Tag Archives: SQLi

SQL Injection: Out-of-Band Exploitation

This is an advanced SQL Injection (SQLi) post, if you’re new to SQLi maybe try this one first:¬†Basics and Defence


Recently I had a fairly slow Time-Based SQL injection vulnerability, meaning that I could only pull a single character at a time with SQLmap and each character took around 10 seconds to retrieve. An alternative approach in this situation is to use out-of-band retrieval.  This is a concept that can be used when exploiting lots of vulnerabilities such as SQL Injection, Command Injection, Cross-site Scripting and XML External Entity Injection.

The idea is fairly simple, instead of capturing the data you would like to retrieve and extracting it through Boolean-logic you can request the system to transmit the data over a protocol such as HTTP, SMB or DNS.

Continue reading: SQL Injection: Out-of-Band Exploitation