GFI WebMonitor Admin UI Remote Script Code Injection

Affected Products/Versions

Product Name: GFI Webmonitor
Version Number: 2009
Build Number: 20100324
Platform: Microsoft Windows

Product/Company Information

GFI WebMonitor is a enterprise filtering and monitoring solution for web traffic,
that also protects users against viruses, spyware, malware and phishing scams.

From GFI's website:

            "GFI WebMonitor offers web security features that allow you to control your 

employees Internet access by monitoring what files employees are downloading, to
block file types such as MP3s and to scan all files for viruses, spyware and malware
using multiple antivirus engines. GFI WebMonitor lowers the risk of social engineering
by blocking access to phishing websites through the use of an auto-updatable database
of phishing urls. The web monitoring features also allow you to monitor and block
Live Messengenger (MSN) chat sessions and file transfers."

GFI's Website can be found at http://www.gfi.com

Vulnerability Description

GFI WebMonitor works as a proxy for HTTP communication and is doing insufficient
input filtering on data, send to the proxy port. This enables attackers to inject
script code that will be executed within the GFI WebMonitor configuration UI.

Patch Information

http://ftp.gfisoftware.com/patches/WebMon2009/20100324/WM2009_PATCH_20100823_01.zip

Advisory Information

This: http://www.oliverkarow.de/research/GFIWebMonitor.txt
Blog: http://oliver.greyhat.de/2010/08/25/gfi-webmonitor-admin-ui-remote-script-code-injection/

History

27/07/2010 - Informing GFI about vulnerability
28/07/2010 - Initial response from GFI
29/07/2010 - Sending full vulnerability description to GFI
17/08/2010 - GFI sent fix for testing
20/08/2010 - Fix successfully tested, sent response to GFI
25/08/2010 - Advisory release