Leon | Security Researcher Profile

Researcher reputation:  370

Real name:
Aldo Moreno

About me:
Cybersecurity enthusiast.
Bug bounty hunter.

How to contact me:
English or Spanish communication.

[email protected]

If you want to pentest your website, contact me.

Alternative Contacts:
[email protected]

Experience in Application Security
1-3 years

Award / Bug Bounty I prefer:
This is only if you want to reward me.
Paypal, Transferwise, BTC, gifts.

Paypal: [email protected]
Transferwise: [email protected]
BTC: 33x6BpPjBiR7g5UeefGQQuZLW2BVAd3aQV

Halls of Fame:
BBC
Dell
Papercut
PejaDesign
Tu-Chemnitz
Studis-Online
Telefonica Germany

Follow me on:
Twitter

Recommendations and Acknowledgements

    29 March, 2019

     Downnotify Marijn Otte from DownNotifier.com:

Aldo found a big security issue in our application, using a creative way to exploit it.

    18 November, 2020

     AsictSoc Security Operation Center from Politecnico di Milano:

Dear Leon, the SOC of Politecnico di Milano would like to thank you for disclosing us a XSS vulnerability on our infrastructure.

    21 February, 2020

     kevinBaseCom Kevin from Online Commerce Ltd:

Thanks for finding and alerting about an XSS issue with our newsletter.

    10 February, 2020

     SecuriteInfoCom Arnaud Jacques from SecuriteInfo.com:

Very good pentester. Thank you Aldo !

    12 September, 2019

     phdev6 ph-dev from Peter Hahn:

Leon found a XSS bug on our site. Thanks a lot!

    23 April, 2019

     itsecop itsecop :

Thanks Geek_Pwn, for pointed out XSS vulnerabilities on our website! Your input was very much appreciated!

    17 February, 2019

     JimM97459222 Jim from GH:

Thank you for pointing out the XSS vulnerability in our site. We appreciate your work and quick response. Thank you!!

    19 December, 2018

     HIGHFLYERS_WA Tom from WADC:

Thanks a lot for making our webserver more secure! Thums up!

    10 July, 2018

     nietofarias Ignacio Nieto from Despegar:

Thanks Aldo for reporting us some XSS vulnerabilities! It was very helpful!

    25 June, 2018

     TucWebmaster Frank Richter from TU Chemnitz:

Geek_Pwn discovered XSS bugs in my site. Thanks for reporting them to us and checking our fixes, your work is appreciated!

Shows the first 10 recommendations. See all.

Honor Badges

Number of Secured Websites

10+ Websites	50+ Websites	500+ Websites	WEB SECURITY VETERAN 1000+ Websites

Advanced Security Research

WAF Bypasser	CSRF Master 30+ Reports	AppSec Logic Master 30+ Reports	Fastest Fix Fix in 24 hours

Outstanding Achievements

Secured OBB	OBB Advocate	Improved OBB

Commitment to Remediate and Patch

Patch Master 55% Patched	Patch Guru 65% Patched	Patch Lord 75% Patched

Recommendations and Recognition

REPUTABLE 10+ Recommends	FAMOUS 25+ Recommends	GLOBALLY TRUSTED 50+ Recommends

Distinguished Blog Author

1 Post	3 Posts	5+ Posts

Research Statistics

Open Bug Bounty Certificate

18.09.2019  SSRF | Reading Local Files from DownNotifier server

Hello guys, this is my first write-up and I would like to share it with the bug bounty community, it’s a SSRF I found some months ago.

DownNotifier is an online tool to monitor a website downtime. This tool sends an alert to registered email and sms when the website is down.

DownNotifier has a BBP on Openbugbounty, so I decided to take a look on https://www.downnotifier.com. When I browsed to the website, I noticed a text field for URL and SSRF vulnerability quickly came to mind.