Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as "'or `1'=`1'" in any basic injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.

Questions › Category: 312-50v12 › Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as “‘or `1’=`1′” in any basic injection statement such as “or 1=1.” Identify the evasion technique used by Daniel in the above scenario.

0 Vote Up Vote Down

Admin Staff asked 1 year ago

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as "'or `1'=`1'" in any basic injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.

A. Char encoding

B. IP fragmentation

C. Variation

D. Null byte










Correct Answer: C

This question is in 312-50v12 exam
For getting CEH Certificate