Skip to main content
Conference ProceedingsOPEN ACCESS

Autocomplete injection attack

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2016) 9879 LNCS 512-530
DOI: 10.1007/978-3-319-45741-3_26
1Citations
Citations of this article
27Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Autocomplete, a well-known feature in popular search engines, offers suggestions for search terms before the user has even completed typing their query. We present the autocomplete injection attack and its potential exploits. In this attack, a cross-site attacker injects terms into the autocomplete suggestions offered by a web-service to a victim user. The most popular web search engines are vulnerable to the attack, as well as other websites. Autocomplete injection can be exploited in multiple ways, including phishing, framing, illegitimate content-promotion and sometimes persistent cross-site scripting attacks. We evaluated the effectiveness of the attack with several experiments. Our results show the potential impact of the autocomplete injection attacks.

Author supplied keywords

Cite

CITATION STYLE

APA

Gelernter, N., & Herzberg, A. (2016). Autocomplete injection attack. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9879 LNCS, pp. 512–530). Springer Verlag. https://doi.org/10.1007/978-3-319-45741-3_26

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free