i have read the the page about log injection but i still don’t understand
when the service find we fill in a wrong username and pwd, we should be block already, and then, the service write a log, but why a new line in the log can make us pass?
i think log is just log, it’s used to help programmer to record something,although there is a new line, it has no permittion to make users pass when the psd is incorrect
The idea is that a script is parsing the log file to determinate whether someone is allowed to login or not, based on the number of failed attempts it finds in it.
You must be logged in to reply to this discussion.
Login
1 of 3
This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.