XSS are executed on the client-side. You can use javascript, DOM to steal data, cookie, deface.... I tried many times with javascript, but i found beef, XSS framework. One work: include script and send malicous code to victim: If XSS in POST request, you can create page, it will generate POST request: 
MF: <a target="_blank" href="http://www.mediafire.com/?832ps4haqqg3989">http://www.mediafire.com/?832ps4haqqg3989</a> ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: <a target="_blank" href="http://www.mediafire.com/?sharekey=c4f421784e6b4f90391d7d881749d3a77182db3bb3645b0cb8eada0a1ae8665a">Linux Lab</a> -- <a target="_blank" href="http://www.mediafire.com/?sharekey=c4f421784e6b4f90391d7d881749d3a769ca3d7d44ee28e5c95965eaa7bc68bc">window and Cisco Lab</a> to be continued - I will update more. 
Nam Habach


  
XSS are executed on the client-side. You can use javascript, DOM to steal data, cookie, deface....  
I tried many times with javascript, but i found beef, XSS framework. One work: include script and send malicous code to victim:  
If XSS in POST request, you can create page, it will generate POST request:  
  
  
MF: [http://www.mediafire.com/?832ps4haqqg3989](http://www.mediafire.com/?832ps4haqqg3989)  
\------------------------------------------------------------  
Thanks for reading  
\--------------------------------------------------------------------------  
All my Lab:  
[Linux Lab](http://www.mediafire.com/?sharekey=c4f421784e6b4f90391d7d881749d3a77182db3bb3645b0cb8eada0a1ae8665a) -- [window and Cisco Lab](http://www.mediafire.com/?sharekey=c4f421784e6b4f90391d7d881749d3a769ca3d7d44ee28e5c95965eaa7bc68bc)  
to be continued - I will update more.   

Nam Habach

NamHB's Blog

NamHB's Blog

XSS beef framework