• Unsanitized user input may leak sensitive data of the application
  • Log Entry may be split by attackers with a character of carriage return or line feed that might mislead the auditor

Vulnerable Code

  • If users do not include secure sanitization then it is vulnerable to Log injection

Log Containing Misleading Data

Secure Code

  • In the code whitelisting shows only character, number and space allowed
  • There are different ways of handling log injection attacks
    1. Whitelisting
    2. Blacklisting