What it is
Attackers inject control characters or fake log entries into logs through forms, headers, or URLs. This can corrupt log files, obscure malicious actions, or trick security teams during investigations.
Why it matters
Logs are critical for detection and forensics. Compromised logs can:
- Hide real attack activity
- Create false audit trails
- Disrupt monitoring and alerting systems
This weakens incident response and compliance efforts.
How to reduce risk
- Sanitize and validate all user input
- Encode log entries safely
- Protect log storage from unauthorized access
- Monitor logs for anomalies and formatting abuse