XSS can be used in 2 conditions.
Sometimes there are forums that have particular fields that allow HTML posts..
Or a vulnerability in the search field.
A vulnerable search field that allows html searches and uses $_GET function instead of $_POST
Okay so.. lets talk about the Search field first. its easier lol
Testing Vulnerability
write in the search bar : <script>alert("XSS")</script>
Now an alert message should show XSS
If it didnt. than the search field is unexploitable.
Now to get a link that would redirect to your cookie staler put this in the search
Sometimes there are forums that have particular fields that allow HTML posts..
Or a vulnerability in the search field.
A vulnerable search field that allows html searches and uses $_GET function instead of $_POST
Okay so.. lets talk about the Search field first. its easier lol
Testing Vulnerability
write in the search bar : <script>alert("XSS")</script>
Now an alert message should show XSS
If it didnt. than the search field is unexploitable.
Now to get a link that would redirect to your cookie staler put this in the search