...
To test if an action is vulnerable, start at the page that contains the form that POSTs to the action in question. Fill out the form normally but before submitting the request, use a tool to intercept the request (such as Tamper Data). Take note of each parameter and the values passed in. Another way to do this is to use WebScarab. Once you have intercepted the request, switch the bottom section's tab to "text" and copy the post body. This will be exactly what you need to paste into the image tag.
Now construct an IMG tag with the src value set to the action in question and pass the parameters in the URL. View the page containing the image tag and see if the action was successful on the server. Another way is to simply paste the URL and parameters into the address bar of a browser. If it was successful, see the "Reject non-Post Requests" for a quick solution.
...