what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

GFI WebMonitor Script Code Injection

GFI WebMonitor Script Code Injection
Posted Aug 26, 2010
Authored by Oliver Karow | Site oliverkarow.de

The GFI WebMonitor administrative interface suffers from a remote script code injection vulnerability.

tags | advisory, remote
SHA-256 | e759d7240347b5d2e90c6c08c5d87afae48474ff41901286e4df0ca8ca2ec635

GFI WebMonitor Script Code Injection

Change Mirror Download
GFI WebMonitor Admin UI Remote Script Code Injection
====================================================

Affected Products/Versions
--------------------------

Product Name: GFI Webmonitor
Version Number: 2009
Build Number: 20100324
Platform: Microsoft Windows


Product/Company Information
---------------------------

GFI WebMonitor is a enterprise filtering and monitoring solution for web traffic,
that also protects users against viruses, spyware, malware and phishing scams.


>From GFI's website:

"GFI WebMonitor offers web security features that allow you to control your
employees Internet access by monitoring what files employees are downloading, to
block file types such as MP3s and to scan all files for viruses, spyware and malware
using multiple antivirus engines. GFI WebMonitor lowers the risk of social engineering
by blocking access to phishing websites through the use of an auto-updatable database
of phishing urls. The web monitoring features also allow you to monitor and block
Live Messengenger (MSN) chat sessions and file transfers."

GFI's Website can be found at http://www.gfi.com


Vulnerability Description
-------------------------

GFI WebMonitor works as a proxy for HTTP communication and is doing insufficient
input filtering on data, send to the proxy port. This enables attackers to inject
script code that will be executed within the GFI WebMonitor configuration UI.


Patch Information
-----------------

http://ftp.gfisoftware.com/patches/WebMon2009/20100324/WM2009_PATCH_20100823_01.zip


Advisory Information
---------------------

This: http://www.oliverkarow.de/research/GFIWebMonitor.txt
Blog: http://oliver.greyhat.de/2010/08/25/gfi-webmonitor-admin-ui-remote-script-code-injection/


History
-------

27/07/2010 - Informing GFI about vulnerability
28/07/2010 - Initial response from GFI
29/07/2010 - Sending full vulnerability description to GFI
17/08/2010 - GFI sent fix for testing
20/08/2010 - Fix successfully tested, sent response to GFI
25/08/2010 - Advisory release
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close