Abstract
Autocomplete, a well-known feature in popular search engines, offers suggestions for search terms before the user has even completed typing their query. We present the autocomplete injection attack and its potential exploits. In this attack, a cross-site attacker injects terms into the autocomplete suggestions offered by a web-service to a victim user. The most popular web search engines are vulnerable to the attack, as well as other websites. Autocomplete injection can be exploited in multiple ways, including phishing, framing, illegitimate content-promotion and sometimes persistent cross-site scripting attacks. We evaluated the effectiveness of the attack with several experiments. Our results show the potential impact of the autocomplete injection attacks.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
