ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 190 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 190
Topic #: 1
[All 312-50v11 Questions]

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as `'or '1'='1'` in any basic injection statement such as `or 1=1.`
Identify the evasion technique used by Daniel in the above scenario.

  • A. Char encoding
  • B. IP fragmentation
  • C. Variation
  • D. Null byte
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by TroyMcLure at Sept. 13, 2022, 6:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daniel8660
Highly Voted 1 year, 7 months ago
Selected Answer: C
Evasion Techniques - Case Variations By default, in most database servers, SQL is case insensitive.Owing to the case-insensitive option of regular expression signatures in the filters, attackers can mix upper and lower case letters in an attack vector to bypass the detection mechanism. # the attacker can easily bypass the filter using the following query:UnIoN sEleCt UsEr_iD, PaSSwOrd fROm aDmiN wHeRe UseR_NamE=’AdMIn’-- (P.2151/2135)
upvoted 7 times
...
hawk234
Most Recent 8 months, 2 weeks ago
CORRECT ANS IS C
upvoted 1 times
...
victorfs
1 year ago
Selected Answer: C
Te correcto option is C
upvoted 1 times
...
TroyMcLure
1 year, 8 months ago
Selected Answer: C
Variation is an evasion technique whereby the attacker can easily evade any comparison statement. The attacker does this by placing characters such as “' or '1'='1'” in any basic injection statement such as “or 1=1” or with other accepted SQL comments. The SQL interprets this as a comparison between two strings or characters instead of two numeric values.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago