As released originally, the exploit used scripting. However, the only purpose of scripting was to conveniently insert a character with ASCII code 1.
The 'b' versions include the '0x01' character after the '@' sign.[1 scripting] [1b scripting]
Or use the HTML entity '':
[3 html 0x01]
Goto FakeBank
[3b html 0x01]
Goto FakeBank
Or just used another '%001':
Link 5A Goto FakeBank
Link 5B Goto FakeBank
Credits: This page is based on the release by www.zapthedingbat.com .