Minimize Web Applications vulnerabilities through the early Detection of CRLF Injection

Hasan, MD Asibul; Rahman, Md. Mijanur

doi:10.48550/arxiv.2303.02567

Cited by 1 publication

(1 citation statement)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When tested against 14 popular web applications, LogInjector identified 16 log injection vulnerabilities, including six zero-day vulnerabilities outperforming a well-known web vulnerability scanner, Black Widow [21]. Hasan et al also studied [22] Carriage return and line feed (CRLF) injection, where Log poisoning is considered a prominent harmful use of this technique. CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator.…”

Section: Background and Literature Reviewmentioning

confidence: 99%

Log Poisoning Attacks in Internet of Things (IoT)

Noman,

Abu-Sharkh,

Noman

2023

Preprint

View full text Add to dashboard Cite

The rapid spread of IoT devices has introduced a complex landscape of security threats, compromising device functionality and user privacy. Among these threats, log poisoning attacks have recently garnered attention among cybersecurity practitioners for their severity and effectiveness. Log poisoning involves the manipulation of automatically generated logs in IoT devices, significantly compromising the attacked device and making it susceptible to malicious code execution, which may lead to further destructive cyberattacks. This paper is the first to comprehensively address log poisoning attacks on IoT systems and devices. We introduce various methodologies to perform such attacks, focusing particularly on practical implementations involving misconfigured log files on Raspberry Pi 4, which is commonly used in IoT applications. We also introduced a technique that advanced adversaries can employ to cover their tracks effectively. Through Intrusion Modes and Criticality Analysis (IMECA), we analyze the severity and potential impact of these attacks and propose mitigation strategies to avoid the occurrence of such attacks. We emphasize the importance of adopting mitigation strategies to maintain the confidentiality, integrity, and reliability of IoT ecosystems. As a further step to counteract the threat, we design a novel technique to detect and mitigate log poisoning attacks.

show abstract

Section: Background and Literature Reviewmentioning

confidence: 99%