I. Fundamentals of Injection
You should get a small dialog box that says "Hello, world." This will be changed later to have more practical applications.
You can also have more than one command executed at the same time:
This brings up a box that says "Hello" and another that says 'World'.
II. Edit Cookies
First, make sure the site you visit has all the cookies by using this script:
This comes up all the cookies stored on site. You can edit the data, we use int () command.
This command can modify the existing information or create entirely new value. Replace "Field" with either an existing field found with the alert (document.cookie) command, or add your own value. Then replace "myValue" with whatever you want the area to be. For example:
Would either make the field "authorized" or edit it to say "yes" ... Now if this means anything of value depends on the site you inject it.
It is also useful to cross an alert (document.cookie) at the end of the same line to see the effect your changes had.
III. Change in the way
All in the form of a web page (unless your name is not) is stored in the form [x] array ... where "X" is a number, in order from top to bottom, all the forms page. Please note that the forms start at 0, so the page would be very early form 0, and the second would be 1 and so on. For example:
<form action=”http://www.website.com/submit.php” method=”post”>
<input type=”hidden” name=”to” value=”email@example.com”>
Note: Because this is the first form on the page, it is forms 
To say this form is used for email, for example vital server information to the site administrator. You can not download the script and edit the page, because it looks submit.php referer. You can check to see what the value of an item in a certain way is to use this script:
This is similar to the alert (document.cookie) above.
In this case, it will show an alert that says "firstname.lastname@example.org"
So here's how to inject your e-mail in it. You can use pretty much the same technique as the cookies editing shown earlier:
That would change the email on the form to be "email@example.com".
You can then use the alert (); script to check your work. Or you can pair two of these commands in one line.