miercuri, 18 aprilie 2012

Fortune3 Cross Site Scripting

# Exploit Title: Fortune3 Cross Site Scripting
# Date: 18.04.2012
# Author: Sony
# Software Link: http://www.fortune3.com/
# Google Dorks: Powered by FORTUNE3
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:

http://st2tea.blogspot.com/2012/04/fortune3-cross-site-scripting.html
..................................................................

Well, we have some xss in Fortune3.

Our test with http://www.naturalab.com (simple example)


Add to cart - product what you want and open page Print Cart or Email Cart.

Print Cart and Email Cart:

Put our xss code in "Include a Note" and press button Continue.



















2 comentarii:

Bh@Nu spunea...

it's not working

Sony spunea...

inurl:cartjs.php?hack=
All works, use firefox without plugins or if you want i can made video, because it's all works, but hard for use (for attack).

oh, my poor english)

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.