During a black-box web assessment, you notice the application suppresses SQL error messages and rate-limits responses, so union-based and time-delay techniques reveal no results. You instead send a payload that forces the back-end Microsoft SQL Server to perform an external DNS lookup to a domain you control, leaking data in the query string. Which SQL injection class does this approach represent?
The tester cannot retrieve data through the same HTTP response channel and cannot rely on timing differences. By coercing the database to initiate a DNS request that carries the extracted data, the attacker uses a separate communication channel. This technique is classified as out-of-band SQL injection. Boolean-based and time-based blind methods depend on in-band responses or timing, while second-order attacks store a payload for later execution within the database itself, not for immediate data exfiltration via DNS.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is out-of-band SQL injection?
Open an interactive chat with Bash
Why does DNS become a useful vector in out-of-band SQL injection?
Open an interactive chat with Bash
How does out-of-band SQL injection differ from second-order SQL injection?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .