Thanks for the link. I looked the site over, inspected the code, etc. and don’t have the slightest clue what someone might be trying to exploit with this code.
I’m not even sure without looking at the logs (ip addresses, time/frequency, surrounding log entries,referrer, etc.) that it is an exploit attempt. It is certainly nothing obvious. If there is a clue to be had, it lies somewhere deeper in the analysis of your logs.
If you navigate to the url in firefox you will see that the page still loads, but your display is changed considerably. Most notably your “Movie Poster Image” display is supressed. In fact, trying the string on the end of other urls slightly restyles the page, supressing all the graphics in your main content section of the page (header, sidebars, etc are ok, but other images are stripped). Is it possible that this is to facilitate a screenreader or link robot? Is it the result of a webfetching script/bot that only wants to read the text?
It is interesting to see how it causes the display to change, but I don’t see obvious exploit at work here, as the only impact I can identify is the change of the display.