Last Updated on November 21, 2023 by InfraExam
Which type of attack is where an attacker inputs malicious code into a log file?
- log tampering
- log poisoning
- log denial of service
- log redirection
|Explanation & Hint:
The type of attack where an attacker inputs malicious code into a log file is known as “log poisoning.”
Log poisoning involves injecting malicious code or queries into log files with the intention that they will be executed or interpreted by another system or application that processes these logs. For example, if a web application does not properly sanitize user input that gets logged, an attacker could input scripts or SQL queries that might be executed when the logs are reviewed or processed, leading to further exploitation.