why failure log can make me pass the level?

Access logs

lR5LEhn2LwZsC9RU
5 years ago

0

i have read the the page about log injection but i still don’t understand

when the service find we fill in a wrong username and pwd, we should be block already, and then, the service write a log, but why a new line in the log can make us pass?

2replies
2voices
188views
lR5LEhn2LwZsC9RU
5 years ago

0

i think log is just log, it’s used to help programmer to record something,although there is a new line, it has no permittion to make users pass when the psd is incorrect

Smyler [WHGhost]
5 years ago

0

The idea is that a script is parsing the log file to determinate whether someone is allowed to login or not, based on the number of failed attempts it finds in it.

You must be logged in to reply to this discussion. Login
1 of 3

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss