alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	~~261~~	Closed	~~SQL Injection Vulnerability Report in https://help.alwa~~ ...	AbhishekV	Task Description Target Application: https://help.alwaysdata.com/en/ (Search Function) Date of Test: December 8, 2025 Tester: Abhishek V Mail id: abhi18vedamurthy@gmail.com Description: The search functionality of the test website is vulnerable to SQL injection. A classic payload (OR 1=1;–) was entered into the search field, and the application returned 94 results, indicating that the input was directly concatenated into a SQL query without proper sanitization or parameterization. Steps to Reproduce: 1. Navigate to the target website. 2. Locate the search input field. 3. Enter the following payload with a space after the double – OR 1=1;– 4. Submit the search. Observation: 94 results are returned, bypassing any intended filtering logic. Impact Assessment 1. Risk Level: Medium to High depending what results are returned 2. Potential Impact: a. Unauthorized data access b. Data leakage or manipulation Recommended Remediation 1. Input Validation and Escaping 2. Reject or sanitize unexpected characters in user input. 3. Rejecting the statements that have the syntax of SQL queries. POC: Refer to the video attachment named SQLi

~~261~~

Closed

~~SQL Injection Vulnerability Report in https://help.alwa~~ ...

Task Description

Target Application: https://help.alwaysdata.com/en/ (Search Function)
Date of Test: December 8, 2025
Tester: Abhishek V
Mail id: abhi18vedamurthy@gmail.com

Description: The search functionality of the test website is vulnerable to SQL injection. A classic payload (OR 1=1;–) was entered into the search field, and the application returned 94 results, indicating that the input was directly concatenated into a SQL query without proper sanitization or parameterization.

Steps to Reproduce:
1. Navigate to the target website.
2. Locate the search input field.
3. Enter the following payload with a space after the double – OR 1=1;–
4. Submit the search.
Observation: 94 results are returned, bypassing any intended filtering logic.

Impact Assessment
1. Risk Level: Medium to High depending what results are returned
2. Potential Impact:
a. Unauthorized data access
b. Data leakage or manipulation

Recommended Remediation
1. Input Validation and Escaping
2. Reject or sanitize unexpected characters in user input.
3. Rejecting the statements that have the syntax of SQL queries.

POC: Refer to the video attachment named SQLi

Showing tasks 1 - 1 of 1 Page 1 of 1

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task