I was pen-testing an apex application and while fuzzing the Interactive Report widget I received an sql error message, "Invalid Filter Expression. ORA-00933: SQL command not properly ended." additionally "Invalid Filter Expression. ORA-00907: missing right parenthesis." I asked the developers whether the query was being performed against the database and they said no? Im wondering if anyone in the community has any experience with this issue and whether this is a valid security concern?
error 1 payload: "f01=F+=+A)+OR+1+=+1"
error 2 payload: "f01=F+=+A)+OR+1+=+1+("
true payload: "f01=F+=+A)+OR+1=1+AND+(1=1" --> true