Cacti Superlinks Plugin 1.4-2 - SQL Injection

2014-06-18 06:05:13

$$$$$$\ $$\ $$\ $$$$$$\
$$ __$$\ $$ | $$ | $$ __$$\
$$ / \__| $$ | $$ | $$ / \__|
$$ |$$$$\ $$$$$$$$ | \$$$$$$\
$$ |\_$$ | $$ __$$ | \____$$\
$$ | $$ | $$ | $$ | $$\ $$ |
\$$$$$$ |$$\ $$ | $$ |$$\\$$$$$$ |
\______/ \__|\__| \__|\__|\______/

# Exploit Title: Cacti - Superlinks Plugin SQL Injection
# Google Dork: inurl:"/cacti/plugins/superlinks/"
# Date: 18/06/2014
# Exploit Author: Napsterakos
# Software Link: http://docs.cacti.net/plugin:superlinks


Link: http://localhost/cacti/plugins/superlinks/

Exploit: http://localhost/cacti/plugins/superlinks/superlinks.php?id=[SQLi]

Credits to: Greek Hacking Scene

Fixes

No fixes

In order to submit a new fix you need to be registered.