As released originally, the exploit used scripting. However, the only purpose of scripting was to conveniently insert a character with ASCII code 1.The 'b' versions include the '0x01' character after the '@' sign.
[1 scripting] [1b scripting]
Or use the HTML entity '':
[3 html 0x01] Goto FakeBank [3b html 0x01] Goto FakeBank
Or just used another '%001':
Link 5A Goto FakeBank Link 5B Goto FakeBank
Credits: This page is based on the release by www.zapthedingbat.com .