We have heard of Cross-Site Scripting attack....basically two types of cross site scripting is normally explained everywhere.. Non-Persistent XSS - which normally occurs when the input is directly echoed on the browser which causes the script in the input to execute. This script can steal the cookie using document.cookie and may post the values to attacker's site. Persistent XSS occurs when the input (from querystring, form variables) is stored in the database and later retrieved to display it on webpage causing the script to execute.
If we can use document.cookie so why not we use document object itself !! DOM based attack works on this principle..If our code uses document.url or document.location.href etc..these can be exploited using this technique.
For more info abt XSS:
http://www.webappsec.org/projects/articles/071105.shtml
http://crypto.stanford.edu/cs155/CSS.pdf
http://www.owasp.org/index.php/Category:OWASP_Project