Skip to content
View Chocapikk's full-sized avatar
🎯
Focusing
🎯
Focusing
876 followers · 164 following

Achievements

Achievement: Starstruckx3Achievement: Pair Extraordinairex3Achievement: Pull Sharkx2Achievement: Quickdraw

Achievements

Achievement: Starstruckx3Achievement: Pair Extraordinairex3Achievement: Pull Sharkx2Achievement: Quickdraw

Highlights

  • Pro

Block or report Chocapikk

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Chocapikk/README.md

Typing SVG

Note

Hi there! I'm Valentin Lobstein (aka Chocapikk), Security Engineer & Exploit Developer @ LeakIX.
Passionate about vulnerability research, exploit development, and internet-wide vulnerability detection.
Committed to sharing knowledge and building open-source tools

LinkedIn Instagram Twitter ProtonMail TryHackMe RootMe Ko-fi


🧰 Skills & Languages

Skills & Languages

📚 Repositories
Tool Description Link
WPProbe Fast WordPress plugin enumeration GitHub
LFIHunt Scan & exploit Local File Inclusion (LFI) GitHub
LeakPy Query LeakIX.net API via Python GitHub
🏆 Hall Of Fame
2023 – Ferrari 2024 – Siemens 2024 – Philips 2024 – Wikimedia
🚨 CVE Contributions
CVE Identifier Description Links
🔒 CVE-2023-50917 Remote Code Execution in MajorDoMo GitHub
🔒 CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228 Exploit chain in Vinchin Backup & Recovery GitHub
🔒 CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818 Research and exploitation in DerbyNet GitHub
🔒 CVE-2024-31819 Unauthenticated RCE in WWBN AVideo via systemRootPath GitHub
🔒 CVE-2024-3032 Themify Builder < 7.5.8 – Open Redirect WPScan
🔒 CVE-2025-2609 & CVE-2025-2610 Stored XSS in MagnusBilling 7.x (one unauthenticated) Blog · VulnCheck
🔒 CVE-2025-2292, CVE-2025-30004, CVE-2025-30005 & CVE-2025-30006 Authenticated vulnerabilities in Xorcom CompletePBX ≤ 5.2.35 File Disclosure · Command Injection · Path Traversal · Reflected XSS
🔒 CVE-2025-2611 ICTBroadcast <= 7.4 – Unauthenticated RCE via cookie injection GitHub
🔒 CVE-2025-34147 to CVE-2025-34152 Multiple unauthenticated OS command injection vulnerabilities in the Shenzhen Aitemi M300 Wi-Fi Repeater (MT02). Affects: extap2g SSID, WISP-mode ssid, WPA2 key, PPPoE user, PPPoE passwd, time param in /protocol.csp?. Allows remote root code execution within Wi-Fi range. Part 1 · Part 2
🚨 Exploit Development & PoC

All PoCs and Metasploit modules consolidated in:
Chocapikk/msf-exploit-collection

☁️ LeakIX

  • Security Engineer

  • Notable finding: Massive PSaux ransomware attack affecting 22,000 CyberPanel instances (BleepingComputer)

  • Follow on Twitter: @leak_ix

    LeakIX

Caution

⚠️ Disclaimer
Please use the information and exploits provided in my repositories for educational purposes and responsible disclosure only. I am not responsible for any misuse or damage caused by using these tools, scripts, or exploits.

Pinned Loading

  1. wpprobe wpprobe Public

    A fast WordPress plugin enumeration tool

    Go 746 97

  2. CVE-2023-29357 CVE-2023-29357 Public

    Microsoft SharePoint Server Elevation of Privilege Vulnerability

    Python 234 31

  3. CVE-2024-25600 CVE-2024-25600 Public

    Unauthenticated Remote Code Execution – Bricks <= 1.9.6

    Python 176 37

  4. CVE-2023-22515 CVE-2023-22515 Public

    CVE-2023-22515: Confluence Broken Access Control Exploit

    Python 145 31

  5. CVE-2024-45519 CVE-2024-45519 Public

    Zimbra - Remote Command Execution (CVE-2024-45519)

    Python 134 24

  6. CVE-2023-6553 CVE-2023-6553 Public

    Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

    Python 78 23