Comment spam: iframe usage

lately, the bad guys have been using iframe in comments, in order to grab
the content of a spam web page and attempt to show it at the site with the
injected comment. kind of interesting, as much as it is simple:

viagra <iframe
height="1" width="1" src="http:// h racktire/"></iframe>

gadi evron,

  • Sid

    I don’t quite get this, the iframe gets rendered?!?

  • colossus

    If they are vulnerable to XSS then there is no reason why not. Although one could just hijack the entire page with a


  • CumpsD

    Why would html be allowed in comments?