How To Test For Log Injection

Testing For Log Injection

If you are not already familiar with the concept of Log Injection, we suggest that you review the article entitled “What Is Log Injection ?“.

You should consider testing for Log Injection in any circumstance that user supplied input is written to log files.  In white-box testing scenarios, you will need to examine application log files.  Log Injection is typically not in-scope during black-box scenarios, unless there is some means by which log files can be examined during testing.

Testing For Log Injection

The following characters (and other representations) are of interest in crafting malicious input for the purposes of forging logs:

Character Meaning
\n Newline
\r Carriage Return
0x08 (octal 8) Backspace

Fuzzing application inputs with these characters embedded within will potentially produce noticeable results in application log file(s).  Sample test strings would include:

value\n\rForged Entry  or &param=value%D%AForged%20Entry

A successful search for the Regular Expression “^Forged Entry$” in the application log files would be indicative of a Log Injection application vulnerability.

For insight into how to avoid or fix LDAP Injection vulnerabilities, please see the article entitled “How To Prevent Log Injection“.

About Affinity IT Security

We hope you found this article to be useful. Affinity IT Security is available to help you with your security testing and  train your developers and testers.  In fact, we train developers and IT staff how to hack applications and networks.

Perhaps it was a network scan or website vulnerability test that brought you here.  If so, you are likely researching how to find, fix, or avoid a particular vulnerability.  We urge you to be proactive and ensure that key individuals in your organization understand not only this issue, but also are more broadly aware of application security.

Contact us to learn how to better protect your enterprise.

Although every effort has been made to provide the most useful and highest quality information, it is unfortunate but inevitable that some errors, omissions, and typographical mistakes will appear in these articles. Consequently, Affinity IT Security will not be responsible for any loss or damages resulting directly or indirectly from any error, misunderstanding, software defect, example, or misuse of any content herein.