topr8 - 11:27 am on May 27, 2008 (gmt 0)

as pageoneresults says what this is doing is actually placing the javascript include on your pages.

this js then builds the iframe and so on.

the damage to you is just the loss of data in your db when the injection attack happens - it writes the code for the js include into database fields it thinks are appropriate.

you then serve the pages - the person that visits your page with js turned on is the one who really sufers, their computer is potentially comprimised