312-50V13 · Question #498
312-50V13 Question #498: Real Exam Question with Answer & Explanation
The correct answer is D: Leverage string concatenation to break identifiable keywords. SQL Injection IDS Evasion Explanation Why D is Correct: String concatenation breaks SQL keywords into fragments that individually don't match the IDS signature patterns, yet are reassembled by the database engine into fully functional malicious queries. For example, SE + LECT or
Question
An ethical hacker is testing the security of a website's database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to detect typical SQL injection patterns. Which evasion technique can be most effectively used to bypass the IDS signature detection while performing a SQL Injection attack?
Options
- AImplement case variation by altering the case of SQL statements
- BEmploy IP fragmentation to obscure the attack payload
- CUse Hex encoding to represent the SQL query string
- DLeverage string concatenation to break identifiable keywords
Explanation
SQL Injection IDS Evasion Explanation
Why D is Correct: String concatenation breaks SQL keywords into fragments that individually don't match the IDS signature patterns, yet are reassembled by the database engine into fully functional malicious queries. For example, SE + LECT or 'OR'+'1'='1' splits recognizable keywords so the IDS never sees the complete attack signature it's looking for, making it the most reliable method for evading signature-based detection specifically at the SQL keyword level.
Why the Distractors Are Wrong:
- A (Case variation): Modern IDS systems are typically case-insensitive and easily handle variations like
SeLeCt- this is one of the first evasion methods vendors patch against. - B (IP fragmentation): This is a network-layer technique useful for evading network-based IDS, but it doesn't specifically target SQL injection signature detection at the application layer where this scenario applies.
- C (Hex encoding): While encoding can sometimes bypass filters, most mature IDS systems decode common encodings like Hex before pattern matching, making it less reliable than concatenation.
Memory Tip: Think of concatenation as "breaking the word to break the rule" - if the IDS is looking for SELECT, splitting it into pieces means the signature is never fully "seen," just like hiding a banned phrase by splitting it across sentences.
Topics
Community Discussion
No community discussion yet for this question.