This is a complex SQL injection, used when it is not possible to use the same channel to see the error, response, or infer the result directly. So, we need to use an external channel to know whether the SQL injection was successful or not, for example, by using a second data store to receive the results, DNS resolution to infer the lapsed time in a request, that is not possible to see in the application, and so on. These vulnerabilities are not very common, and are even more difficult to detect in bug bounty programs, where scope is usually limited.