A few days back, while pentesting a website, I found an Out of Band SQL Injection vulnerability on an endpoint. In this type of Injection, we can dump data only using Out of Band techniques via DNS or HTTP Requests (if allowed). Dumping data via Out of Band techniques is not an easy task especially when it comes to Oracle db because there aren’t many cheat sheets and related material out there on the internet.

In my case, Burp found DNS based Out of Band SQLi, which means I could only dump data using DNS queries issued by the backend…

Usama Azad

Ethical Hacker | Penetration Tester https://twitter.com/UsamaAzad14

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store