GFI WebMonitor Admin UI Remote Script Code Injection
====================================================

Affected Products/Versions
--------------------------

Product Name: GFI Webmonitor
Version Number: 2009
Build Number: 20100324
Platform: Microsoft Windows


Product/Company Information
---------------------------

GFI WebMonitor is a enterprise filtering and monitoring solution for web traffic, 
that also protects users against viruses, spyware, malware and phishing scams. 


>From GFI's website:

    "GFI WebMonitor offers web security features that allow you to control your 
employees Internet access by monitoring what files employees are downloading, to 
block file types such as MP3s and to scan all files for viruses, spyware and malware 
using multiple antivirus engines. GFI WebMonitor lowers the risk of social engineering 
by blocking access to phishing websites through the use of an auto-updatable database 
of phishing urls. The web monitoring features also allow you to monitor and block 
Live Messengenger (MSN) chat sessions and file transfers."

GFI's Website can be found at http://www.gfi.com


Vulnerability Description
-------------------------

GFI WebMonitor works as a proxy for HTTP communication and is doing insufficient 
input filtering on data, send to the proxy port. This enables attackers to inject 
script code that will be executed within the GFI WebMonitor configuration UI.


Patch Information
-----------------

http://ftp.gfisoftware.com/patches/WebMon2009/20100324/WM2009_PATCH_20100823_01.zip


Advisory Information
---------------------

This: http://www.oliverkarow.de/research/GFIWebMonitor.txt
Blog: http://oliver.greyhat.de/2010/08/25/gfi-webmonitor-admin-ui-remote-script-code-injection/


History
-------

27/07/2010 - Informing GFI about vulnerability
28/07/2010 - Initial response from GFI
29/07/2010 - Sending full vulnerability description to GFI 
17/08/2010 - GFI sent fix for testing
20/08/2010 - Fix successfully tested, sent response to GFI
25/08/2010 - Advisory release