mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 19:36:33 +00:00
copilot-swe-agent[bot]
ba72efbc5e
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
24 lines
800 B
Markdown
24 lines
800 B
Markdown
# Log Injection
|
|
|
|
## Description
|
|
Log injection vulnerabilities occur when an application includes untrusted data in log files without proper validation or encoding. Attackers can exploit this to forge log entries, inject malicious content into logs, or hide their activities by manipulating log data.
|
|
|
|
## Common Attack Vectors
|
|
- User input fields that get logged
|
|
- HTTP headers
|
|
- Error messages
|
|
- Authentication attempts
|
|
- Application events
|
|
|
|
## Common Techniques
|
|
- CRLF injection to create fake log entries
|
|
- Log forging
|
|
- Log poisoning
|
|
- Log file pollution
|
|
|
|
## Testing Approach
|
|
Submit special characters and control sequences in input fields that are logged to test for log injection vulnerabilities.
|
|
|
|
## Payloads
|
|
See `log-injection-payloads.txt` for a comprehensive list of log injection payloads.
|