rustywalrus.com XSS Vulnerablity

So I was searching around google and I came across this shit site called rustywalrus.com so I thought "Hey what the heck lets see what I can do." It turns out the site is vulnerable to XSS; however, its non-persistent and I did not find a place to upload a cookie catcher so all I can do it display messages to my self :/ hey its still a hack! Here are some pics:

See? Its vulnerable!

here is my temp deface! Oh YeA!

Lol, like my deface page? It took me 5 minutes to make! Heres the code:




<html>
    <head><title>You Were Hacked</title></head>
<body bgcolor=black background="http://t3.gstatic.com/images?q=tbn:ANd9GcSGdXMiA99OcxPAfbaCHI7Ud5DXdZEXpoyHx81qE8MzziwRVnSLDg">


<center>
<br/><br/><br/><br/><br/>
<script language="Javascript"><!--
var tl=new Array(
"Connecting...",
"Injecting code...",
"",
"security == 0;",
"",
"if(security == 0){",
"    echo 'Admin You Fail!';",
"}",
"",
"Admin You Fail!",
"",
"You were hacked by Max00355",
"You made it way too easy...",
"Please learn to code!" ,
"I am not a criminal... if anything I helped you... you should thank me!",
"I will be keeping an eye on you to make sure you improve your security... if you don't all your files will be deleted...",
"Check out my blog http://hackoria.blogspot.com"



);
var speed=30;
var index=0; text_pos=0;
var str_length=tl[0].length;
var contents, row;


function type_text()
{
 contents='';
 row=Math.max(0,index-9);
 while(row<index)
contents += tl[row++] + '\r\n';
 document.forms[0].elements[0].value = contents + tl[index].substring(0,text_pos) + "_";
 if(text_pos++==str_length)
 {
text_pos=0;
index++;
if(index!=tl.length)
{
 str_length=tl[index].length;
 setTimeout("type_text()",800);
}
 } else
setTimeout("type_text()",speed);
 
}
//--></script>


<form><textarea background="red"rows=10 cols=60 wrap=soft ></textarea></form>


<script language="Javascript">type_text();</script>
</center>
</html>