Suppose I have a web application. I do not know the backend. I submit some forms, and finally, end up at a error message.
It states:
ORA--0923: FROM keyword not found where expected.
So, we know that this means that the developer programmed something similar to this:
SELECT *
employees;
which is missing a from keyword, or it's not where it's expected.
So now that you have the query
SELECT * employees;
Theoretically how would you inject this?
Say the database is trying to execute a simple statement like
select 'smith' from dual;
The developer has, instead of using a bind variable, concatenated the string 'smith' (with quotes) into a statement
A hacker then tries a name with a single quote in it
select 'o'reilly' from dual;
That breaks the app with the error
ORA-01756: quoted string not properly terminated
They then try the string ' where 1=1' which gets converted to the statement
select '' where 1=1'' from dual;
which errors with
ORA-00923: FROM keyword not found where expected
There are other keywords (eg ORDER BY) that would give the same error, so it is possible you've stumbled across one.
Generally that should be sufficient for a bug report.