# ILIAS-XSS-vulnerability A Python script that identifies executed XSS attacks in the eLearning portal ILIAS. ## Why? Up to version 5.4.10 of the elearning portal ILIAS it was possible to execute cross-site scripting attacks (XSS for short). For this purpose, JavaScript code could be placed on different parts of the portal. Due to reports from project members in conjunction with the Albstadt-Sigmaringen University of Applied Sciences, the possibility of these attacks was fixed by the ILIAS community in version 5.4.10. See the following references: > ILIAS Patch Version 5.4.10: https://docu.ilias.de/goto_docu_pg_118823_35.html </br> Explanation of XSS-attacks: https://owasp.org/www-community/attacks/xss/ > <b>Note: The script can also be executed successfully in newer versions of 5.4.x. Only the malicious parts are no longer executed in ILIAS. </b> ## Installation To use this script, you have to install it's dependencies first. This can be done with the additional requirements file and Python 3.7 with PIP. To do so, run the command `pip3 install -r requirements.txt` in the folder where the requirements.txt file is placed. ### Requirements (for short) * Python 3.7 * pip * requirements from `requirements.txt` ## Usage This program searches through the ILIAS database to find potential XSS attacks The default mode searches the table 'page_object' and the history mode the table 'page_history' ``` usage: Ilias_XSS_Database_search.py [-h] [--password] [--database DATABASE] [--database-ip DATABASE_IP] [--search-all-pages] [--search-history] [--url URL] [--show-complete-entry] [--show-only-critical] [--disable-highlighting] [--quiet] [--output OUTPUT] [--noOutput] [--use-date] [--check-local-users] [--show-md5-only] [--show-passwords] database_user ``` optional arguments: ``` -h, --help show this help message and exit ``` Database options: Specify options to connect to the database ``` user Set the user to connect to the database --password, -p Enter the password for the user to connect to the database --database DATABASE Set the database for the ILIAS installation. Default: 'ilias' --database-ip DATABASE_IP Set the database IP address for the ILIAS database. Default: 'localhost' ``` Search options: Specify option for the database search ``` --search-all-pages Show every possible XSS attempts, even on pages where the XSS is not possible (e.g. wiki page) --search-history If set, the program will search though the history instead of the current active content. --check-local-users Check, which users are locally saved in the ILIAS DB --show-md5-only In combination with --check-local-users, show only users which password is hashed with md5 --show-passwords In combination with --check-local-users and/or --show-md5-only, show users with their passwords ``` Output: Set options for the output ``` --url URL, -u URL Set a different url for the link output. --show-complete-entry Prints the whole entry instead of just the HTML tags. --show-only-critical Show only entries with critical keywords, e.g. script, onerror, onload --disable-highlighting Disables the console highlighting for critical keywords --quiet, -q Disables the console output --output OUTPUT, -o OUTPUT Save the result to a file. Only .csv and .txt are valid extensions! --noOutput generate no log file, if this and --output is not set, a log file is automatically generated in /var/log --use-date Save the result to a file named with actual date. Works with --output to determine the output dir. ``` Created by: Marius Binal (https://github.com/marius56) and Bastian Buck (https://github.com/bstnbuck)