EncryptCodecencryptcodec
Simulations/Log Injection

Log Injection

Beginner

User-controlled data is written directly into application logs. Inject newline characters to forge fake log entries, then apply structured logging to prevent it.

Progress:
1
Forge a Log Entry
2
Apply Secure Logging
app.corp.io/login

Login Form

logger.info("Login attempt for user "..."")
Logging Configuration
application.log
2024-03-14 10:23:01 [INFO] Server started on port 3000
2024-03-14 10:23:05 [INFO] Database connection established
2024-03-14 10:24:12 [INFO] User "bob" logged in from 192.168.1.10
2024-03-14 10:25:30 [WARN] Failed login attempt for user "charlie"

Challenges

1
Forge a Log Entry
Inject input that creates a fake log entry showing "admin logged in successfully".
hints
2
Apply Secure Logging
Enable structured logging and input sanitization to prevent log injection.
hints
How to fix log injection
Structured logging and input sanitization

Frequently Asked Questions