Facebook worm aka “Koobface” exploiting highly critical XSS vulnerability as recently discovered. It seems these guys successfully mess around in facebook as it has been around for months now.
Further Reading xssed.com
XSS #1 with POST (by Zeitjak)
POST: reg_email__=”onmouseover=”alert(‘XSS – ZJ’)”foo=”bar
XSS #2 with POST (by David Wharton)
XSS #3 (by DaiMon)
This one works on another IP (220.127.116.11) and can’t be used for a worm, except a phishing one.
XSS #4 with POST (by p3lo)
–>> Hmmm nice PoC to play around.