A variant of cross-site scripting called "reflected" cross-site scripting,
						the HTTP Query Strings attack consists of passing a malicious script inside
						an otherwise valid HTTP request query string. This is of significant concern
						for sites that rely on dynamic, user-generated content such as bulletin
						boards, news sites, blogs, and web enabled administration GUIs. The
						malicious script may steal session data, browse history, probe files, or
						otherwise execute attacks on the client side. Once the attacker has prepared
						the malicious HTTP query it is sent to a victim user (perhaps by email, IM,
						or posted on an online forum), who clicks on a normal looking link that
						contains a poison query string. This technique can be made more effective
						through the use of services like http://tinyurl.com/, which makes very small
						URLs that will redirect to very large, complex ones. The victim will not
						know what he is really clicking on.