Skip to content
/ log-injection Public

A web application to demonstrate log injection vulnerability and input sanitization methods to mitigate the vulnerability

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kasu1601/log-injection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
WebApplication
WebApplication
 
 
WebMVC
WebMVC
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CRLF Injection.sln
CRLF Injection.sln
 
 
README.txt
README.txt
 
 

Repository files navigation

/* README */

This is a vulnerable C# web application where the user input from the login form is not properly santitzed.
Each login attempt will be recorded in a log file -- in this case i have added it to the console for the ease
of testing.

An attacker can send a post request to the application where the username parameter will be replaced with
a malicious string of script or just simple false information line which will then be fed to the log file.
The attacker has to know the input style of the log file to cover their traces well. Once this pattern is known,
the attacker can then enter false entries and go under the radar without raising any suspicions

The commented line of code is where the user input sanitization takes place, where I strip all \r and \n in user
input to replace them with a whitespace.

About

A web application to demonstrate log injection vulnerability and input sanitization methods to mitigate the vulnerability

Topics

javascript csharp input-sanitization crlf-injection log-injection

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages