     RESTPOSTENde Christoph from GKS Handelssysteme GmbH:
Thanks k0t for pointing the finger to a vulnerability on our website. Through his support we were able to patch it in almost no time. It's guys like him that make the internet a better and safer place!
    28 March, 2019
     evergreen_uk Andrew from Evergreen:
Thanks k0t, you're a star!
    27 March, 2019
     Shadertoy Note from Beautypi:
Thanks k0t for your research, it helped us make the website better. We appreciate your work!
    26 March, 2019
     ClementBourgoin Clément Bourgoin from Biblys:
Thanks for warning me about a forgotten phpinfo file!
    19 March, 2019
     interactmultim1 Christian from interact!multimedia:
Thank you k0t for reporting this bug. We appreciate your work!
    1 March, 2019
     uniteddomains united-domains from united-domains:
Thank you k0t for reporting this bug. We appreciate your work!
    14 February, 2019
     DomainMOD Greg Chetcuti from DomainMOD:
Thanks a lot for the report! We completely missed this vulnerability ourselves and are happy that you caught it!
    14 February, 2019
     fisher_of_men11 Andy from Mudconnect.com:
Thank you for helping me find and fix the XSS vulnerability on mudconnect!
    12 February, 2019
     dsmithgard Dan Smith from Patton Electronics:
Very helpful and responsive in helping me get my issue fixed.
    7 February, 2019
     rtvde rtvde from rtv media Group GmbH:
Thanks a lot for pointing us to that XSS-flaw. It should now be fixed.
    24 January, 2019
     astroseekcom Petr9 from Astro-Seek.com:
Thank you k0t for XSS vulnerability report. It has been fixed.
    18 January, 2019
     laufpix laufpix from laufpix.de:
Thanks for reporting a vunlerability on our website. He provided all the information needed and responded extremely fast. Our website is more secure now.
    11 January, 2019
     webdekd Note from Dek-D:
Thank you k0t for information that helped me fix vulnerabilities on my website.
    9 January, 2019
     Mikroelektron11 Aleksa from MikroElektronika:
I wanted to thank you for reporting XSS flaw on our website, for helping us to make our site secure.
    7 January, 2019
     _light_dem Matteo from Mys:
Fast and professional on replay he helped us found a vulnerability Xss
    12 December, 2018
     teachercorner Chad from TeachersCorner:
Thank you kOt for notifying us of this bug, and tips on how to fix it. We appreciate your research!
    24 October, 2018
     wirthundhorn Support from dtv.de:
Thank you k0t for the quick response that helped us fixing vulnerabilities on the page!
    24 July, 2018
     kathleenyano Kathleen :
Thank you k0t for finding an issue and providing a clear explanation of it. We are happy we were able to resolve it before it affected anyone and we couldn't have done it without your report.
    8 May, 2018
     JayGilmore Jay Gilmore from MODX Systems, LLC:
k0t is a true professional. They provided all the information needed and responded extremely fast. What more could you ask for? Our site is more secure as a result.
    23 March, 2018
     khusroks S Khan from Projectmanagement:
Thank you k0t for being helpful and professional in helping us patch vulnerabilities.
    6 December, 2017
     tfencl toddf :
k0t found a vulnerability and quickly responded providing additional information and PoC examples. Thank you very much for the quick response and for making the Internet a little safer by bringing this to us.
    26 July, 2017
     kovyrin Oleksiy Kovyrin from Swiftype Inc:
k0t has identified an XSS vulnerability on our website, provided us with all the necessary details to reproduce the problem and was really helpful in testing the site after we have applied our fixes. Thank you!
    29 December, 2016
     evergreen_uk Chris from Evergreen Computing Ltd:
k0t located 2 vulnerabilities on our company site. When contacted k0t responded quickly with all the information needed to fix them and was quick to retest once they had been fixed. Thanks k0t!
    29 November, 2016
     ActOnSoftware Jahvita Rastafari from Act-On Software:
With the assistance of k0t, we were able to identify and correct the issue quickly. Thank you for working with us to make the web a safer place for all.
    23 November, 2016
     MagnusJacobi Magnus from Jigidi.com:
k0t located several vulnerabilities on our site and replied very fast with useful information.

Thanks for taking the time to help us.
    26 October, 2016
     Mr_Papercut Mischa from Symbaloo:
Thank you k0t for the quick reply to our emails. The provided information was complete and helped us identify the issue right away. Let's keep on making the web a safer place

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:3215
Total reports on VIP sites:771
Total patched vulnerabilities:2160
Total vulnerabilities on Hold (Open Bug Bounty):37
Recommendations received:101
Active since:05.05.2016
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week



No posts in blog yet


Reported Vulnerabilities

All Submissions VIP Submissions

Domain Reported Status Type
13.08.2020
On Hold
Cross Site Scripting
13.08.2020
On Hold
Cross Site Scripting
13.08.2020
On Hold
Cross Site Scripting
13.08.2020
On Hold
Cross Site Scripting
13.08.2020
On Hold
Cross Site Scripting
13.08.2020
On Hold
Cross Site Scripting
07.08.2020
On Hold
Cross Site Scripting
04.08.2020
On Hold
Cross Site Scripting
30.07.2020
On Hold
Cross Site Scripting
20.07.2020
On Hold
Cross Site Scripting
18.07.2020
On Hold
Cross Site Scripting
16.07.2020
On Hold
Cross Site Scripting
10.07.2020
patched
Cross Site Scripting
08.07.2020
On Hold
Cross Site Scripting
06.07.2020
On Hold
Cross Site Scripting
26.06.2020
patched
Cross Site Scripting
23.06.2020
patched
Cross Site Scripting
23.06.2020
patched
Cross Site Scripting
22.06.2020
patched
Improper Access Control 
18.06.2020
On Hold
Cross Site Scripting

  Latest Patched

 14.08.2020 te31.com
 14.08.2020 apps.tn.gov
 13.08.2020 101domain.com
 13.08.2020 clickme.net
 13.08.2020 abebooks.co.uk
 13.08.2020 zvab.com
 13.08.2020 abebooks.com
 12.08.2020 prisguiden.no
 12.08.2020 daveramsey.com
 12.08.2020 2gis.kz

  Latest Blog Posts

24.06.2020 by Gkexamquiz
How to Find Contacts To Report Bugs & Security Vulnerabilities | Bug Bounty Tutorials 2020
24.06.2020 by 0xcrypto
Improper Access Control - Generic: Unrestricted access to any "connected pack" on docs in coda.io
04.04.2020 by Rando02355205
(Alibaba) message.alibaba.com [IDOR] - [Bug Bounty]
12.03.2020 by Rando02355205
(Paypal) www.paypal.com [CSP High Level] - [XSS Reflected] - [Bug Bounty] - [Write Up]
08.03.2020 by CybeReports
JDECO.net XSS Vulnerability| CybeReports

  Recent Recommendations

    13 August, 2020
     TristanGuiheux:
4N_CURZE has helped us to find and fix some issues on web sites we're protecting. This kind of help is greatly appreciated from a security perspective. This way we can improve ourselves and protect our customers.

More specifically, the completeness of the report and the details to correct the vulnerability were very appreciated. It was precise and clear. With such good writing skills proven by 4N_CURZE, it's easy to send it to developpers in a way they can understand both problematic and solution.

Thanks again in my name.
    13 August, 2020
     CPCuk:
Thank you for reporting the XSS vulnerability. We were able to resolve the issue thanks to the information you provided.
    12 August, 2020
     www_aasv_org:
Caught me having forgotten to entity-encode values when re-displaying an incomplete form submission. While the initial report was all I needed to patch, Rajash considerately provided additional detail without being asked through the openbugbounty comments.
    10 August, 2020
     msawired:
Thank you for reporting the XSS vulnerability. Your explanations were very helpful, and we were able to resolve the issue in no time.
    6 August, 2020
     Robert_CMI:
Thank you Rajesh for reporting vulnerabilities on our website, your quick and detailed response was very valuable to us!