There is a big misconception about the recent 0x01 URL Spoofing vuln.[1] in several peoples' mind that scripting is necessary for exploitation of this vuln. However, this is not the case. Instead of using the %01 sequence and unescaping it like in all the exploits posted till now, an hex editor can be used to directly embed the 0x01 byte in the URL. Try this
[1]This vuln. was discovered by Zap the Dingbat and posted to Bugtraq on 9th Dec. http://www.securityfocus.com/archive/1/346948