Security Information Vulnerability Research Security Blog

Comment spam: iframe usage

December 24th, 2006 by SecuriTeam, Filed under: Web, Commentary, Spam

lately, the bad guys have been using iframe in comments, in order to grab
the content of a spam web page and attempt to show it at the site with the
injected comment. kind of interesting, as much as it is simple:

viagra <iframe
height="1" width="1" src="http:// h ome.tiscali.cz:8080/ racktire/"></iframe>

gadi evron,
ge@beyondsecurity.com.

DiggRedditSlashdotTwitThisSphinnStumbleUpondel.icio.usFacebookGoogleTechnoratiE-mail this story to a friend!

-

Scan your web site for vulnerabilities with a Vulnerability Scanner - Be Safe!

3 Comments:

  1. Sid, on December 24th, 2006 at 10:19 pm Said:

    I don’t quite get this, the iframe gets rendered?!?

  2. colossus, on December 24th, 2006 at 11:00 pm Said:

    If they are vulnerable to XSS then there is no reason why not. Although one could just hijack the entire page with a
    window.location=’http://SpamSite.com’

    peace

  3. CumpsD, on December 25th, 2006 at 4:52 pm Said:

    Why would html be allowed in comments?

Leave a Comment

Security RSS Subscribe


Vulnerability Scanner