Today I released a security advisory regarding GFI WebMonitor. WebMonitor is a filtering and monitoring solution for web traffic, which also protects against viruses, spyware, malware and phishing scams.
During a quick security analysis of the product, i figured out a way to inject script code, that will be executed automatically within the Administrator UI.
The advisory can be found here: GFIWebMonitor.txt
Added by Admin: A screenshot, where i injected an iframe into the Admin Interface… just to visualize it to GFI’s security response 🙂