Security vulnerabilities

  • Status Closed
  • Assigned To
    cbay
  • Private
Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 08.08.2025
Last edited by cbay - 08.08.2025

FS#202 - HTTP Parameter Pollution Lead to Crash the Website of admin.alwaysdata.com

# HTTP Parameter Pollution Lead to Crash the Website of admin.alwaysdata.com:

Hello Sir, I hope you are doing well. While, Researching on your domain, I found HTTP Parameter Pollution Lead to Crash the Website of admin.alwaysdata.com.

Steps to Reproduce:

1. Login into admin.alwaysdata.com.
2. Go to https://admin.alwaysdata.com/search/?q=1.
3. Input &q= after q=1
4. Input long string which is attached below in the report.
5. You can see that Chrome are crashed and not responding.

Impact:

When attacker can send this https://admin.alwaysdata.com/search/?q=1&q=longstring to any authenticated user, his/her browser was crashed for long time.

#Note:

Tested in Chrome, Mozilla and Microsoft Edge.

Thank You,

Waleed Anwar

   name.txt (781.3 KiB)
Closed by  cbay
08.08.2025 11:11
Reason for closing:  Invalid
Admin
cbay commented on 08.08.2025 10:36

Hello,

If Chrome crashes then you should report it to Chrome.

Kind regards,
Cyril

There is parameter pollution in your domain url, Not only chrome crashing Microsoft Edge not working etc.

Parameter Pollution is not eligible?

Admin
cbay commented on 08.08.2025 12:53

What you reported has nothing to do with parameter pollution.

Its crashing a website, bcz its accepting long string parameter when its sent to authenticated user his/her browser crashed for long time

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing