Certified Ethical Hacker (CEH v11) — Question 318
Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as `'or '1'='1'` in any basic injection statement such as `or 1=1.`
Identify the evasion technique used by Daniel in the above scenario.
Answer options
- A. Char encoding
- B. IP fragmentation
- C. Variation
- D. Null byte
Correct answer: C
Explanation
The correct answer is C, Variation, as Daniel is attempting to modify the SQL injection payload to evade the IDS by altering the structure of the injection. Options A and D do not apply since character encoding and null bytes serve different purposes, while B, IP fragmentation, is unrelated to SQL injection techniques.