Skip to content

Latest commit

 

History

History
86 lines (80 loc) · 4.27 KB

README.md

File metadata and controls

86 lines (80 loc) · 4.27 KB

ILIAS-XSS-vulnerability

A Python script that identifies executed XSS attacks in the eLearning portal ILIAS.

Why?

Up to version 5.4.10 of the elearning portal ILIAS it was possible to execute cross-site scripting attacks (XSS for short). For this purpose, JavaScript code could be placed on different parts of the portal. Due to reports from project members in conjunction with the Albstadt-Sigmaringen University of Applied Sciences, the possibility of these attacks was fixed by the ILIAS community in version 5.4.10. See the following references:

ILIAS Patch Version 5.4.10: https://docu.ilias.de/goto_docu_pg_118823_35.html
Explanation of XSS-attacks: https://owasp.org/www-community/attacks/xss/

Note: The script can also be executed successfully in newer versions of 5.4.x. Only the malicious parts are no longer executed in ILIAS.

Installation

To use this script, you have to install it's dependencies first. This can be done with the additional requirements file and Python 3.7 with PIP. To do so, run the command pip3 install -r requirements.txt in the folder where the requirements.txt file is placed.

Requirements (for short)

  • Python 3.7
  • pip
  • requirements from requirements.txt

Usage

This program searches through the ILIAS database to find potential XSS attacks The default mode searches the table 'page_object' and the history mode the table 'page_history'

usage: Ilias_XSS_Database_search.py [-h] [--password] [--database DATABASE]
                                    [--database-ip DATABASE_IP]
                                    [--search-all-pages] [--search-history]
                                    [--url URL] [--show-complete-entry]
                                    [--show-only-critical]
                                    [--disable-highlighting] [--quiet]
                                    [--output OUTPUT] [--noOutput]
				                    [--use-date]
				                    [--check-local-users] [--show-md5-only] [--show-passwords]
                                    database_user

optional arguments:

  -h, --help            show this help message and exit

Database options: Specify options to connect to the database

  user                  Set the user to connect to the database
  --password, -p        Enter the password for the user to connect to the
                        database
  --database DATABASE   Set the database for the ILIAS installation. Default:
                        'ilias'
  --database-ip DATABASE_IP
                        Set the database IP address for the ILIAS database.
                        Default: 'localhost'

Search options: Specify option for the database search

  --search-all-pages    Show every possible XSS attempts, even on pages where
                        the XSS is not possible (e.g. wiki page)
  --search-history      If set, the program will search though the history
                        instead of the current active content.
  --check-local-users   Check, which users are locally saved in the ILIAS DB
  --show-md5-only	In combination with --check-local-users, show only users
			which password is hashed with md5
  --show-passwords	In combination with --check-local-users and/or --show-md5-only,
			show users with their passwords			

Output: Set options for the output

  --url URL, -u URL     Set a different url for the link output. 
  --show-complete-entry
                        Prints the whole entry instead of just the HTML tags.
  --show-only-critical  Show only entries with critical keywords, e.g. script,
                        onerror, onload
  --disable-highlighting
                        Disables the console highlighting for critical
                        keywords
  --quiet, -q           Disables the console output
  --output OUTPUT, -o OUTPUT
                        Save the result to a file. Only .csv and .txt are
                        valid extensions!
  --noOutput            generate no log file, if this and --output is not set,
                        a log file is automatically generated in /var/log
  --use-date 		    Save the result to a file named with actual date.
			            Works with --output to determine the output dir.

Created by: Marius Binal (https://github.com/marius56) and Bastian Buck (https://github.com/bstnbuck)