Bypassing authentication or checks by incorporating a statement that always returns true, and doing an 'or' operation with the statement being injected. It manipulates the return value of the SQL statement to make it always return true, so if the website is checking if the statement returned true to indicate, for example, the password is correct, it will now think that was the case.

[–] CanadaPlus@lemmy.sdf.org 4 points 5 months ago (5 children)

So does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?

[–] MadhuGururajan@programming.dev 1 points 5 months ago (1 children)

No the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that's how I read it.

[–] CanadaPlus@lemmy.sdf.org 1 points 5 months ago (1 children)

So I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?

[–] MadhuGururajan@programming.dev 2 points 5 months ago

yeah something like "if new candidate in employee DB == hired"

load more comments (3 replies)

load more comments (9 replies)