HiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-21 month agoSQL Injectionlemmy.mlimagemessage-square18fedilinkarrow-up1273arrow-down15file-text
arrow-up1268arrow-down1imageSQL Injectionlemmy.mlHiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-21 month agomessage-square18fedilinkfile-text
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up4·1 month agoSo does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
minus-squareHiddenLayer555@lemmy.mlOPlinkfedilinkEnglisharrow-up3·1 month agoIDK I didn’t think that much into it lol
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up1·25 days agoNo the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up1·25 days agoSo I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up2·24 days agoyeah something like “if new candidate in employee DB == hired”
minus-squareulterno@programming.devlinkfedilinkEnglisharrow-up1·1 month agoYeah, this seems like an exploit for those cases.
So does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
IDK I didn’t think that much into it lol
No the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
So I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
yeah something like “if new candidate in employee DB == hired”
Yeah, this seems like an exploit for those cases.