# Exploit Title:  Fortune3 Cross Site Scripting
# Date: 18.04.2012
# Author: Sony
# Software Link: https://www.fortune3.com/
# Google Dorks: Powered by FORTUNE3
# Web Browser : Mozilla Firefox
# Blog : https://st2tea.blogspot.com
# PoC:
https://st2tea.blogspot.com/2012/04/fortune3-cross-site-scripting.html
..................................................................

Well, we have some xss in Fortune3.

Our test with https://www.naturalab.com (simple example)


Add to cart - product what you want and open page Print Cart or Email Cart.

Print Cart and Email Cart:

Put our xss code in "Include a Note" and press button Continue.


https://2.bp.blogspot.com/-i7J2jt4wp6w/T46bSEvwcnI/AAAAAAAAA_Q/eizU1buwYfY/s1600/include1.JPG

https://4.bp.blogspot.com/-TWIqNgpQj2I/T46bmQhGGUI/AAAAAAAAA_g/W_csKjwTzvs/s1600/include2.JPG

https://2.bp.blogspot.com/-Pc7AVUzs1s8/T46bxue61qI/AAAAAAAAA_w/8GqA_yXMXlw/s1600/email1.JPG

https://4.bp.blogspot.com/-JLfnHjRgAzU/T46cLaYmIrI/AAAAAAAAA_4/f4hu7En8WPY/s1600/email2.JPG