Oliver's Blog Yet Another Needless BLOG

25.8.2010

GFI WebMonitor Admin UI Remote Script Code Injection

Filed under: Advisories,Allgemein,linkedin — oliver.karow @ 12:29

Today I released a security advisory regarding GFI WebMonitor. WebMonitor is a filtering and monitoring solution for web traffic, which also protects against viruses, spyware, malware and phishing scams.

During a quick security analysis of the product, i figured out a way to inject script code, that will be executed automatically within the Administrator UI.

The advisory can be found here: GFIWebMonitor.txt

Added by Admin:  A screenshot, where i injected an iframe into the Admin Interface… just to visualize it to GFI’s security response 🙂

iframe.png

2 Comments

  1. Hey das hab ich live miterlebt

    Kommentar by Giovanni — 26.8.2010 @ 00:53

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress