Aardvark Topsites XSS / Disclosure

`Hi,  
  
Here's the vulnerabilities descriptions and POCs:  
#################################  
  
I write to report three vulnerabilities that I found in the last version   
of Aardvark Topsites PHP(5.2.1) and older versions.  
  
The cause of all of them is the incorrect verification of input parameters.  
  
  
Here are the vulnerabilities:  
==================  
  
HTML Injection (up to 5.2.0)  
--------------------------  
  
For example, is possible to inject a link to any URL with any anchor text.  
  
POC:   
/index.php?a=search&q=psstt+security”><a+href%3Dhttp%3A%2F%2Fwebsec.id3as.com>Web-Application-Security   
  
  
  
Information Disclosure 1 (up to 5.2.1)  
--------------------------  
  
Disclosure of full path of the application sources when you put a   
negative number at the ’start’ parameter.  
  
POC: /index.php?a=search&q=psstt&start=-4  
  
  
Information Disclosure 2 (up to 5.2.0)  
--------------------------  
  
Disclosure of full path of the application sources and some source code   
too when you put an non-existent user at ‘u’ parameter.  
  
POC: /index.php?a=rate&u=nonexistentuser  
==================  
  
I created a page with the details and possible updates at:   
http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/   
  
  
  
Feel free to ask me any question about this to properly report this   
vulnerabilities.  
  
Google Dork: "Powered by Aardvark Topsites PHP 5.2.0"  
(or 5.2.1 for the last version)  
  
#################################  
  
Thanks,  
José Pablo González / J07AP3  
  
`