Reading cookies from other Domains

I have heard of people being able to access other sites cookies using XSS. Is 开发者_如何学Cthis is a legitimate option and how do you achieve this?

It's not a legitimate option, and will probably get you flagged as malware.

If you're trying to do something useful (i.e. non-evil), there's probably a legitimate way of doing it.

It's definitely not a legitimate option. It's considered a security hole anywhere it exists, and if you rely on it in your application, it will fail when those holes are fixed.