- Status Closed
-
Assigned To
cbay - Private
Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 08.08.2025
Last edited by cbay - 08.08.2025
Opened by waloodi_109 - 08.08.2025
Last edited by cbay - 08.08.2025
FS#202 - HTTP Parameter Pollution Lead to Crash the Website of admin.alwaysdata.com
# HTTP Parameter Pollution Lead to Crash the Website of admin.alwaysdata.com:
Hello Sir, I hope you are doing well. While, Researching on your domain, I found HTTP Parameter Pollution Lead to Crash the Website of admin.alwaysdata.com.
Steps to Reproduce:
1. Login into admin.alwaysdata.com.
2. Go to https://admin.alwaysdata.com/search/?q=1.
3. Input &q= after q=1
4. Input long string which is attached below in the report.
5. You can see that Chrome are crashed and not responding.
Impact:
When attacker can send this https://admin.alwaysdata.com/search/?q=1&q=longstring to any authenticated user, his/her browser was crashed for long time.
#Note:
Tested in Chrome, Mozilla and Microsoft Edge.
Thank You,
Waleed Anwar
name.txt
(781.3 KiB)
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Hello,
If Chrome crashes then you should report it to Chrome.
Kind regards,
Cyril
There is parameter pollution in your domain url, Not only chrome crashing Microsoft Edge not working etc.
Parameter Pollution is not eligible?
What you reported has nothing to do with parameter pollution.
Its crashing a website, bcz its accepting long string parameter when its sent to authenticated user his/her browser crashed for long time