312-50V13 · Question #239
312-50V13 Question #239: Real Exam Question with Answer & Explanation
The correct answer is D: Variation. Daniel is using a variation evasion technique by altering the syntax of the SQL injection payload to bypass signature-based detection systems.
Question
Daniel Is a professional hacker who Is attempting to perform an SQL injection attack on a target Injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as "or '1'='1" In any bask injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.
Options
- ANull byte
- BIP fragmentation
- CChar encoding
- DVariation
Explanation
Daniel is using a variation evasion technique by altering the syntax of the SQL injection payload to bypass signature-based detection systems.
Common mistakes.
- A. Null byte injection involves inserting a null character (e.g., %00) to terminate a string, often to bypass file extension checks or path validations, which is not what's described here.
- B. IP fragmentation is a network layer technique where an IP packet is split into smaller fragments to bypass stateless firewalls or IDS, and is unrelated to SQL injection payload modification.
- C. Character encoding involves representing characters in a different format (e.g., URL encoding, Unicode) to bypass filters, but the example given ('1'='1' vs 1=1) is a syntactical change, not merely an encoding change.
Concept tested. SQL injection evasion techniques
Topics
Community Discussion
No community discussion yet for this question.