312-50V13 · Question #496
312-50V13 Question #496: Real Exam Question with Answer & Explanation
The correct answer is A: Utilizing the char encoding function to convert hexadecimal and decimal values into characters. Explanation Using the CHAR() encoding function to convert hexadecimal and decimal values into their character equivalents is a powerful SQL injection evasion technique because it transforms recognizable string-based signatures (like ' OR '1'='1) into numeric representations that
Question
An ethical hacker is hired to evaluate the defenses of an organization's database system which is known to employ a signature-based IDS. The hacker knows that some SQL Injection evasion techniques may allow him to bypass the system's signatures. During the operation, he successfully retrieved a list of usernames from the database without triggering an alarm by employing an advanced evasion technique. Which of the following could he have used?
Options
- AUtilizing the char encoding function to convert hexadecimal and decimal values into characters
- BUsing the URL encoding method to replace characters with their ASCII codes in hexadecimal
- CImplementing sophisticated matches such as "OR `john' = john" in place of classical matches like
- DManipulating white spaces in SQL queries to bypass signature detection
Explanation
Explanation
Using the CHAR() encoding function to convert hexadecimal and decimal values into their character equivalents is a powerful SQL injection evasion technique because it transforms recognizable string-based signatures (like ' OR '1'='1) into numeric representations that signature-based IDS systems typically cannot match - for example, CHAR(79,82) represents "OR" but won't trigger a string-pattern alarm.
Why the distractors are wrong:
- Option B (URL encoding) is primarily an HTTP-layer technique used to bypass web application firewalls, not SQL-layer IDS signatures, and most modern systems decode URL encoding before signature matching anyway.
- Option C (tautology-based matching like
OR 'john' = john) is a classical SQL injection variation that most signature-based IDS systems are specifically tuned to detect, making it less likely to evade detection, not more. - Option D (whitespace manipulation) is a valid but basic evasion technique that modern IDS signatures already account for by normalizing whitespace before pattern matching, so it wouldn't qualify as an "advanced" evasion technique.
Memory Tip: Think "CHAR hides the words" - the CHAR() function converts text into numbers, making SQL injection payloads unreadable to pattern-matching systems that look for keyword strings like "OR," "SELECT," or "UNION."
Topics
Community Discussion
No community discussion yet for this question.