@sirdarckcat, here are a few more. There are more but some of the code has been nuked for various reasons. These are all still intact.
U-dominion.com: http://ha.ckers.org/blog/20070110/u-dominioncom-xss-worm/
Gaiaonline.com: http://ha.ckers.org/blog/20070104/semi-reflective-xss-worm-hits-gaiaonlinecom/
MyYearbook.com: http://ha.ckers.org/blog/20060705/full-disclosure-extortion-of-myyearbookcom/
U-dominion.com: http://ha.ckers.org/blog/20070110/u-dominioncom-xss-worm/
Gaiaonline.com: http://ha.ckers.org/blog/20070104/semi-reflective-xss-worm-hits-gaiaonlinecom/
MyYearbook.com: http://ha.ckers.org/blog/20060705/full-disclosure-extortion-of-myyearbookcom/