Autocomplete Injection Attack

机译：自动完成注射攻击

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Autocomplete, a well-known feature in popular search engines, offers suggestions for search terms before the user has even completed typing their query. We present the autocomplete injection attack and its potential exploits. In this attack, a cross-site attacker injects terms into the autocomplete suggestions offered by a web-service to a victim user. The most popular web search engines are vulnerable to the attack, as well as other websites. Autocomplete injection can be exploited in multiple ways, including phishing, framing, illegitimate content-promotion and sometimes persistent cross-site scripting attacks. We evaluated the effectiveness of the attack with several experiments. Our results show the potential impact of the autocomplete injection attacks.

机译：自动完成是流行搜索引擎中的一个众所周知的功能，在用户甚至完成键入查询之前为搜索条件提供建议。我们提出了自动完成的注射攻击及其潜在的利用。在此次攻击中，横向网站攻击者将术语注入到受害者用户提供的网络服务提供的自动完成建议。最受欢迎的网络搜索引擎容易受到攻击，以及其他网站。自动完成注射可以以多种方式利用，包括网络钓鱼，框架，非法内容 - 促销以及有时持久的跨站点脚本攻击。我们评估了几个实验的攻击的有效性。我们的结果表明了自动完成注射攻击的潜在影响。

著录项

来源
《European Symposium on Research in Computer Security》|2016年|609p|共19页
会议地点
作者
Nethanel Gelernter; Amir Herzberg;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP309-53;
关键词
Web-security; Phishing; Cross-site attacks; Usable security; Autocomplete injection attack; Cross-site framing; Blackhat SEO; Cross site scripting; Persistent XSS; CSRF;

机译：网络安全;网络钓鱼;跨场攻击;可用的安全;自动完成注射攻击;横向网站框架;Blackhat SEO;跨站点脚本;持久性XSS;CSRF;

相似文献

外文文献
中文文献
专利

1. An Effective Control Report Based Security Countermeasure against the Joint Attacks of False Report Injection Attack and Selective Forwarding Attack [J] . Hyun Woo Lee, Tae Ho Cho Wireless Sensor Network . 2012,第8期

机译：一种基于有效控制报告的安全措施，防范虚假报告注入攻击与选择性转发攻击的联合攻击
2. Hypervisor injection attack using X-cross API calls (HI-API attack) [J] . Arul E. Journal of ambient intelligence and humanized computing . 2021,第5期

机译：使用X-Cross API调用（Hi-API攻击）的虚拟机制注入攻击
3. A two-layer game theoretical attack-defense model for a false data injection attack against power systems [J] . Wang Qi, Tai Wei, Tang Yi, International Journal of Electrical Power & Energy Systems . 2019,第JANa期

机译：针对电力系统的虚假数据注入攻击的两层博弈理论攻击防御模型
4. Autocomplete Injection Attack [C] . Nethanel Gelernter, Amir Herzberg European symposium on research in computer security . 2016

机译：自动完成注入攻击
5. Optimal Planning and Operation of Moving Target Defense for Detecting False Data Injection Attacks in Smart Grids [D] . Liu, Bo. 2021

机译：移动目标防御的最佳规划和运行，用于检测智能电网的假数据注入攻击
6. In Vitro Fertilization Using Luteinizing Hormone-Releasing Hormone Injections Resulted in Healthy Triplets without Increased Attack Rates in a Hereditary Angioedema Case [O] . Ceyda Tunakan Dalgıç, Fatma Düşünür Günsen, Gökten Bulut, 2018

机译：黄体激素释放激素注射剂的体外受精导致健康的三胞胎而遗传性血管性水肿病例的发作率却没有增加
7. A Security Method for Multiple Attacks in Sensor Networks: Against the False Report Injection Attack and the Sinkhole Attack [O] . Su Man Nam, Tae Ho Cho 2013

机译：传感器网络中多次攻击的安全方法：针对假报告注射攻击和污水攻击

Autocomplete Injection Attack

摘要

著录项

相似文献

相关主题

期刊订阅