Whitepaper entitled 'Data-Mining With SQL Injection and Inference'. Paper is based on a talk given earlier this year at Blackhat Europe. It divides SQL injection data theft attacks into three classes - inband, out-of-band and inference. The first, in-band, uses the existing connection to get data out; the second, out-of-band, uses another channel, e.g. smtp by using builtin database mail functions; and lastly inference.
fcb6268f83b03e6bae5da741f0a4a4a70ef1f3e89a8ac16c3c1c47f83e4853f6