HiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-23 months agoSQL Injectionlemmy.mlimagemessage-square18fedilinkarrow-up1273arrow-down15file-textcross-posted to: [email protected]
arrow-up1268arrow-down1imageSQL Injectionlemmy.mlHiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-23 months agomessage-square18fedilinkfile-textcross-posted to: [email protected]
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up4·3 months agoSo does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
minus-squareHiddenLayer555@lemmy.mlOPlinkfedilinkEnglisharrow-up3·3 months agoIDK I didn’t think that much into it lol
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up1·3 months agoNo the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up1·3 months agoSo I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up2·3 months agoyeah something like “if new candidate in employee DB == hired”
minus-squareulterno@programming.devlinkfedilinkEnglisharrow-up1·3 months agoYeah, this seems like an exploit for those cases.
So does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
IDK I didn’t think that much into it lol
No the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
So I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
yeah something like “if new candidate in employee DB == hired”
Yeah, this seems like an exploit for those cases.