Certified Ethical Hacker (CEH v12) — Question 85

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as “’or ‘1’=‘1’” in any basic injection statement such as “or 1=1.”
Identify the evasion technique used by Daniel in the above scenario.

Answer options

• A. Char encoding
• B. IP fragmentation
• C. Variation
• D. Null byte

Correct answer: C

Explanation

The correct answer is C, Variation, as Daniel is modifying the SQL injection payload to evade detection by altering its structure while maintaining its logic. The other options, such as Char encoding, IP fragmentation, and Null byte, do not apply to the specific technique of changing the injection payload to bypass signature-based IDS detection.