# Exploit Title: Fortune3 Cross Site Scripting
# Date: 18.04.2012
# Author: Sony
# Software Link: http://www.fortune3.com/
# Google Dorks: Powered by FORTUNE3
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/04/fortune3-cross-site-scripting.html
..................................................................
Well, we have some xss in Fortune3.
Our test with http://www.naturalab.com (simple example)
Add to cart - product what you want and open page Print Cart or Email Cart.
Print Cart and Email Cart:
Put our xss code in "Include a Note" and press button Continue.
# Date: 18.04.2012
# Author: Sony
# Software Link: http://www.fortune3.com/
# Google Dorks: Powered by FORTUNE3
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/04/fortune3-cross-site-scripting.html
..................................................................
Well, we have some xss in Fortune3.
Our test with http://www.naturalab.com (simple example)
Add to cart - product what you want and open page Print Cart or Email Cart.
Print Cart and Email Cart:
Put our xss code in "Include a Note" and press button Continue.
2 comentarii:
it's not working
inurl:cartjs.php?hack=
All works, use firefox without plugins or if you want i can made video, because it's all works, but hard for use (for attack).
oh, my poor english)
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.