in the backend, some db’s process their queries synchronously and some do it asynchronously. Processes’s the user’s request in the original thread and use another thread to execute the SQL query. But it can still be vulnerable to SQLi. and if it does so async then the previous method’s wont work. It does not depend on the query returning any data, a database error occurring, or on the time taken to execute the query.

if that’s the case then, to exploit a Blind SQLi a out of band network triggered interaction can be done on the server, Burp Collaborator can be used.

• Lab: **Blind SQL injection with out-of-band interaction**
• Lab: **Blind SQL injection with out-of-band data exfiltration**