Valentin Lobstein: Ethical Hacker & Cybersecurity Enthusiast 👨‍💻🔐

Hi there! I'm Valentin Lobstein, a pentester and cybersecurity student at Oteria Cyber School. I'm passionate about ethical hacking, vulnerability research, and software development. I love sharing my knowledge and contributing to the cybersecurity community through my GitHub repositories. 🌐💡

🧰 Skills & Languages

Primary Language
Secondary Languages
Hacking Tools
Operating Systems
Version Control

📚 Repositories

In this GitHub account, you'll find a variety of cybersecurity projects. Feel free to explore, and learn! 🎮🔍

📁 Tools

Below is a list of tools I've developed, which are designed to assist in various cybersecurity tasks:

Tool Name	Description	Link
LFIHunt	Advanced Tool To Scan And Exploit Local File Inclusion (LFI) Vulnerabilities.	GitHub
LeakPy	Python-based tool to query LeakIX.net's API.	GitHub

🏆 Hall Of Fame

Below is a list of Hall of Fame acknowledgments where my contributions to cybersecurity have been recognized:

Company	Hall of Fame	Year
	Ferrari Hall of Fame	2023
	Siemens Hall of Thanks	2024
	Philips Hall of Honors	2024

🚨 CVE Contributions

I have contributed to identifying and documenting several CVEs. Here's a list of CVEs I've worked on:

CVE ID	Description	Link
🔒 CVE-2023-50917	Remote Code Execution in MajorDoMo.	GitHub
🔒 CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228	Exploit chain in Vinchin Backup & Recovery.	GitHub
🔒 CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818	Research and exploitation in DerbyNet.	GitHub
🔒 CVE-2024-31819	Unauthenticated RCE in WWBN AVideo via `systemRootPath`.	GitHub
🔒 CVE-2024-3032	Themify Builder < 7.5.8 - Open Redirect	WPScan

Additionally, I serve as a moderator and hunter at LeakIX, contributing to the discovery and responsible disclosure of vulnerabilities

🚨 Exploit Development & PoC Contributions

In addition to CVE contributions, I've been actively involved in exploit development and proof-of-concept (PoC) creation for various vulnerabilities. These efforts are aimed at demonstrating potential security risks and providing the cybersecurity community with tools for testing and mitigation.

Vulnerability	Description	Link
🔒 WordPress Backup & Migration 1.3.7 RCE	Reproduced the exploit.	Packet Storm
🔒 Vinchin Backup And Recovery Command Injection (CVE-2023-45498, CVE-2023-45499)	Created a Metasploit module.	Packet Storm
🔒 MajorDoMo Command Injection (CVE-2023-50917)	Developed a Metasploit module.	Packet Storm
🔒 Splunk XSLT Upload RCE (CVE-2023-46214)	Authored a Metasploit module.	Packet Storm
🔒 WordPress Royal Elementor Addons And Templates Remote Shell Upload (CVE-2023-5360)	Created a Metasploit module.	Packet Storm
🔒 Extensive VC Addons for WPBakery Page Builder < 1.9.1 Unauthenticated RCE	Reported LFI to RCE escalation.	WPScan
🔒 Bricks Builder Theme 1.9.6 Remote Code Execution (CVE-2024-25600) PoC Reproduction	Reproduced PoC based on snicco's research and developed a Metasploit module.	GitHub Packet Storm
🔒 Unauthenticated RCE in WWBN AVideo (CVE-2024-31819)	Developed a Metasploit module.	Packet Storm

Caution

⚠️ Disclaimer Please use the information and exploits provided in my repositories for educational purposes and responsible disclosure only. I am not responsible for any misuse or damage caused by using these tools, scripts, or exploits.