Search Index Poisoning
mediumsearch-index-poisoning
Attacker manipulates search indexes to inject malicious content, alter search rankings, or expose sensitive data through search results
TamperingInformation Disclosure
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1565 | Data Manipulation | Impact |
| T1213 | Data from Information Repositories | Collection |
Common Weakness Enumeration
Mitigating controls
ctrl-search-1- Implement strict access controls on index management
ctrl-search-2- Validate and sanitize all content before indexing
ctrl-search-3- Monitor index modifications for anomalies
ctrl-search-4- Implement search result filtering based on user permissions
ctrl-search-5- Use separate indexes for different sensitivity levels
References
No references provided.