Stealing administrative access to a site:
* The administrator's browser will send the cookie to the attacker's website
* The attacker will use the stolen cookie to use the administrator's access on the site
Hijacking on a cookie is a big deal, but this demo takes it one step further. Because the administrator will also be logged in to another site on the same domain the attacker will receive that cookie as well. It's a two-for-one hack!
Read the accompanying blog post on Drupal Scout drupalscout.com/knowledge-base/using-xss-steal-access