Autocomplete, a well-known feature in popular search engines, offers suggestions for search terms before the user has even completed typing their query. We present the autocomplete injection attack and its potential exploits. In this attack, a cross-site attacker injects terms into the autocomplete suggestions offered by a web-service to a victim user. The most popular web search engines are vulnerable to the attack, as well as other websites. Autocomplete injection can be exploited in multiple ways, including phishing, framing, illegitimate content-promotion and sometimes persistent cross-site scripting attacks. We evaluated the effectiveness of the attack with several experiments. Our results show the potential impact of the autocomplete injection attacks.
CITATION STYLE
Gelernter, N., & Herzberg, A. (2016). Autocomplete injection attack. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9879 LNCS, pp. 512–530). Springer Verlag. https://doi.org/10.1007/978-3-319-45741-3_26
Mendeley helps you to discover research relevant for your work.