About me 🫢


Valentin Lobstein (Chocapikk) 🫢

Ethical Hacker and Cybersecurity Enthusiast πŸ‘¨β€πŸ’»πŸ”

Hi everyone! I’m Valentin Lobstein, also known as Chocapikk. I am a pentester and cybersecurity student at Oteria Cyber School. My passion lies in ethical hacking, vulnerability research, and software development. I started my journey in pentesting in 2020, with almost no prior knowledge of using a PC. Since then, I have dedicated myself to learning and mastering the art of cybersecurity.

I am committed to sharing my knowledge and contributing to the cybersecurity community through my GitHub repositories. On GitHub, you can find various projects and tools that I have developed to help secure systems and applications. πŸŒπŸ’‘

On this blog, I will be sharing my experiences, discoveries, and tips related to cybersecurity. Feel free to explore my articles and follow me on GitHub to stay updated on my latest contributions and projects.

GitHub followers

🧰 Skills & Languages

πŸš€ Primary Language

Python

🌐 Secondary Languages

Lua PHP Ruby C

πŸ”§ Hacking Tools

Metasploit Burp Suite Wireshark Nmap Exploits

πŸ’» Operating Systems

Windows Mint Kali Manjaro

πŸ› οΈ Version Control

Git GitHub

πŸ† Hall Of Fame

Below is a list of Hall of Fame acknowledgments where my contributions to cybersecurity have been recognized:

Company Hall of Fame Year
Ferrari Ferrari Hall of Fame 2023
Siemens Siemens Hall of Thanks 2024
Philips Philips Hall of Honors 2024
Wikimedia Wikimedia Hall of Fame 2024

☁️ Additionally, I serve as a moderator and hunter at LeakIX, where I contribute to the discovery and responsible disclosure of vulnerabilities 🫢. You can find my profile here.

LeakIX

🚨 Exploit Development & PoC Contributions

In addition to my CVE contributions, I’ve been actively involved in developing exploits and PoCs to demonstrate potential security risks. These efforts provide the cybersecurity community with essential tools for testing and mitigation. Note that not all listed CVEs are mine, but I have contributed significantly to their PoC and exploit development.


  • πŸ”’ WordPress Backup & Migration 1.3.7 RCE (CVE-2023-6553)
    Reproduced and co-authored the Metasploit module - Packet Storm

  • πŸ”’ Vinchin Backup And Recovery Command Injection (CVE-2023-45498, CVE-2023-45499)
    Created a Metasploit module - Packet Storm

  • πŸ”’ MajorDoMo Command Injection (CVE-2023-50917)
    Developed a Metasploit module - Packet Storm

  • πŸ”’ Splunk XSLT Upload RCE (CVE-2023-46214)
    Authored a Metasploit module - Packet Storm

  • πŸ”’ WordPress Royal Elementor Addons And Templates Remote Shell Upload (CVE-2023-5360)
    Created a Metasploit module - Packet Storm

  • πŸ”’ Extensive VC Addons for WPBakery Page Builder < 1.9.1 Unauthenticated RCE (CVE-2023-0159)
    Reported LFI to RCE escalation - WPScan

  • πŸ”’ Bricks Builder Theme 1.9.6 Remote Code Execution (CVE-2024-25600) PoC Reproduction
    Reproduced PoC based on snicco’s research and developed a Metasploit module - GitHub
    Also published on Packet Storm - Packet Storm

  • πŸ”’ Unauthenticated RCE in WWBN AVideo (CVE-2024-31819)
    Developed a Metasploit module - Packet Storm

  • πŸ”’ WordPress Hash Form 1.1.0 Remote Code Execution (CVE-2024-5084)
    Developed a Metasploit module - Packet Storm

  • πŸ”’ SPIP 4.2.12 Remote Code Execution (CVE-2024-7954)
    Developed a Metasploit module - Packet Storm

  • πŸ”’ SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
    Developed a Metasploit module - Packet Storm

  • πŸ”’ VICIdial Authenticated Remote Code Execution
    Developed a Metasploit module - Packet Storm

πŸ’¬ Dedication

I would like to dedicate this section to my team Balgo Security, including Christ Bowel, Roland Hack, Trhacknon, and all the others who are a bit less active. Thank you for your invaluable support and collaboration! Without teamwork and mutual support, this page would not be as filled.