Name Cross Site Scripting through Log Files
Summary An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
Prerequisites The system uses a web based interface The system does not cleanse / validate user supplied data before writing it to logs Information from logs is displayed in a web based interface The web based log interface does not HTML output encode the log data prior to displaying it in the administrator console.
Solutions Cleanse all user supplied data before placing it in the logs. Reject all bad data. Ensure that the data is in the expected form. Use proper HTML output encoding techniques to strip the log data of potentially dangerous scripting characters before displaying it in the administrative console If possible, disable script execution in the administrative interface.
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-117 Improper Output Neutralization for Logs
Back to Top