What is Log Forging

  1. Data enters an application from an untrusted source.
  2. The data is written to an application or system log file.

string val = (string)Session[“val”];
try {
int value_v = Int32.Parse(val);
}
catch (FormatException fe) {
log.Info(“Failed to parse val= “ + val);
}

If a user submits the string “twenty-one” for Val, the following entry is logged:

Picture Credit: AttackFlow

How to fix this Issue

Prevent log forging attacks with indirection:

create a set of legitimate log entries that correspond to different events that must be logged and only log entries from this set. To capture dynamic content, such as users logging out of the system, always use server-controlled values rather than user-supplied data. This ensures that the input provided by the user is never used directly in a log entry.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store