Skip to content
View Chocapikk's full-sized avatar
🎯
Focusing
🎯
Focusing
867 followers · 160 following

Achievements

Achievement: Starstruckx3Achievement: Pair Extraordinairex3Achievement: Pull Sharkx2Achievement: Quickdraw

Achievements

Achievement: Starstruckx3Achievement: Pair Extraordinairex3Achievement: Pull Sharkx2Achievement: Quickdraw

Highlights

  • Pro

Block or report Chocapikk

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Chocapikk/README.md

Typing SVG

Note

Hi there! I'm Valentin Lobstein (aka Chocapikk), Security Engineer & Exploit Developer @ LeakIX.
Passionate about vulnerability research, exploit development, and internet-wide vulnerability detection.
Committed to sharing knowledge and building open-source tools

LinkedIn Instagram Twitter ProtonMail TryHackMe RootMe Ko-fi


🧰 Skills & Languages

Skills & Languages

πŸ“š Repositories
Tool Description Link
WPProbe Fast WordPress plugin enumeration GitHub
LFIHunt Scan & exploit Local File Inclusion (LFI) GitHub
LeakPy Query LeakIX.net API via Python GitHub
πŸ† Hall Of Fame
2023 – Ferrari 2024 – Siemens 2024 – Philips 2024 – Wikimedia
🚨 CVE Contributions
CVE Identifier Description Links
πŸ”’ CVE-2023-50917 Remote Code Execution in MajorDoMo GitHub
πŸ”’ CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228 Exploit chain in Vinchin Backup & Recovery GitHub
πŸ”’ CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818 Research and exploitation in DerbyNet GitHub
πŸ”’ CVE-2024-31819 Unauthenticated RCE in WWBN AVideo via systemRootPath GitHub
πŸ”’ CVE-2024-3032 Themify Builder < 7.5.8 – Open Redirect WPScan
πŸ”’ CVE-2025-2609 & CVE-2025-2610 Stored XSS in MagnusBilling 7.x (one unauthenticated) Blog Β· VulnCheck
πŸ”’ CVE-2025-2292, CVE-2025-30004, CVE-2025-30005 & CVE-2025-30006 Authenticated vulnerabilities in Xorcom CompletePBX ≀ 5.2.35 File Disclosure Β· Command Injection Β· Path Traversal Β· Reflected XSS
πŸ”’ CVE-2025-2611 ICTBroadcast <= 7.4 – Unauthenticated RCE via cookie injection GitHub
πŸ”’ CVE-2025-34147 to CVE-2025-34152 Multiple unauthenticated OS command injection vulnerabilities in the Shenzhen Aitemi M300 Wi-Fi Repeater (MT02). Affects: extap2g SSID, WISP-mode ssid, WPA2 key, PPPoE user, PPPoE passwd, time param in /protocol.csp?. Allows remote root code execution within Wi-Fi range. Part 1 Β· Part 2
🚨 Exploit Development & PoC

All PoCs and Metasploit modules consolidated in:
Chocapikk/msf-exploit-collection

☁️ LeakIX

  • Security Engineer

  • Notable finding: Massive PSaux ransomware attack affecting 22,000 CyberPanel instances (BleepingComputer)

  • Follow on Twitter: @leak_ix

    LeakIX

Caution

⚠️ Disclaimer
Please use the information and exploits provided in my repositories for educational purposes and responsible disclosure only. I am not responsible for any misuse or damage caused by using these tools, scripts, or exploits.

Pinned Loading

  1. wpprobe wpprobe Public

    A fast WordPress plugin enumeration tool

    Go 745 97

  2. CVE-2023-29357 CVE-2023-29357 Public

    Microsoft SharePoint Server Elevation of Privilege Vulnerability

    Python 234 31

  3. CVE-2024-25600 CVE-2024-25600 Public

    Unauthenticated Remote Code Execution – Bricks <= 1.9.6

    Python 176 36

  4. CVE-2023-22515 CVE-2023-22515 Public

    CVE-2023-22515: Confluence Broken Access Control Exploit

    Python 142 31

  5. CVE-2024-45519 CVE-2024-45519 Public

    Zimbra - Remote Command Execution (CVE-2024-45519)

    Python 133 24

  6. CVE-2023-6553 CVE-2023-6553 Public

    Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

    Python 78 23