A log injection vulnerability arises when a log entry contains unsanitized user input. A malicious user can insert fake log data and consequently deceive system administrators as to the system's behavior (OWASP 2008). Log injection vulnerabilities may result from including untrusted input in log files. For example, a user might split a legitimate log entry into two log entries by entering a carriage return and line feed (CRLF) sequence, either of which might be misleading. Log injection attacks can be prevented by sanitizing and validating any untrusted input sent to a log.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a3fd817cec0e644c-6b897644-4ae8464e-b50fa1c5-fab284d1b6f9eb42e4d8b9a3"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Injection [RST]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-144, "Improper Neutralization of Line Delimiters" | ||||
| CWE-150, "Improper Neutralization of Escape, Meta, or Control Sequences" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ec36965f4f79c6e7-b910375b-4dba439b-af6f9bbc-1d62d819442e2c19d38fef73"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="40260dda5d515a7c-fe1b0eea-46904277-a2ed974c-40b93b797f28b5deeb7a1e27"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. Bibliography#OWASP 08]] | [Log Injection | https://www.owasp.org/index.php/Log_injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1f1db5dbc58f0fc7-d38d2fe5-48714267-a1a58c9d-ba19eae2bf7998a26f03a83e"><ac:plain-text-body><![CDATA[ | [[PCI DSS Standard | https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml]] | ]]></ac:plain-text-body></ac:structured-macro> |
...