Valentin Lobstein

Chocapikk

Security Researcher & Exploit Developer

Breaking, building, and documenting. Vulnerability research, exploit development, and offensive security.

72 cves 82 exploits 57 articles

Latest

Xboard / V2Board: Magic Link Token Leak - Unauthenticated Account Takeover

The loginWithMailLink endpoint in Xboard and V2Board returns the magic login link in the HTTP response body, allowing unauthenticated attackers to take over any account - including admin.

Read more →

Recent

all →
Dumping PostgreSQL Without Credentials: Heap File Parsing for Offensive Security

Dumping PostgreSQL Without Credentials: Heap File Parsing for Offensive Security

A technique for extracting PostgreSQL data through arbitrary file read vulnerabilities - without credentials, without SQL access, without knowing the schema. Full auto-discovery via system catalogs.

PostgreSQLTechniqueFile Read
Windfall: From Path Traversal to RCE in Nextcloud Flow & Windmill

Windfall: From Path Traversal to RCE in Nextcloud Flow & Windmill

Critical vulnerabilities in Windmill: unauthenticated path traversal leading to RCE, plus an authenticated SQL injection enabling full privilege escalation (operator → super admin → root RCE). Affects standalone Windmill and Nextcloud Flow.

CVERCESQLi
>_

From Zero to Exploit Dev: What Actually Worked

How I went from knowing nothing about computers in 2020 to writing exploits. No magic, no shortcuts, just the process.

PersonalCareer
>_

How I Added PTY Support to Busybox Shells (When Everyone Said It Was Impossible)

Every shell handler fails on busybox/Alpine. No script, no python, no PTY. I fixed it with 80 lines of C and a base64 upload.

ToolsTechniqueTutorial
Reverse Engineering the ITE 8910 Keyboard RGB Protocol for OpenRGB

Reverse Engineering the ITE 8910 Keyboard RGB Protocol for OpenRGB

How I reverse-engineered the complete USB HID protocol of the ITE 8910 keyboard controller from a Windows DLL and .NET executable, and contributed per-key RGB support with 14 modes to OpenRGB - the first implementation for this chip on Linux.

Reverse EngineeringOpenRGBLinux
>_

OmniGen2: Unauthenticated RCE via Pickle Deserialization in BAAI's Reward Server

A critical unauthenticated RCE vulnerability in OmniGen2's reward server infrastructure. The Flask-based servers deserialize raw HTTP POST bodies with pickle.loads() without any authentication, giving instant code execution to anyone with network access.

CVERCE
Rick Astley

NEVER GONNA
GIVE YOU UP

You were warned.