Certified Ethical Hacker (CEH v13) — Question 190

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as “’or ‘1’=‘1’” in any basic injection statement such as “or 1=1.”
Identify the evasion technique used by Daniel in the above scenario.

Answer options

• A. Char encoding
• B. IP fragmentation
• C. Variation
• D. Null byte

Correct answer: C

Explanation

The correct answer is C, Variation, as Daniel is modifying the SQL injection statement to evade detection by the IDS. The other options, such as Char encoding and IP fragmentation, are not applicable in this context, as they involve different methods of evasion that do not relate to altering the SQL injection syntax itself.