GFI WebMonitor Admin UI Remote Script Code Injection ==================================================== Affected Products/Versions -------------------------- Product Name: GFI Webmonitor Version Number: 2009 Build Number: 20100324 Platform: Microsoft Windows Product/Company Information --------------------------- GFI WebMonitor is a enterprise filtering and monitoring solution for web traffic, that also protects users against viruses, spyware, malware and phishing scams. From GFI's website: "GFI WebMonitor offers web security features that allow you to control your employees Internet access by monitoring what files employees are downloading, to block file types such as MP3s and to scan all files for viruses, spyware and malware using multiple antivirus engines. GFI WebMonitor lowers the risk of social engineering by blocking access to phishing websites through the use of an auto-updatable database of phishing urls. The web monitoring features also allow you to monitor and block Live Messengenger (MSN) chat sessions and file transfers." GFI's Website can be found at http://www.gfi.com Vulnerability Description ------------------------- GFI WebMonitor works as a proxy for HTTP communication and is doing insufficient input filtering on data, send to the proxy port. This enables attackers to inject script code that will be executed within the GFI WebMonitor configuration UI. Patch Information ----------------- http://ftp.gfisoftware.com/patches/WebMon2009/20100324/WM2009_PATCH_20100823_01.zip Advisory Information --------------------- This: http://www.oliverkarow.de/research/GFIWebMonitor.txt Blog: http://oliver.greyhat.de/2010/08/25/gfi-webmonitor-admin-ui-remote-script-code-injection/ History ------- 27/07/2010 - Informing GFI about vulnerability 28/07/2010 - Initial response from GFI 29/07/2010 - Sending full vulnerability description to GFI 17/08/2010 - GFI sent fix for testing 20/08/2010 - Fix successfully tested, sent response to GFI 25/08/2010 - Advisory release