Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
643,251 coordinated disclosures
408,338 fixed vulnerabilities
963 bug bounties with 1,941 websites
19,287 researchers, 1214 honor badges

metamorfosec | Security Researcher Profile


Security researcher metamorfosec has already helped fix 2220 vulnerabilities.



Researcher reputation:  460

Real name:
irfan

About me:
A boutique service that provides consultancy for information security-related domain

How to contact me:
info[at]metamorfosec.com

NB: If you feel not receive response from me in 12 hours, please check your SPAM folder or send email to me again.

Award / Bug Bounty I prefer:
Bug bounty payment via PayPal or Bank Transfer, a recommendation on my profile, and/or any interesting stuff or offer

Recommendations and Acknowledgements | Full List:

@Pavlo851     2 October, 2020
    Twitter Pavlo851 Simone from Pixartprinting:
Irfan has been very helpful on helping our company to patch a vulnerability that was affecting all of our websites. We reach to him and he explained us the vulnerability that has been quickly patched. He has also checked the patch to verify that it was properly set up. Thanks a lot Irfan!
@6tematik     1 October, 2020
    Twitter 6tematik 6tematik from 6tematik:
Metamorfosec did a great job finding and evualuating our vulnerabilites. Very good communication with the researcher, he was very helping and quick.
@philipkujawski     17 August, 2020
    Twitter philipkujawski P K from WebToMed:
Thank you for reporting the problem and associated details!
@Robert_CMI     3 August, 2020
    Twitter Robert_CMI Robert from CMI:
Thank you for reporting the vulnerability on our website, we very much appreciate your quick response and good description of the issue.
@Yaha_no     2 June, 2020
    Twitter Yaha_no Atle from Y aha:
Thank you very much for reporting a problem on our website and help with giving detailed description and explanations on how we could solve it.
@vovsoft     15 April, 2020
    Twitter vovsoft Vovsoft from Vovsoft:
Thank you very much for finding the bug on our website and your responsible disclosure. Absolutely appreciated. You make the web a better place!
@omartanti     30 March, 2020
    Twitter omartanti Omar Tanti from Omar Tanti:
Thank you for reporting the problem and giving detailed explanations on how we would sort it out.
@justincarter     29 January, 2020
    Twitter justincarter Justin from Daemon:
Thanks for your clear and concise report and quick communication, a true security professional :)
@h0eschi     1 December, 2019
    Twitter h0eschi Martin from guideme:
Thank you very much for finding and evaluating a vulnerability on our website. Very professional and detailed communication.
@cloudrexx     17 October, 2019
    Twitter cloudrexx Thomas from Cloudrexx AG:
Thank you very much for making us aware of the issue and providing us a high quality vulnerability report which helped us identify the source of the vulnerability right away.
@SimianE     11 October, 2019
    Twitter SimianE Gary from Simian Enterprises:
A comprehensive report helped me quickly patch a vulnerability on a recently deployed client system. I very much appreciate you taking the time to report with a reproducible test case. Many thanks.
@tschipie     10 October, 2019
    Twitter tschipie Andreas from Bresser:
Thank you very much for finding and evaluating a vulnerability on our website. Very professional and detailed communication.
@KaldaJ     7 October, 2019
    Twitter KaldaJ Kalda from Kalda:
Thanks for reporting the problem and the vulnerability details.
@JensFis25000410     26 September, 2019
    Twitter JensFis25000410 Jens from netdoktor.de:
Thank you for making us aware of an issue on our site.
We really appreciate it.
@Marcel93092047     9 September, 2019
    Twitter Marcel93092047 Marcel Ruths from WIKA:
Thanks very much for the report!
We were sure that everything was proteced, but apparently we missed some special places where the escaping wasn't sufficient.
It is now fixed.
@maxiorel     19 August, 2019
    Twitter maxiorel Jan Polzer from Jan Polzer:
Thanks for reporting the problem and the vulnerability details.
@johannmw     9 August, 2019
    Twitter johannmw Johann MW from AAK:
Thank you for finding the vulnerability on our website.
It has been taken care of after your recommendations
Good work !
@mjimeneza     9 July, 2019
    Twitter mjimeneza Manu from Joma:
Thanks you very much for the advice about security issue in our site.
@perlpunks     8 July, 2019
    Twitter perlpunks Tina from perl-community.de:
Thanks very much for the report!
I was pretty sure that everything was safe, but apparently I missed two places where the escaping wasn't sufficient.
@LeifTher     20 May, 2019
    Twitter LeifTher Leif from Gurusoft AS:
Thank you so much for reporting security vulnerability and for the information needed to fix the issues.
@jesuscholiz     13 May, 2019
    Twitter jesuscholiz jesus from Adevinta:
Thanks for your help!
Your findings were accurate, and collaboration with you was easy.
It's is glad to see responsible disclosures like yours, that help Companies to fix security bugs.
Thanks!
@yalwa     28 March, 2019
    Twitter yalwa Jens from Yalwa:
Thanks for making us aware of CSRF vulnerabilities on our websites! They're more secure now.
@wirismath     1 March, 2019
    Twitter wirismath Llorenç from Wiris Math:
Thanks for reporting two bugs from our Math Suite Wiris Quizzes and CalcMe. It's now a better product thanks to you!
@DomainMOD     5 February, 2019
    Twitter DomainMOD Greg Chetcuti from DomainMOD:
Thank you so much for reporting this vulnerability in a responsible manner! We were able to find and fix this specific vulnerability, as well as another that was related, and we really appreciate your help in getting this sorted out!
@gizmotico     20 January, 2019
    Twitter gizmotico Andersen from VegaDesign.net:
Thank you so much for reporting security vulnerability and for the information needed to fix the issues.
@jackwolfskin     25 October, 2018
    Twitter jackwolfskin Christine from Jack Wolfskin:
Thank you very much for helping to make our website even more secure.
@wirthundhorn     22 August, 2018
    Twitter wirthundhorn Support from dtv.de:
Thank you helping us finding and fixing vulnerabilities.
@DanielGuenthe12     22 August, 2018
    Twitter DanielGuenthe12 Daniel Guenther from Visual Meta GmbH:
Very fast response and very detailed and helpful reply. The observations were all correct and the the HTML which was provided in the response correctly illustrated the vulnerability.

Overall great job and thanks for your efforts!
@tarif4you     17 August, 2018
    Twitter tarif4you Alex from DAIR Media:
Thank you very much for a great and in-depth explanation of the issue.
This kind of description makes it very easy to identify and fix the
problem. Really appreciate your help.
@kevinBaseCom     9 August, 2018
    Twitter kevinBaseCom Kevin from Online Commerce Ltd:
Thank you foro reporting a security issue with our website and for promptly providing the affected pages.
@sgiannandrea2     26 July, 2018
    Twitter sgiannandrea2 sgiannandrea from LepidaSpA:
Thank you so much for reporting XSS vulnerabilities on our websites.
@testmynet     23 June, 2018
    Twitter testmynet CA3LE from TestMy.net:
Thank you for helping me address my XSS issues.
@willy0611     12 June, 2018
    Twitter willy0611 Willy from BOINCstats.com:
Thank you for pointing out a security issue on the BOINCstats website. It helped me find and fix the issue and a few other issues as well.
@DriverEasy     8 June, 2018
    Twitter DriverEasy Driver Easy from Driver Easy:
Thank you so much for reporting the security issue and bringing this to our attention. We highly appreciate your time and professional skills in helping to make Driver Easy more secure.
We're working on the issue and will update with you when we fix it.
Thanks again for everything.
@karriere_ms     28 May, 2018
    Twitter karriere_ms Sina from Aschendorff Medien GmbH & Co. KG:
Thank you for reporting a security vulnerability on our websites and for giving us the information needed in order to patch it. We really appreciate your help!

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:11161
Total reports on VIP sites:170
Total patched vulnerabilities:2220
Total vulnerabilities on Hold (Open Bug Bounty):816
Recommendations received:35
Active since:30.04.2018

Open Bug Bounty Certificate


Researcher Certificate



No posts in blog yet


Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

  Latest Patched

 27.11.2020 parole.site123.me
 27.11.2020 dietnavi.com
 27.11.2020 boohoo.com
 27.11.2020 okidoki.ee
 27.11.2020 beon.ru
 27.11.2020 aftermarket.pl
 27.11.2020 da.ai
 27.11.2020 limeroad.com
 27.11.2020 tgrthaber.com.tr

  Latest Blog Posts

26.10.2020 by _r00t1ng_
Bypass Addslashes using Multibyte Character
26.10.2020 by _r00t1ng_
One Payload to Inject them all - MultiQuery Injection
26.10.2020 by _r00t1ng_
Routed SQL Injection
26.10.2020 by _r00t1ng_
DIOS the SQL Injectors Weapon
26.10.2020 by p4c3n0g3
How to find AngularJS XSS

  Recent Recommendations

@FileTrekker     27 November, 2020
    Twitter FileTrekker:
v0lk3n let us know about an issue on our website, was very polite and keen to help out. Thanks!
@guru_disiplin     27 November, 2020
    Twitter guru_disiplin:
If you are finding a good bug hunter, Cyberanteater is the one. Not only he help you to find bugs, he also suggesting solutions for the bugs with detailed instruction.

Really recommend him!!
@gamingonlinux     27 November, 2020
    Twitter gamingonlinux:
Found an issue in a file we left up that could have caused problems, let us know quickly. Great work.
@Dolibarr     27 November, 2020
    Twitter Dolibarr:
@Mr_Pr1M3 gave us cordialy several interesting reports and feedbacks to strengthen the security of our web sites sites. We thank him.
@studentdoctor     26 November, 2020
    Twitter studentdoctor:
Identified two CVEs that we responded to immediately. Excellent and friendly communication. Highest recommendation!

Thank you!