Name: GDPR Data Exposure
Description: Log in with Chris’ erased user account
Difficulty: 3 star
Category: Broken Authentication
Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html
Owing in no small part to the Login Bender challenge solution, after reading the expanded description I was fairly certain that, provided I could find Chris’ account in the user database, I could solve this challenge in the same way, using SQL injection.
Chris’ information, fortunately, was still located in the user database, so I implemented my plan.
Prevention and Mitigation Strategies:
Lessons Learned and Things Worth Mentioning:
Nothing, really. I’d already learned this trick completing Login Bender.