Think of a SCRIPT, that would allow you to view a cookie, were you to post it into a shoutbox?
)Yeah...i know.....but for the moment i was concentrating only for that pop-up....because this way that scrip won't work either and my brain will start believing that the page it's not vulnerable. /index.php?submit=<script>alert("XSS"</script> is not working and i don't know why....i tried in another site and it worked but not here.
You've got the right idea. insert the thing you would enter into the url bar to view a cookie in place of where your little code says XXS