|

Out-of-band SQL injection is not very common, mostly because it depends on features being enabled on the database server being used by the web application. Out-of-band SQL injection occurs when an attacker is unable to use the same channel to launch the attack and gather results.

Out-of-band techniques, offer an attacker an alternative to inferential time-based techniques, especially if the server responses are not very stable (making an inferential time-based attack unreliable).

Out-of-band SQLi techniques would rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker. Such is the case with Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls; as well as Oracle Database’s UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls.

Part 1

SQLi: How it works

Part 2

What’s the worst an attacker can do with SQL?

Part 3

The anatomy of an SQL Injection attack

Part 4

In-band SQLi (Classic SQLi)

Part 5

Inferential SQLi (Blind SQLi)

Part 6

Out-of-band SQLi

Get the latest content on web security
in your inbox each week.

We respect your privacy

SHARE THIS POST
THE AUTHOR
Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.

Related Posts:

Most Popular Articles: