HiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-24 months agoSQL Injectionlemmy.mlexternal-linkmessage-square11linkfedilinkarrow-up116arrow-down10file-textcross-posted to: programmerhumor@lemmy.ml
arrow-up116arrow-down1external-linkSQL Injectionlemmy.mlHiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-24 months agomessage-square11linkfedilinkfile-textcross-posted to: programmerhumor@lemmy.ml
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up1·4 months agoSo does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
minus-squareulterno@programming.devlinkfedilinkEnglisharrow-up1·4 months agoYeah, this seems like an exploit for those cases.
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up1·4 months agoNo the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up1·4 months agoSo I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up2·4 months agoyeah something like “if new candidate in employee DB == hired”
So does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
Yeah, this seems like an exploit for those cases.
No the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
So I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
yeah something like “if new candidate in employee DB == hired”