This article explains the concept of Out-of-Band SQL Injection (OOB SQLi), highlighting when and how it is used, especially when traditional methods fail. It also provides examples of payloads for different databases and discusses mitigation strategies. #SQLi #BurpCollaborator
Keypoints
- Out-of-Band SQL Injection involves receiving data through channels like DNS or HTTP instead of direct responses.
- OOB SQLi is useful when in-band or blind SQLi techniques do not work due to lack of responses or errors.
- Supporting conditions for OOB include database server outbound connectivity and specific enabled functions.
- Examples of OOB payloads vary across databases such as Oracle, MySQL, PostgreSQL, and SQL Server.
- Mitigation involves disabling risky database features, restricting outbound connections, and monitoring logs for suspicious activity.