تماشای ویدئو When XSS leads to shell access از آی-ویدئو
This is a video demo of how a simple XSS exploit can be used to bypass CSRF protections and give an attacker shell access to a web server.
Source code for this exploit: http://www.exploit-db.com/exploits/31427/