hi dear friend..
am the expertise ur looking for
but am not a session hacker ... am a web developer and i don't like those insert (injection) the scripts to destroyed the web.
first of all it's Cross-site scripting and not cross-side...
so ... if u know any script languages and u know what is sql and session,cookies,xml, and XHTML forms and tags also php so i'll tell u about it but not using it to damege the websites