Certified Ethical Hacker (CEH v12) — Question 193

An ethical hacker is hired to evaluate the defenses of an organization's database system which is known to employ a signature-based IDS. The hacker knows that some SQL Injection evasion techniques may allow him to bypass the system's signatures. During the operation, he successfully retrieved a list of usernames from the database without triggering an alarm by employing an advanced evasion technique. Which of the following could he have used?

Answer options

• A. Utilizing the char encoding function to convert hexadecimal and decimal values into characters that pass-through SQL engine parsing
• B. Implementing sophisticated matches such as "OR john' = 'john'" in place of classical matches like "OR 1=1"
• C. Manipulating white spaces in SQL queries to bypass signature detection
• D. Using the URL encoding method to replace characters with their ASCII codes in hexadecimal form

Correct answer: A

Explanation

The correct answer is A because utilizing the char encoding function allows the attacker to disguise the injected SQL code, enabling it to bypass signature detection by the IDS. The other options, while they may be effective in certain contexts, do not specifically target the evasion of the signature-based IDS in the same way as option A does.