Certified Ethical Hacker (CEH v12) — Question 129

An ethical hacker is testing the security of a website's database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to detect typical SQL injection patterns. Which evasion technique can be most effectively used to bypass the IDS signature detection while performing a SQL Injection attack?

Answer options

• A. Employ IP fragmentation to obscure the attack payload
• B. Implement case variation by altering the case of SQL statements
• C. Leverage string concatenation to break identifiable keywords
• D. Use Hex encoding to represent the SQL query string

Correct answer: D

Explanation

Using Hex encoding effectively transforms the SQL query into a format that the IDS may not recognize as malicious, thus allowing the attack to bypass detection. The other options, while they may introduce some level of obfuscation, do not provide the same level of effectiveness in avoiding the strong signature detection of typical SQL injection patterns.