/vulndb/Frame Injection

Frame Injection is a type of Code Injection attack where a frame is injected into the web application’s front-facing features. Usually the frame injected is a concealed iframe pointing to an attacker controlled page.

An attacker may inject a frame pointing to a malicious page, which is used as a silent communication channel that the attacker may use to build complex attacks against user. For example the page loaded can be used to deliver malicious javascript to be executed by the victim’s browser. The same vulnerability can also be used to perform very sophisticated phishing attacks.


As with every other code injection attack you should sanitize user input from special characters especially from those that would be used to build a string, which represent a valid URL