Alternate version:
You must log in or register to comment.
What’s the second one do?
Bypassing authentication or checks by incorporating a statement that always returns true, and doing an ‘or’ operation with the statement being injected. It manipulates the return value of the SQL statement to make it always return true, so if the website is checking if the statement returned true to indicate, for example, the password is correct, it will now think that was the case.
So does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
Yeah, this seems like an exploit for those cases.
