Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,119,359 coordinated disclosures
711,034 fixed vulnerabilities
1,469 bug bounty programs, 2,948 websites
25,803 researchers, 1,381 honor badges

Leon | Security Researcher Profile

Security researcher Leon has already helped fix 279 vulnerabilities.

Researcher reputation:  370

Real name:
Aldo Moreno

About me:
Cybersecurity enthusiast.
Bug bounty hunter.

Contact email:
[email protected]

Alternative Contacts:
[email protected]

Experience in Application Security
1-3 years

Award / Bug Bounty I prefer:
Paypal, BTC, gifts.

Paypal: [email protected]
BTC: 33x6BpPjBiR7g5UeefGQQuZLW2BVAd3aQV

Halls of Fame:
Telefonica Germany

Follow me on:

Recommendations and Acknowledgements

@Downnotify     29 March, 2019
    Twitter Downnotify Marijn Otte from
Aldo found a big security issue in our application, using a creative way to exploit it.
@AsictSoc     18 November, 2020
    Twitter AsictSoc Security Operation Center from Politecnico di Milano:
Dear Leon,

the SOC of Politecnico di Milano would like to thank you for disclosing us a XSS vulnerability on our infrastructure.
@kevinBaseCom     21 February, 2020
    Twitter kevinBaseCom Kevin from Online Commerce Ltd:
Thanks for finding and alerting about an XSS issue with our newsletter.
@SecuriteInfoCom     10 February, 2020
    Twitter SecuriteInfoCom Arnaud Jacques from
Very good pentester.
Thank you Aldo !
@phdev6     12 September, 2019
    Twitter phdev6 ph-dev from Peter Hahn:
Leon found a XSS bug on our site. Thanks a lot!
@itsecop     23 April, 2019
    Twitter itsecop itsecop :
Thanks Geek_Pwn, for pointed out XSS vulnerabilities on our website!
Your input was very much appreciated!
@JimM97459222     17 February, 2019
    Twitter JimM97459222 Jim from GH:
Thank you for pointing out the XSS vulnerability in our site. We appreciate your work and quick response. Thank you!!
@HIGHFLYERS_WA     19 December, 2018
    Twitter HIGHFLYERS_WA Tom from WADC:
Thanks a lot for making our webserver more secure! Thums up!
@nietofarias     10 July, 2018
    Twitter nietofarias Ignacio Nieto from Despegar:
Thanks Aldo for reporting us some XSS vulnerabilities! It was very helpful!
@TucWebmaster     25 June, 2018
    Twitter TucWebmaster Frank Richter from TU Chemnitz:
Geek_Pwn discovered XSS bugs in my site. Thanks for reporting them to us and checking our fixes, your work is appreciated!

Shows the first 10 recommendations. See all.

Please login via Twitter to add a recommendation

Honor Badges

Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

10+ Recommends
25+ Recommends
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics

Total reports:376
Total reports on VIP sites:40
Total patched vulnerabilities:279
Recommendations received:17
Active since:20.09.2017

Open Bug Bounty Certificate

Researcher Certificate

Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

No posts in blog yet

  Latest Patched


  Latest Blog Posts

11.11.2021 by mistry4592
The Most used Chrome Extensions are Used For Penetration Testing.
08.10.2021 by NNeuchi
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)
26.08.2021 by PyaePhyoThu98
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)
14.07.2021 by Open Bug Bounty
Interview With Open Bug Bounty
25.05.2021 by 0xrocky
Google XSS Game

  Recent Recommendations

@EplayerTv     1 December, 2021
    Twitter EplayerTv:
Very good researcher, also provides clear instructions how to easily fix issue.
@martin_ouwehand     30 November, 2021
    Twitter martin_ouwehand:
We thank KhanJanny for his responsible disclosure of an XSS in one of our Web sites
@Securityteam11     29 November, 2021
    Twitter Securityteam11:
Indrakant notified us responsibly in relation to an issue with one of our websites. Upon seeking further information. his response was prompt and thorough. Thank you Indrakant great effort.
@chrisbeach     29 November, 2021
    Twitter chrisbeach:
Helped me fix a bug on my site - thanks joe-grizzly!
@chrisbeach     27 November, 2021
    Twitter chrisbeach:
Thanks very much for reporting a bug in my website