Leon | Security Researcher Profile
Security researcher Leon has already helped fix 260 vulnerabilities.
Researcher reputation: 370
Real name:
Aldo Moreno
About me:
Cybersecurity enthusiast.
Bug bounty hunter.
How to contact me:
English or Spanish communication.
[email protected]
If you want to pentest your website, contact me.
Alternative Contacts:
[email protected]
Experience in Application Security
1-3 years
Award / Bug Bounty I prefer:
This is only if you want to reward me.
Paypal, Transferwise, BTC, gifts.
Paypal: [email protected]
Transferwise: [email protected]
BTC: 33x6BpPjBiR7g5UeefGQQuZLW2BVAd3aQV
Halls of Fame:
BBC
Dell
Papercut
PejaDesign
Tu-Chemnitz
Studis-Online
Telefonica Germany
Follow me on:
Twitter
Recommendations and Acknowledgements


Aldo found a big security issue in our application, using a creative way to exploit it. |


Dear Leon, the SOC of Politecnico di Milano would like to thank you for disclosing us a XSS vulnerability on our infrastructure. |


Thanks for finding and alerting about an XSS issue with our newsletter. |


Very good pentester. Thank you Aldo ! |


Thanks Geek_Pwn, for pointed out XSS vulnerabilities on our website! Your input was very much appreciated! |


Thank you for pointing out the XSS vulnerability in our site. We appreciate your work and quick response. Thank you!! |


Thanks a lot for making our webserver more secure! Thums up! |


Thanks Aldo for reporting us some XSS vulnerabilities! It was very helpful! |


Geek_Pwn discovered XSS bugs in my site. Thanks for reporting them to us and checking our fixes, your work is appreciated! |
Shows the first 10 recommendations. See all.
Honor Badges
Number of Secured Websites
![]() |
![]() |
![]() |
![]() |
10+ Websites
|
50+ Websites
|
500+ Websites
|
WEB SECURITY VETERAN
1000+ Websites
|
Advanced Security Research
![]() |
![]() |
![]() |
![]() |
WAF Bypasser
|
CSRF Master
30+ Reports
|
AppSec Logic Master
30+ Reports
|
Fastest Fix
Fix in 24 hours
|
Outstanding Achievements
![]() |
![]() |
![]() |
|
Secured OBB
|
OBB Advocate
|
Improved OBB
|
Commitment to Remediate and Patch
![]() |
![]() |
![]() |
|
Patch Master
55% Patched
|
Patch Guru
65% Patched
|
Patch Lord
75% Patched
|
Recommendations and Recognition
![]() |
![]() |
![]() |
|
REPUTABLE
10+ Recommends
|
FAMOUS
25+ Recommends
|
GLOBALLY TRUSTED
50+ Recommends
|
Distinguished Blog Author
![]() |
![]() |
![]() |
|
1 Post
|
3 Posts
|
5+ Posts
|
Research Statistics
Total reports: | 370 |
Total reports on VIP sites: | 40 |
Total patched vulnerabilities: | 260 |
Recommendations received: | 17 |
Active since: | 20.09.2017 |
18.09.2019 SSRF | Reading Local Files from DownNotifier server
Hello guys, this is my first write-up and I would like to share it with the bug bounty community, it’s a SSRF I found some months ago.
DownNotifier is an online tool to monitor a website downtime. This tool sends an alert to registered email and sms when the website is down.
DownNotifier has a BBP on Openbugbounty, so I decided to take a look on https://www.downnotifier.com. When I browsed to the website, I noticed a text field for URL and SSRF vulnerability quickly came to mind.
Reported Vulnerabilities
All Submissions VIP SubmissionsFeatured Submissions
Domain | Reported | Status | Type |
---|---|---|---|
16.12.2020
|
patched
|
Cross Site Scripting
|
|
22.07.2020
|
patched
|
Cross Site Scripting
|
|
21.07.2020
|
unpatched
|
Cross Site Scripting
|
|
10.07.2020
|
unpatched
|
Cross Site Scripting
|
|
09.07.2020
|
patched
|
Cross Site Scripting
|
|
08.07.2020
|
patched
|
Cross Site Scripting
|
|
07.07.2020
|
patched
|
Cross Site Scripting
|
|
06.07.2020
|
patched
|
Cross Site Scripting
|
|
05.07.2020
|
patched
|
Cross Site Scripting
|
|
04.07.2020
|
unpatched
|
Cross Site Scripting
|
|
04.07.2020
|
unpatched
|
Cross Site Scripting
|
|
18.06.2020
|
unpatched
|
Cross Site Scripting
|
|
11.06.2020
|
patched
|
Improper Access Control
|
|
10.06.2020
|
patched
|
Cross Site Scripting
|
|
10.06.2020
|
patched
|
Cross Site Scripting
|
|
20.02.2020
|
patched
|
Cross Site Scripting
|
|
16.02.2020
|
patched
|
Cross Site Scripting
|
|
10.02.2020
|
patched
|
Cross Site Scripting
|
|
29.01.2020
|
patched
|
Cross Site Scripting
|
|
21.01.2020
|
unpatched
|
Cross Site Scripting
|
Please login via Twitter to add a recommendation