Leon | Security Researcher Profile

Researcher reputation:  360

Real name:
Aldo Moreno

About me:
Cybersecurity enthusiast.
Bug bounty hunter.

How to contact me:
English or Spanish communication.

[email protected]

If you want to pentest your website, contact me.

Alternative Contacts:
[email protected]

Experience in Application Security
1-3 years

Award / Bug Bounty I prefer:
This is only if you want to reward me.
Paypal, Transferwise, BTC, gifts.

Paypal: [email protected]
Transferwise: [email protected]
BTC: 33x6BpPjBiR7g5UeefGQQuZLW2BVAd3aQV

Halls of Fame:
BBC
Dell
Papercut
PejaDesign
Tu-Chemnitz
Studis-Online
Telefonica Germany

Follow me on:
Twitter

Recommendations and Acknowledgements

    29 March, 2019

     Downnotify Marijn Otte from DownNotifier.com:

Aldo found a big security issue in our application, using a creative way to exploit it.

    21 February, 2020

     kevinBaseCom Kevin from Online Commerce Ltd:

Thanks for finding and alerting about an XSS issue with our newsletter.

    10 February, 2020

     SecuriteInfoCom Arnaud Jacques from SecuriteInfo.com:

Very good pentester. Thank you Aldo !

    12 September, 2019

     phdev6 ph-dev from Peter Hahn:

Leon found a XSS bug on our site. Thanks a lot!

    23 April, 2019

     itsecop itsecop :

Thanks Geek_Pwn, for pointed out XSS vulnerabilities on our website! Your input was very much appreciated!

    17 February, 2019

     JimM97459222 Jim from GH:

Thank you for pointing out the XSS vulnerability in our site. We appreciate your work and quick response. Thank you!!

    19 December, 2018

     HIGHFLYERS_WA Tom from WADC:

Thanks a lot for making our webserver more secure! Thums up!

    10 July, 2018

     nietofarias Ignacio Nieto from Despegar:

Thanks Aldo for reporting us some XSS vulnerabilities! It was very helpful!

    25 June, 2018

     TucWebmaster Frank Richter from TU Chemnitz:

Geek_Pwn discovered XSS bugs in my site. Thanks for reporting them to us and checking our fixes, your work is appreciated!

    7 June, 2018

     uriblackman Uri from GIDEON:

Thanks Geek_Pwn for finding and alerting us to the XSS bug.

Shows the first 10 recommendations. See all.

Honor Badges

Number of Secured Websites

10+ Websites	50+ Websites	500+ Websites	WEB SECURITY VETERAN 1000+ Websites

Advanced Security Research

WAF Bypasser	CSRF Master 30+ Reports	AppSec Logic Master 30+ Reports	Fastest Fix Fix in 24 hours

Outstanding Achievements

Secured OBB	OBB Advocate	Improved OBB

Commitment to Remediate and Patch

Patch Master 55% Patched	Patch Guru 65% Patched	Patch Lord 75% Patched

Recommendations and Recognition

REPUTABLE 10+ Recommends	FAMOUS 25+ Recommends	GLOBALLY TRUSTED 50+ Recommends

Distinguished Blog Author

1 Post	3 Posts	5+ Posts

Research Statistics

Open Bug Bounty Certificate

18.09.2019  SSRF | Reading Local Files from DownNotifier server

Hello guys, this is my first write-up and I would like to share it with the bug bounty community, it’s a SSRF I found some months ago.

DownNotifier is an online tool to monitor a website downtime. This tool sends an alert to registered email and sms when the website is down.

DownNotifier has a BBP on Openbugbounty, so I decided to take a look on https://www.downnotifier.com. When I browsed to the website, I noticed a text field for URL and SSRF vulnerability quickly came to mind.