Exploit – out-of-band SQL injection

the security community,

When I was doing some security research, I found an unexpected query in a POST request like this:


What is the decoded content:

q=select * from x where a = '{"something":"blah",...}'

And the requested endpoint is: /v2/public/yql?...

After seeing that, I thought about SQL Injection. However, there is a problem: the answer to this question is always 204 No contentI also changed the query (SQL Injection, Blind SQL Injection).

Does anyone know how to use SQL injection in this situation? Is it vulnerable? What does the end point mean?
Note: This is the Yahoo page and this is the Yahoo Query Language (YQL). I just want to ask if SQL can be inserted into this YQL query