Sites Powered By Fortune3 suffer from a cross site scripting vulnerability.
13b1a08a268820de58b2725ef1215111f696ca00f5a8d60215057eb2ee139327
# Exploit Title: Fortune3 Cross Site Scripting
# Date: 18.04.2012
# Author: Sony
# Software Link: https://www.fortune3.com/
# Google Dorks: Powered by FORTUNE3
# Web Browser : Mozilla Firefox
# Blog : https://st2tea.blogspot.com
# PoC:
https://st2tea.blogspot.com/2012/04/fortune3-cross-site-scripting.html
..................................................................
Well, we have some xss in Fortune3.
Our test with https://www.naturalab.com (simple example)
Add to cart - product what you want and open page Print Cart or Email Cart.
Print Cart and Email Cart:
Put our xss code in "Include a Note" and press button Continue.
https://2.bp.blogspot.com/-i7J2jt4wp6w/T46bSEvwcnI/AAAAAAAAA_Q/eizU1buwYfY/s1600/include1.JPG
https://4.bp.blogspot.com/-TWIqNgpQj2I/T46bmQhGGUI/AAAAAAAAA_g/W_csKjwTzvs/s1600/include2.JPG
https://2.bp.blogspot.com/-Pc7AVUzs1s8/T46bxue61qI/AAAAAAAAA_w/8GqA_yXMXlw/s1600/email1.JPG
https://4.bp.blogspot.com/-JLfnHjRgAzU/T46cLaYmIrI/AAAAAAAAA_4/f4hu7En8WPY/s1600/email2.JPG