This is an advanced SQL Injection (SQLi) post, if you’re new to SQLi maybe try this one first: Basics and Defence
Recently I had a fairly slow Time-Based SQL injection vulnerability, meaning that I could only pull a single character at a time with SQLmap and each character took around 10 seconds to retrieve. An alternative approach in this situation is to use out-of-band retrieval. This is a concept that can be used when exploiting lots of vulnerabilities such as SQL Injection, Command Injection, Cross-site Scripting and XML External Entity Injection.
The idea is fairly simple, instead of capturing the data you would like to retrieve and extracting it through Boolean-logic you can request the system to transmit the data over a protocol such as HTTP, SMB or DNS.