Log Injection (or Log Forgery) is a vulnerability that arises when un-trusted and un-validated input is allowed to be printed in system log files. As a result, an attacker can insert malicious data and false entries into the logs and ultimately corrupt the file. The corrupted files can be used to cover the tracks of an hacking attempt.

To carry out the exploitation, we must perform the following request:

curl 'http://127.0.0.1:19999/api/v1/registry?action=access&url=i%0aFAKE ERROR LOG%0ahere&machine=asd'