The exploit i listed is a stupid one, it requires the `target' which was me, to be not logged in, so i`d have to follow the malicious link, (without being logged in), then i`d somehow be taken to a login page (which would be suspicious) then i`d have to login, and then i`d have to go back twice in the browser in order to execute the malicious code.

Anyway thanks, I think I'll go make a md5 decryptor now.