HiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-216 days agoSQL Injectionlemmy.mlimagemessage-square18fedilinkarrow-up1269arrow-down15file-text
arrow-up1264arrow-down1imageSQL Injectionlemmy.mlHiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-216 days agomessage-square18fedilinkfile-text
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up4·14 days agoSo does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up1·3 days agoNo the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up1·3 days agoSo I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up2·3 days agoyeah something like “if new candidate in employee DB == hired”
minus-squareHiddenLayer555@lemmy.mlOPlinkfedilinkEnglisharrow-up3·14 days agoIDK I didn’t think that much into it lol
minus-squareulterno@programming.devlinkfedilinkEnglisharrow-up1·13 days agoYeah, this seems like an exploit for those cases.
So does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
No the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
So I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
yeah something like “if new candidate in employee DB == hired”
IDK I didn’t think that much into it lol
Yeah, this seems like an exploit for those cases.