Autocomplete Injection Attack
作者: Nethanel Gelernter , Amir Herzberg
DOI: 10.1007/978-3-319-45741-3_26
关键词: Internet security 、 Information retrieval 、 Search engine 、 Autocomplete 、 Phishing 、 Feature (computer vision) 、 Cross-site scripting 、 Computer science 、 Exploit 、 Search terms
摘要: Autocomplete, a well-known feature in popular search engines, offers suggestions for terms before the user has even completed typing their query. We present autocomplete injection attack and its potential exploits. In this attack, cross-site attacker injects into offered by web-service to victim user. The most web engines are vulnerable as well other websites.
springer.com
sci-hub.se 参考文章(22)
Aaron J. Ferguson, Fostering E-Mail Security Awareness: The West Point Carronade Educause Quarterly. ,vol. 28, pp. 54- 57 ,(2005)
Dan Doozan, Nick Feamster, Alex C. Snoeren, Wenke Lee, Xinyu Xing, Wei Meng, Take this personally: pollution attacks on personalized services usenix security symposium. pp. 671- 686 ,(2013)
Erik Dafforn, Danny Dover, Search Engine Optimization (SEO) Secrets ,(2011)
Steven D. Gribble, Tobias Holgers, David E. Watson, Cutting through the confusion: a measurement study of homograph attacks usenix annual technical conference. pp. 24- 24 ,(2006)
Michelle Zhou, Prithvi Bisht, V. N. Venkatakrishnan, Strengthening XSRF defenses for legacy web applications using whitebox analysis and transformation international conference on information systems security. pp. 96- 110 ,(2010) , 10.1007/978-3-642-17714-9_8
Alexei Czeskis, Alexander Moshchuk, Tadayoshi Kohno, Helen J. Wang, Lightweight server support for browser-based CSRF protection Proceedings of the 22nd international conference on World Wide Web - WWW '13. pp. 273- 284 ,(2013) , 10.1145/2488388.2488413
Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, Calton Pu, Reverse social engineering attacks in online social networks international conference on detection of intrusions and malware and vulnerability assessment. pp. 55- 74 ,(2011) , 10.1007/978-3-642-22424-9_4
Sid Stamm, Brandon Sterne, Gervase Markham, Reining in the web with content security policy the web conference. pp. 921- 930 ,(2010) , 10.1145/1772690.1772784
Johnny Al Helou, Scott Tilley, Multilingual web sites: Internationalized Domain Name homograph attacks symposium on web systems evolution. pp. 89- 92 ,(2010) , 10.1109/WSE.2010.5623562
Bimal Parmar, Protecting against spear-phishing Computer Fraud & Security. ,vol. 2012, pp. 8- 11 ,(2012) , 10.1016/S1361-3723(12)70007-6