Hi there! I'm Valentin Lobstein, a pentester and cybersecurity student at Oteria Cyber School. I'm passionate about ethical hacking, vulnerability research, and software development. I love sharing my knowledge and contributing to the cybersecurity community through my GitHub repositories. ๐๐ก
In this GitHub account, you'll find a variety of cybersecurity projects. Feel free to explore, and learn! ๐ฎ๐
Below is a list of tools I've developed, which are designed to assist in various cybersecurity tasks:
Below is a list of Hall of Fame acknowledgments where my contributions to cybersecurity have been recognized:
I have contributed to identifying and documenting several CVEs. Hereโs a list of CVEs Iโve worked on:
-
๐ CVE-2023-50917
Remote Code Execution in MajorDoMo - GitHub -
๐ CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228
Exploit chain in Vinchin Backup & Recovery - GitHub -
๐ CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818
Research and exploitation in DerbyNet - GitHub -
๐ CVE-2024-31819
Unauthenticated RCE in WWBN AVideo viasystemRootPath
- GitHub -
๐ CVE-2024-3032
Themify Builder < 7.5.8 - Open Redirect - WPScan
โ๏ธ Additionally, I serve as a moderator and hunter at LeakIX, where I contribute to the discovery and responsible disclosure of vulnerabilities.
In addition to CVE contributions, Iโve been actively involved in developing exploits and PoCs to demonstrate potential security risks. These efforts provide the cybersecurity community with essential tools for testing and mitigation.
-
๐ WordPress Backup & Migration 1.3.7 RCE (CVE-2023-6553)
Reproduced and co-authored the Metasploit module - Packet Storm -
๐ Vinchin Backup And Recovery Command Injection (CVE-2023-45498, CVE-2023-45499)
Created a Metasploit module - Packet Storm -
๐ MajorDoMo Command Injection (CVE-2023-50917)
Developed a Metasploit module - Packet Storm -
๐ Splunk XSLT Upload RCE (CVE-2023-46214)
Authored a Metasploit module - Packet Storm -
๐ WordPress Royal Elementor Addons And Templates Remote Shell Upload (CVE-2023-5360)
Created a Metasploit module - Packet Storm -
๐ Extensive VC Addons for WPBakery Page Builder < 1.9.1 Unauthenticated RCE (CVE-2023-0159)
Reported LFI to RCE escalation - WPScan -
๐ Bricks Builder Theme 1.9.6 Remote Code Execution (CVE-2024-25600) PoC Reproduction
Reproduced PoC based on snicco's research and developed a Metasploit module - GitHub
Also published on Packet Storm - Packet Storm -
๐ Unauthenticated RCE in WWBN AVideo (CVE-2024-31819)
Developed a Metasploit module - Packet Storm -
๐ WordPress Hash Form 1.1.0 Remote Code Execution (CVE-2024-5084)
Developed a Metasploit module - Packet Storm -
๐ SPIP 4.2.12 Remote Code Execution (CVE-2024-7954)
Developed a Metasploit module - Packet Storm -
๐ SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
Developed a Metasploit module - Packet Storm -
๐ VICIdial Authenticated Remote Code Execution
Developed a Metasploit module - Packet Storm
Caution