Also Known As:
Log Injection, Log Spoofing, Web Logs Tampering
Input Validation, Output Sanitation, Syntax Escaping
Vector Operation Method:
Attackers can mislead log auditors with fake log entries created using documented inputs that includes CRLF characters or similar log row delimiters. This attack can be used to incriminate other users for malicious actions, hide malicious activities or for similar purposes.