LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What is an out-of-band SQL injection attack?

The data leaves through a separate channel (DNS, email, an HTTP callback) rather than the response the attacker sent.

Out-of-band injection exfiltrates data through a different channel than the original request.

Example flow:

  1. Attacker sends: transactionID= '1' UNION ALL SELECT USERNAME, PASSWORD, 0 FROM USERS--
  2. Server responds with 200 OK (no visible data)
  3. Later, during batch processing, an email is sent containing the exfiltrated data

This is useful when the application doesn't display query results directly.

From Quiz: SPRG / Input Validation & Output Encoding | Updated: Jun 20, 2026