Skip to content
View Chocapikk's full-sized avatar
🎯
Focusing
🎯
Focusing
810 followers · 161 following

Achievements

Achievement: Starstruckx3Achievement: Pair Extraordinairex3Achievement: Pull Sharkx2Achievement: Quickdraw

Achievements

Achievement: Starstruckx3Achievement: Pair Extraordinairex3Achievement: Pull Sharkx2Achievement: Quickdraw

Highlights

  • Pro

Block or report Chocapikk

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 250 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Chocapikk/README.md

Typing SVG

Note

Hi there! I'm Valentin Lobstein (aka Chocapikk), Security Engineer & Exploit Developer @ LeakIX.
Passionate about vulnerability research, exploit development, and internet-wide vulnerability detection.
Committed to sharing knowledge and building open-source tools

LinkedIn Instagram Twitter ProtonMail TryHackMe RootMe Ko-fi


🧰 Skills & Languages

Skills & Languages

πŸ“š Repositories
Tool Description Link
WPProbe Fast WordPress plugin enumeration GitHub
LFIHunt Scan & exploit Local File Inclusion (LFI) GitHub
LeakPy Query LeakIX.net API via Python GitHub
πŸ† Hall Of Fame
2023 – Ferrari 2024 – Siemens 2024 – Philips 2024 – Wikimedia
🚨 CVE Contributions
CVE Identifier Description Links
πŸ”’ CVE-2023-50917 Remote Code Execution in MajorDoMo GitHub
πŸ”’ CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228 Exploit chain in Vinchin Backup & Recovery GitHub
πŸ”’ CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818 Research and exploitation in DerbyNet GitHub
πŸ”’ CVE-2024-31819 Unauthenticated RCE in WWBN AVideo via systemRootPath GitHub
πŸ”’ CVE-2024-3032 Themify Builder < 7.5.8 – Open Redirect WPScan
πŸ”’ CVE-2025-2609 & CVE-2025-2610 Stored XSS in MagnusBilling 7.x (one unauthenticated) Blog Β· VulnCheck
πŸ”’ CVE-2025-2292, CVE-2025-30004, CVE-2025-30005 & CVE-2025-30006 Authenticated vulnerabilities in Xorcom CompletePBX ≀ 5.2.35 File Disclosure Β· Command Injection Β· Path Traversal Β· Reflected XSS
πŸ”’ CVE-2025-2611 ICTBroadcast <= 7.4 – Unauthenticated RCE via cookie injection GitHub
πŸ”’ CVE-2025-34147 to CVE-2025-34152 Multiple unauthenticated OS command injection vulnerabilities in the Shenzhen Aitemi M300 Wi-Fi Repeater (MT02). Affects: extap2g SSID, WISP-mode ssid, WPA2 key, PPPoE user, PPPoE passwd, time param in /protocol.csp?. Allows remote root code execution within Wi-Fi range. Part 1 Β· Part 2
🚨 Exploit Development & PoC

All PoCs and Metasploit modules consolidated in:
Chocapikk/msf-exploit-collection

☁️ LeakIX
  • Moderator & vulnerability hunter
  • Notable finding: Massive PSaux ransomware attack affecting 22,000 CyberPanel instances (BleepingComputer)
  • Follow on Twitter: @leak_ix

LeakIX

πŸ€“ Stats for Nerds

Introduction

Views
Visitors

🎢 Spotify

Spotify

Caution

⚠️ Disclaimer
Please use the information and exploits provided in my repositories for educational purposes and responsible disclosure only. I am not responsible for any misuse or damage caused by using these tools, scripts, or exploits.

Pinned Loading

  1. wpprobe wpprobe Public

    A fast WordPress plugin enumeration tool

    Go 693 92

  2. CVE-2023-29357 CVE-2023-29357 Public

    Microsoft SharePoint Server Elevation of Privilege Vulnerability

    Python 234 31

  3. CVE-2024-25600 CVE-2024-25600 Public

    Unauthenticated Remote Code Execution – Bricks <= 1.9.6

    Python 173 36

  4. CVE-2023-22515 CVE-2023-22515 Public

    CVE-2023-22515: Confluence Broken Access Control Exploit

    Python 137 30

  5. CVE-2024-45519 CVE-2024-45519 Public

    Zimbra - Remote Command Execution (CVE-2024-45519)

    Python 130 25

  6. CVE-2023-6553 CVE-2023-6553 Public

    Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

    Python 76 22