Oliver’s Blog

Today I released a security advisory regarding GFI WebMonitor. WebMonitor is a filtering and monitoring solution for web traffic, which also protects against viruses, spyware, malware and phishing scams.

During a quick security analysis of the product, i figured out a way to inject script code, that will be executed automatically within the Administrator UI.

The advisory can be found here: GFIWebMonitor.txt

Added by Admin:  A screenshot, where i injected an iframe into the Admin Interface… just to visualize it to GFI’s security response

This entry was posted on Mittwoch, August 25th, 2010 at 12:29 and is filed under linkedin, Advisories, Allgemein. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.