If he "finds the email address of user DefaultTrust and explain in detail how he did it", he gets 1 ounce of gold worth in BTC. That's based on what OP said about his vulnerability: "about emails & usernames";

But, he can get more based on a few factors found in the thread I linked above. Example: Root access from a regular user (8 ounces) related to a security flaw in non-PHP software used by the forum (150%) would give him 150% of 8 oz of gold = 12 oz.