Log Forging
Variants:
Direct Persistent Session
Also Known As:
Log Injection, Log Spoofing, Web Logs Tampering
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Input Validation, Output Sanitation, Syntax Escaping
Invented In:
09/05/2002
Added In:
21/12/2014
Vector Operation Method:
Attackers can mislead log auditors with fake log entries created using documented inputs that includes CRLF characters or similar log row delimiters. This attack can be used to incriminate other users for malicious actions, hide malicious activities or for similar purposes.
