Hi there! I'm Valentin Lobstein, a pentester and cybersecurity student at Oteria Cyber School. I'm passionate about ethical hacking, vulnerability research, and software development. I love sharing my knowledge and contributing to the cybersecurity community through my GitHub repositories. ๐๐ก
-
Primary Language
-
Secondary Languages
-
Hacking Tools
-
Operating Systems
-
Version Control
In this GitHub account, you'll find a variety of cybersecurity projects. Feel free to explore, and learn! ๐ฎ๐
Below is a list of tools I've developed, which are designed to assist in various cybersecurity tasks:
| Tool Name | Description | Link |
|---|---|---|
| LFIHunt | Advanced Tool To Scan And Exploit Local File Inclusion (LFI) Vulnerabilities. | GitHub |
| LeakPy | Python-based tool to query LeakIX.net's API. | GitHub |
Below is a list of Hall of Fame acknowledgments where my contributions to cybersecurity have been recognized:
| Company | Hall of Fame | Year |
|---|---|---|
 |
Ferrari Hall of Fame | 2023 |
 |
Siemens Hall of Thanks | 2024 |
 |
Philips Hall of Honors | 2024 |
I have contributed to identifying and documenting several CVEs. Here's a list of CVEs I've worked on:
| CVE ID | Description | Link |
|---|---|---|
| ๐ CVE-2023-50917 | Remote Code Execution in MajorDoMo. | GitHub |
| ๐ CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228 | Exploit chain in Vinchin Backup & Recovery. | GitHub |
| ๐ CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818 | Research and exploitation in DerbyNet. | GitHub |
| ๐ CVE-2024-31819 | Unauthenticated RCE in WWBN AVideo via systemRootPath. |
GitHub |
| ๐ CVE-2024-3032 | Themify Builder < 7.5.8 - Open Redirect | WPScan |
Additionally, I serve as a moderator and hunter at LeakIX, contributing to the discovery and responsible disclosure of vulnerabilities
In addition to CVE contributions, I've been actively involved in exploit development and proof-of-concept (PoC) creation for various vulnerabilities. These efforts are aimed at demonstrating potential security risks and providing the cybersecurity community with tools for testing and mitigation.
| Vulnerability | Description | Link |
|---|---|---|
| ๐ WordPress Backup & Migration 1.3.7 RCE | Reproduced the exploit. | Packet Storm |
| ๐ Vinchin Backup And Recovery Command Injection (CVE-2023-45498, CVE-2023-45499) | Created a Metasploit module. | Packet Storm |
| ๐ MajorDoMo Command Injection (CVE-2023-50917) | Developed a Metasploit module. | Packet Storm |
| ๐ Splunk XSLT Upload RCE (CVE-2023-46214) | Authored a Metasploit module. | Packet Storm |
| ๐ WordPress Royal Elementor Addons And Templates Remote Shell Upload (CVE-2023-5360) | Created a Metasploit module. | Packet Storm |
| ๐ Extensive VC Addons for WPBakery Page Builder < 1.9.1 Unauthenticated RCE | Reported LFI to RCE escalation. | WPScan |
| ๐ Bricks Builder Theme 1.9.6 Remote Code Execution (CVE-2024-25600) PoC Reproduction | Reproduced PoC based on snicco's research and developed a Metasploit module. | GitHub Packet Storm |
| ๐ Unauthenticated RCE in WWBN AVideo (CVE-2024-31819) | Developed a Metasploit module. | Packet Storm |
Caution
Views
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent