HiddenLayer555@lemmy.ml to Programmer HumorEnglish · edit-21 month agoSQL Injectionlemmy.mlimagemessage-square18fedilinkarrow-up1272arrow-down15file-textcross-posted to: [email protected][email protected]
arrow-up1267arrow-down1imageSQL Injectionlemmy.mlHiddenLayer555@lemmy.ml to Programmer HumorEnglish · edit-21 month agomessage-square18fedilinkfile-textcross-posted to: [email protected][email protected]
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up4·1 month agoSo does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
minus-squareHiddenLayer555@lemmy.mlOPlinkfedilinkEnglisharrow-up3·1 month agoIDK I didn’t think that much into it lol
minus-squareulternolinkfedilinkEnglisharrow-up1·1 month agoYeah, this seems like an exploit for those cases.
minus-squareMadhuGururajanlinkfedilinkEnglisharrow-up1·24 days agoNo the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
minus-squareCanadaPlus@lemmy.sdf.orglinkfedilinkarrow-up1·24 days agoSo I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
minus-squareMadhuGururajanlinkfedilinkEnglisharrow-up2·24 days agoyeah something like “if new candidate in employee DB == hired”
So does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
IDK I didn’t think that much into it lol
Yeah, this seems like an exploit for those cases.
No the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
So I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
yeah something like “if new candidate in employee DB == hired”