# Exploit Title: Fortune3 Cross Site Scripting # Date: 18.04.2012 # Author: Sony # Software Link: http://www.fortune3.com/ # Google Dorks: Powered by FORTUNE3 # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/04/fortune3-cross-site-scripting.html .................................................................. Well, we have some xss in Fortune3. Our test with http://www.naturalab.com (simple example) Add to cart - product what you want and open page Print Cart or Email Cart. Print Cart and Email Cart: Put our xss code in "Include a Note" and press button Continue. http://2.bp.blogspot.com/-i7J2jt4wp6w/T46bSEvwcnI/AAAAAAAAA_Q/eizU1buwYfY/s1600/include1.JPG http://4.bp.blogspot.com/-TWIqNgpQj2I/T46bmQhGGUI/AAAAAAAAA_g/W_csKjwTzvs/s1600/include2.JPG http://2.bp.blogspot.com/-Pc7AVUzs1s8/T46bxue61qI/AAAAAAAAA_w/8GqA_yXMXlw/s1600/email1.JPG http://4.bp.blogspot.com/-JLfnHjRgAzU/T46cLaYmIrI/AAAAAAAAA_4/f4hu7En8WPY/s1600/email2.JPG