Hi there! I'm Valentin Lobstein, a pentester and cybersecurity student at Oteria Cyber School. I'm passionate about ethical hacking, vulnerability research, and software development. I love sharing my knowledge and contributing to the cybersecurity community through my GitHub repositories. ๐๐ก
In this GitHub account, you'll find a variety of cybersecurity projects. Feel free to explore, and learn! ๐ฎ๐
Below is a list of tools I've developed, which are designed to assist in various cybersecurity tasks:
Tool Name | Description | Link |
---|---|---|
LFIHunt | Advanced Tool To Scan And Exploit Local File Inclusion (LFI) Vulnerabilities. | GitHub |
LeakPy | Python-based tool to query LeakIX.net's API. | GitHub |
Below is a list of Hall of Fame acknowledgments where my contributions to cybersecurity have been recognized:
Company | Hall of Fame | Year |
---|---|---|
Ferrari Hall of Fame | 2023 | |
Siemens Hall of Thanks | 2024 | |
Philips Hall of Honors | 2024 | |
Wikimedia Hall of Fame | 2024 |
I have contributed to identifying and documenting several CVEs. Here's a list of CVEs I've worked on:
CVE ID | Description | Link |
---|---|---|
๐ CVE-2023-50917 | Remote Code Execution in MajorDoMo. | GitHub |
๐ CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228 | Exploit chain in Vinchin Backup & Recovery. | GitHub |
๐ CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818 | Research and exploitation in DerbyNet. | GitHub |
๐ CVE-2024-31819 | Unauthenticated RCE in WWBN AVideo via systemRootPath . |
GitHub |
๐ CVE-2024-3032 | Themify Builder < 7.5.8 - Open Redirect | WPScan |
Additionally, I serve as a moderator and hunter at LeakIX, contributing to the discovery and responsible disclosure of vulnerabilities
In addition to CVE contributions, I've been actively involved in exploit development and proof-of-concept (PoC) creation for various vulnerabilities. These efforts are aimed at demonstrating potential security risks and providing the cybersecurity community with tools for testing and mitigation.
Vulnerability | Description | Link |
---|---|---|
๐ WordPress Backup & Migration 1.3.7 RCE | Reproduced the exploit. | Packet Storm |
๐ Vinchin Backup And Recovery Command Injection (CVE-2023-45498, CVE-2023-45499) | Created a Metasploit module. | Packet Storm |
๐ MajorDoMo Command Injection (CVE-2023-50917) | Developed a Metasploit module. | Packet Storm |
๐ Splunk XSLT Upload RCE (CVE-2023-46214) | Authored a Metasploit module. | Packet Storm |
๐ WordPress Royal Elementor Addons And Templates Remote Shell Upload (CVE-2023-5360) | Created a Metasploit module. | Packet Storm |
๐ Extensive VC Addons for WPBakery Page Builder < 1.9.1 Unauthenticated RCE | Reported LFI to RCE escalation. | WPScan |
๐ Bricks Builder Theme 1.9.6 Remote Code Execution (CVE-2024-25600) PoC Reproduction | Reproduced PoC based on snicco's research and developed a Metasploit module. | GitHub Packet Storm |
๐ Unauthenticated RCE in WWBN AVideo (CVE-2024-31819) | Developed a Metasploit module. | Packet Storm |
๐ WordPress Hash Form 1.1.0 Remote Code Execution (CVE-2024-5084) | Developed a Metasploit module. | Packet Storm |
Caution