I found a way to inject javascript into our software that I can't really resolve. I need to demonstrate to somebody what the security consequences are.

Can somebody remind me how to use it to grab a cookie from a user? Thanks :)

document.cookie?

[quote author=St0rm.iD link=board=22;threadid=5378;start=0#msg45199 date=1077307258]
document.cookie?
[/quote]

That's all I needed to know; stupid javascript :)