dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed all lesson specific source and resources

Browse Source
This commit is contained in:
Bruce Mayhew
2015-01-02 13:40:15 -05:00
parent 06237b8cef
commit 1a5358458c
1026 changed files with 9 additions and 86079 deletions
Download Patch File Download Diff File Expand all files Collapse all files

220
src/main/resources/WebGoatLabels.properties
View File

@ -5,223 +5,3 @@ SolutionVideos=Solution Videos
ErrorGenerating=Error generating
InvalidData=Invalid Data
#HttpBasics.java
EnterYourName=Enter your Name
Go!=Go!
#BasicAuthentication.java
BasicAuthHeaderNameIncorrect=Basic Authentication header name is incorrect.
BasicAuthHeaderValueIncorrect=Basic Authentication header value is incorrect.
BasicAuthenticationWhatIsNameOfHeader=What is the name of the authentication header:
BasicAuthenticationWhatIsDecodedValueOfHeader=What is the decoded value of the authentication header:
Submit=Submit
BasicAuthenticationGreenStars1=Close your browser and login as
BasicAuthenticationGreenStars2= to get your green stars back.
BasicAuthenticationStage1Completed=Congratulations, you have figured out the mechanics of basic authentication.  - Now you must try to make WebGoat reauthenticate you as:     - username: basic     - password: basic. Use the Basic Authentication Menu to start at login page.
BasicAuthenticationAlmostThere1=You're almost there! You've modified the
BasicAuthenticationAlmostThere2= header but you are still logged in as
BasicAuthenticationAlmostThere3=. Look at the request after you typed in the 'basic' user credentials and submitted the request. Remember the order of events that occur during Basic Authentication.
BasicAuthenticationReallyClose=You're really close! Changing the session cookie caused the server to create a new session for you. This did not cause the server to reauthenticate you. When you figure out how to force the server to perform an authentication request, you have to authenticate as:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;user name: basic<br> &nbsp;&nbsp;&nbsp;&nbsp;password: basic<br>
BasicAuthenticationUseTheHints=Use the hints! One at a time...
BasicAuthenticationHint1=Basic authentication uses a cookie to pass the credentials. Use a proxy to intercept the request. Look at the cookies.
BasicAuthenticationHint2=Basic authentication uses Base64 encoding to 'scramble' the " + "user's login credentials.
BasicAuthenticationHint3=Basic authentication uses 'Authorization' as the cookie name to " + "store the user's credentials.
BasicAuthenticationHint4=Use WebScarab -> Tools -> Transcoder to Base64 decode the value in the Authorization cookie.
BasicAuthenticationHint5=Basic authentication uses a cookie to pass the credentials. Use a proxy to intercept the request. Look at the cookies.
BasicAuthenticationHint6=Before the WebServer requests credentials from the client, the current session is checked for validitity.
BasicAuthenticationHint7=If the session is invalid the webserver will use the basic authentication credentials
BasicAuthenticationHint8=If the session is invalid and the basic authentication credentials are invalid, new credentials will be requested from the client.
BasicAuthenticationHint9=Intercept the request and corrupt the JSESSIONID and the Authorization header.
#WeakAuthenticationCookie.java
InvalidCookie=Invalid cookie
IdentityRemembered=Your identity has been remembered
InvalidUsernameAndPassword=Invalid username and password entered.
UserName=User Name
Password=Password
Login=Login
RequiredFields=Required Fields
WeakAuthenticationCookiePleaseSignIn=Please sign in to your account. See the OWASP admin if you do not have an account.
SignIn=Sign in
PasswordForgotten=Goodbye! Your password has been forgotten
WelcomeUser=Welcome,
YouHaveBeenAuthenticatedWith=You have been authenticated with
Logout=Logout
Refresh=Refresh
WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>.
WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names?
#RemoteAdminFlaw.java
RemoteAdminFlawHint1=WebGoat has 2 admin interfaces.
RemoteAdminFlawHint2=WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'
RemoteAdminFlawHint3=WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'
RemoteAdminFlawHint4=Follow the Source!
RemoteAdminFlawHint5=On success you will see new submenu items in the menupoint 'Admin Functions'
#PathBasedAccessControl.java
CurrentDirectory=Current Directory is:
ChooseFileToView=Choose the file to view:
ViewFile=View File
AccessDenied=Access denied
ItAppears1=It appears that you are on the right track. Commands that may compromise the operating system have been disabled. You are only allowed to see one file in this directory.
ItAppears2=It appears that you are on the right track. Commands that may compromise the operating system have been disabled. You are only allowed to see files in the webgoat directory.
CongratsAccessToFileAllowed=Congratulations! Access to file allowed
FileInAllowedDirectory=File is already in allowed directory - try again!
AccessToFileDenied1=Access to file/directory "
AccessToFileDenied2=" denied
FileTooLarge=File is too large
FileBinary=File is binary
TheFollowingError=The following error occurred while accessing the file: <
PathBasedAccessControlInstr1=The '
PathBasedAccessControlInstr2=' user has access to all the files in the lesson_plans/English directory. Try to break the access control mechanism and access a resource that is not in the listed directory. After selecting a file to view, WebGoat will report if access to the file was granted. An interesting file to try and obtain might be a file like tomcat/conf/tomcat-users.xml. Remember that file paths will be different if using the WebGoat source.
ErrorGenerating=Error generating
ViewingFile=Viewing file:
File=File:
Dir=Dir:
IsFile= - isFile():
Exists= - exists():
PathBasedAccessControlHint1=Most operating systems allow special characters in the path.
PathBasedAccessControlHint2=Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory");
PathBasedAccessControlHint3=Try .. in the path
PathBasedAccessControlHint4=Try ..\\..\\..\\LICENSE
#CommandInjection.java
Command=Command
CommandInjectionRightTrack1=It appears that you are on the right track. Commands that may compromise the operating system have been disabled. The following commands are allowed: netstat -a, dir, ls, ifconfig, and ipconfig.
CommandInjectionRightTrack2=It appears that you are on the right track. Commands that may compromise the operating system have been disabled. This lesson is a command injection lesson, not access control.
YouAreCurrentlyViewing=You are currently viewing:
SelectFileFromListBelow=select file from list below
SelectLessonPlanToView=Select the lesson plan to view:
View=View
CommandInjectionHint1=The application is using a system command to return the contents of a file.
CommandInjectionHint2=The ampersand(&) separates commands in the Windows 2000 command shell. In Unix the separator is typically a semi-colon(;)
CommandInjectionHint3=Use a proxy to insert & netstat -a on Windows or ;netstat -a on Unix.
CommandInjectionHint4=Note that the server may enclose the submitted file name within quotes
#NumericSqlInjection.java
NumericSqlInjectionSecondStage=Bet you can't do it again! This lesson has detected your successful attack and has now switched to a defensive mode. Try again to attack a parameterized query.
NoResultsMatched=No results matched. Try Again.
NumericSqlInjectionSecondStage2=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query.
ErrorParsingAsNumber=Error parsing station as a number:
SelectYourStation=Select your local weather station:
SqlNumericInjectionHint1=The application is taking the input from the select box and inserts it at the end of a pre-formed SQL command.
SqlNumericInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br>"SELECT * FROM weather_data WHERE station = " + station
SqlNumericInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true.
SqlNumericInjectionHint4=Try to intercept the post request with WebScarab and replace the station with [ 101 OR 1 = 1 ].
#StringSqlInjection.java
StringSqlInjectionSecondStage=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query. Restart the lesson if you wish to return to the injectable query.
EnterLastName=Enter your last name:
NoResultsMatched=No results matched. Try Again.
SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command.
SqlStringInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true
SqlStringInjectionHint4=Try entering [ smith' OR '1' = '1 ].
#LogSpoofing.java
LoginFailedForUserName=Login failed for username
LoginSucceededForUserName=LOGIN SUCCEEDED FOR USERNAME
LogSpoofingHint1=Try to fool the human eye by using new lines.
LogSpoofingHint2=Use CR (%0d) and LF (%0a) for a new line.
LogSpoofingHint3=Try: Smith%0d%0aLogin Succeeded for username: admin
LogSpoofingHint4=Try: Smith%0d%0aLogin Succeeded for username: admin&lt;script&gt;alert(document.cookie)&lt;/script&gt;
#StoredXss.java
StoredXssHint1=You can put HTML tags in your message.
StoredXssHint2=Bury a SCRIPT tag in the message to attack anyone who reads it.
StoredXssHint3=Enter this: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; in the message field.
StoredXssHint4=Enter this: &lt;script&gt;alert(document.cookie);&lt;/script&gt; in the message field.
MessageContentsFor=Message Contents For
Title=Title
PostedBy=Posted by
CouldNotFindMessage=Could not find this message
Message=Message
MessageList=Message List
CouldNotAddMessage=Could not add message to database
ErroGeneratingMessageList=Error while getting message list.
#ReflectedXSS.java
ReflectedXSSWhoops1=Whoops! You entered
ReflectedXSSWhoops2= instead of your three digit code. Please try again.
ShoppingCart=Shopping Cart
ShoppingCartItems=Shopping Cart Items -- To Buy Now
Price=Price
Quantity=Quantity
Total=Total
TotalChargedCreditCard=The total charged to your credit card
UpdateCart=UpdateCart
EnterCreditCard=Enter your credit card number
Enter3DigitCode=Enter your three digit access code
Purchase=Purchase
ReflectedXSSHint1=A simple script is &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.
ReflectedXSSHint2=Can you get the script to disclose the JSESSIONID cookie?
ReflectedXSSHint3=You can use &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; to access the session id cookie
ReflectedXSSHint4=Can you get the script to access the credit card form field?
ReflectedXSSHint5=Try a cross site trace (XST) Command:<br>&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1){var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); document.write(str1);}&lt;/script&gt;");
#HtmlClues.java
HtmlCluesBINGO=BINGO -- admin authenticated
HtmlCluesHint1=You can view the HTML source by selecting 'view source' in the browser menu.
HtmlCluesHint2=There are lots of clues in the HTML
HtmlCluesHint3=Search for the word HIDDEN, look at URLs, look for comments.
#JavaScriptValidation.java
3LowerCase=Field1: exactly three lowercase characters
Exactly3Digits=Field2: exactly three digits
LettersNumbersSpaceOnly=Field3: letters, numbers, and space only
EnumerationOfNumbers=Field4: enumeration of numbers
SimpleZipCode=Field5: simple zip code
ZIPDashFour=Field6: zip with optional dash four
USPhoneNumber=Field7: US phone number with or without dashes
ServerSideValidationViolation=Server side validation violation: You succeeded for
JavaScriptValidationHint1=The validation is happening in your browser.
JavaScriptValidationHint2=Try modifying the values with a proxy after they leave your browser
JavaScriptValidationHint3=Another way is to delete the JavaScript before you view the page.
#HiddenFieldTampering.java
TotalPriceIs=Your total price is
ThisAmountCharged=This amount will be charged to your credit card immediately.
HiddenFieldTamperingHint1=This application is using hidden fields to transmit price information to the server.
HiddenFieldTamperingHint2=Use a program to intercept and change the value in the hidden field.
HiddenFieldTamperingHint3=Use <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> to change the price of the TV from "
HiddenFieldTamperingHint32= to
# Modify data with SQL Injection
EnterUserid=Enter your userid:
SqlModifyDataHint1=You can use SQL Injection to execute more than one SQL statement.
SqlModifyDataHint2=Use a semicolon (;) to separate SQL statements.
SqlModifyDataHint3=Modify data using a SQL UPDATE Statement.
SqlModifyDataHint4=For details and examples for SQL UPDATE statements, see <A href=\"http://www.w3schools.com/SQl/sql_update.asp\">http://www.w3schools.com/SQl/sql_update.asp</A>
SqlModifyDataHint5=SOLUTION:<br/>foo'; UPDATE salaries SET salary=9999999 WHERE userid='jsmith
# Modify data with SQL Injection
SqlAddDataHint1=You can use SQL Injection to execute more than one SQL statement.
SqlAddDataHint2=Use a semicolon (;) to separate SQL statements. You will also need to comment out some characters that come after the injection with a double hyphen (--).
SqlAddDataHint3=Modify data using a SQL INSERT Statement.
SqlAddDataHint4=For details and examples for SQL INSERT statements, see <A href=\"http://www.w3schools.com/SQl/sql_insert.asp\">http://www.w3schools.com/SQl/sql_insert.asp</A>
SqlAddDataHint5=SOLUTION:<br/>bar'; INSERT INTO salaries VALUES ('cwillis', 999999); --
# Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=You must re-enable the disabled form field or manually add its parameter name to your request.
BypassHtmlFieldRestrictionsHint2=You can use <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> to intercept requests and make changes.
BypassHtmlFieldRestrictionsHint3=Rather than using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>, you could instead use the <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> and/or <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a> Firefox extensions to complete this lesson.

198
src/main/resources/WebGoatLabels_de.properties
View File

@ -5,202 +5,4 @@ SolutionVideos=L\u00f6sungsvideos
ErrorGenerating=Fehler beim Generieren von
InvalidData=Ung\u00fcltige Daten
#HttpBasics.java
EnterYourName=Geben Sie Ihren Namen ein
Go!=Los gehts!
#BasicAuthentication.java
BasicAuthHeaderNameIncorrect=Basic Authentication Header Name ist inkorrekt.
BasicAuthHeaderValueIncorrect=Basic Authentication Header Wert ist inkorrekt.
BasicAuthenticationWhatIsNameOfHeader=Was ist der Name des Authentication Header:
BasicAuthenticationWhatIsDecodedValueOfHeader=Was ist der dekodierte Wert des Authentication Header:
Submit=Abschicken
BasicAuthenticationGreenStars1=Schlie\u00dfen Sie Ihren Browser und loggen sich Sich als
BasicAuthenticationGreenStars2= ein um Ihre gr\u00fcnen Sterne wiederzubekommen.
BasicAuthenticationStage1Completed=Herzlichen Gl\u00fcckwunsch, Sie haben die Grundlagen von Basic Authentication verstanden - Jetzt versuchen Sie sich von WebGoat als: username: basic &nbsp;&nbsp;&nbsp;&nbsp;- password: basic authentisieren zu lassen. Benutzen Sie das Basic Authentication Menu um eine Login Seite zu \u00f6ffnen.
BasicAuthenticationAlmostThere1=Sie Sind fast da! Sie haben den
BasicAuthenticationAlmostThere2= Header manipuliert aber Sie sind immernoch als
BasicAuthenticationAlmostThere3= eingeloggt. Schauen Sie sich den Request an nachdem Sie die 'basic' Authentisierungsdaten eingetippt haben und die Anfrage abgeschickt haben. Halten Sie sich die Reihenfolge der Ereignisse die bei Basic Authentication eintreten vor Augen.
BasicAuthenticationReallyClose=Sie sind sehr nahe dran! Durch das \u00c4ndern des Session Cookie haben Sie den Server dazu gebracht eine neue Session f\u00fcr Sie zu erstellen. Dies hat sie allerdings nicht re-authentisiert. Wenn Sie herausgefunden haben wie Sie den Server dazu zwingen k\u00f6nnen Sie zu re-authentisieren dann authentisieren Sie sich als:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;user name: basic<br> &nbsp;&nbsp;&nbsp;&nbsp;password: basic<br>
BasicAuthenticationUseTheHints=Benutzen Sie die Hinweise! Einen nach dem anderen...
BasicAuthenticationHint1=Basic authentication uses a cookie to pass the credentials. Use a proxy to intercept the request. Look at the cookies.
BasicAuthenticationHint2=Basic authentication uses Base64 encoding to 'scramble' the " + "user's login credentials.
BasicAuthenticationHint3=Basic authentication uses 'Authorization' as the cookie name to " + "store the user's credentials.
BasicAuthenticationHint4=Use WebScarab -> Tools -> Transcoder to Base64 decode the value in the Authorization cookie.
BasicAuthenticationHint5=Basic authentication uses a cookie to pass the credentials. Use a proxy to intercept the request. Look at the cookies.
BasicAuthenticationHint6=Before the WebServer requests credentials from the client, the current session is checked for validitity.
BasicAuthenticationHint7=If the session is invalid the webserver will use the basic authentication credentials
BasicAuthenticationHint8=If the session is invalid and the basic authentication credentials are invalid, new credentials will be requested from the client.
BasicAuthenticationHint9=Intercept the request and corrupt the JSESSIONID and the Authorization header.
#WeakAuthenticationCookie.java
InvalidCookie=Ung\u00fcltiger Cookie!
IdentityRemembered=Ihre Identit\u00e4t wurde abgespeichert
InvalidUsernameAndPassword=Benutzername und Passwort ung\u00fcltig.
UserName=Benutzername
Password=Passwort
Login=Anmelden
RequiredFields=*Ben\u00f6tigte Felder
WeakAuthenticationCookiePleaseSignIn=Bitte melden Sie sich an. Kontaktieren Sie den OWASP Administrator wenn Sie keine Anmeldedaten haben.
SignIn=Anmeldung
PasswordForgotten=Auf Wiedersehen! Ihr Passwort wurde vergessen
WelcomeUser=Willkommen,
YouHaveBeenAuthenticatedWith=Sie wurden authentisiert mit
Logout=Abmelden
Refresh=Neu Laden
WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>.
WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names?
#RemoteAdminFlaw.java
RemoteAdminFlawHint1=WebGoat has 2 admin interfaces.
RemoteAdminFlawHint2=WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'
RemoteAdminFlawHint3=WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'
RemoteAdminFlawHint4=Follow the Source!
RemoteAdminFlawHint5=On success you will see new submenu items in the menupoint 'Admin Functions'
#PathBasedAccessControl.java
CurrentDirectory=Das aktuelle Verzeichnis ist:
ChooseFileToView=W\u00e4hlen Sie die Datei zum Anzeigen:
ViewFile=Datei anzeigen
AccessDenied=Zugang verweigert
ItAppears1=Es scheint als w\u00e4ren Sie auf dem richtigen Weg. Befehle die das Betriebssystem beeinflussen k\u00f6nnten werden ignoriert. Sie d\u00fcrfen nur eine Datei in diesem Verzeichnis anzeigen.
ItAppears2=Es scheint als w\u00e4ren Sie auf dem richtigen Weg. Befehle die das Betriebssystem beeinflussen k\u00f6nnten werden ignoriert. Sie d\u00fcrfen nur Dateien im WebGoat Verzeichnis anzeigen.
CongratsAccessToFileAllowed=Herzlichen Gl\u00fcckwunsch! Zugang zur Datei gew\u00e4hrt
FileInAllowedDirectory=Die Datei ist bereits in einem erlaubten Verzeichnis - Versuchen Sie es erneut!
AccessToFileDenied1=Zugang zu Datei/Verzeichnis "
AccessToFileDenied2=" verweigert
FileTooLarge=Datei ist zu gro\u00df
FileBinary=Datei hat bin\u00e4r-Inhalt
TheFollowingError=Der folgende Fehler trat auf beim Zugriff auf die Datei: <
PathBasedAccessControlInstr1=Der '
PathBasedAccessControlInstr2=' Benutzer hat Zugriff auf alle Dateien im lesson_plans/English Verzeichnis. Versuchen Sie den Zugangsmechanismus zu brechen indem Sie auf eine Resource zugreifen die nicht im gelisteten Verzeichnis liegt. Nachdem Sie eine Datei ausgew\u00e4hlt haben, wird WebGoat Ihnen sagen ob Sie Zugriff darauf haben. Eine interessante Datei k\u00f6nnte tomcat/conf/tomcat-users.xml sein.
ErrorGenerating=Fehler beim Generieren von
ViewingFile=Anzeige von Datei:
File=Datei:
Dir=Verzeichnis:
IsFile= - isFile() (ist eine Datei):
Exists= - exists() (existiert):
PathBasedAccessControlHint1=Most operating systems allow special characters in the path.
PathBasedAccessControlHint2=Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory");
PathBasedAccessControlHint3=Try .. in the path
PathBasedAccessControlHint4=Try ..\\..\\..\\LICENSE
#CommandInjection.java
Command=Befehl
CommandInjectionRightTrack1=Es scheint, dass Sie auf dem richtigen Weg sind. Befehle die das Betriebssystem kompromittieren k\u00f6nnen wurden deaktiviert. Die folgenden Befehle sind erlaubt: netstat -a, dir, ls, ifconfig und ipconfig.
CommandInjectionRightTrack2=Es scheint, dass Sie auf dem richtigen Weg sind. Befehle die das Betriebssystem kompromittieren k\u00f6nnen wurden deaktiviert. In dieser Lektion geht es um das Einschleusen von Befehlen, nicht um Zugangskontrolle.
YouAreCurrentlyViewing=Sie betrachten gerade:
SelectFileFromListBelow=w\u00e4hlen Sie eine Datei aus der Liste
SelectLessonPlanToView=W\u00e4hlen Sie die zu betrachtende Lektion aus:
View=Anzeigen
CommandInjectionHint1=The application is using a system command to return the contents of a file.
CommandInjectionHint2=The ampersand(&) separates commands in the Windows 2000 command shell. In Unix the separator is typically a semi-colon(;)
CommandInjectionHint3=Use a proxy to insert & netstat -a on Windows or ;netstat -a on Unix.
CommandInjectionHint4=Note that the server may enclose the submitted file name within quotes
#NumericSqlInjection.java
NumericSqlInjectionSecondStage=Ich wette das k\u00f6nnen Sie nicht wiederholen. Diese Lektion hat nun in einen defensiven Modus gewechselt. Versuchen Sie nun eine parametrisierte Anfrage anzugreifen.
NoResultsMatched=Keine Resultate gefunden. Versuchen Sie es erneut.
NumericSqlInjectionSecondStage2=Da sie nun erfolgreich eine SQL Injection durchgef\u00fchrt haben, versuchen Sie denselben Typ von Angriff auf eine parametrisierte Anfrage.
ErrorParsingAsNumber=Fehler beim interpretieren der Wetterstationsnummer als Zahl:
SelectYourStation=W\u00e4hlen Sie Ihre lokale Wetterstation aus:
SqlNumericInjectionHint1=The application is taking the input from the select box and inserts it at the end of a pre-formed SQL command.
SqlNumericInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br>"SELECT * FROM weather_data WHERE station = " + station
SqlNumericInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true.
SqlNumericInjectionHint4=Try to intercept the post request with WebScarab and replace the station with [ 101 OR 1 = 1 ].
#StringSqlInjection.java
StringSqlInjectionSecondStage=Da sie nun erfolgreich eine SQL Injection durchgef\u00fchrt haben, versuchen Sie denselben Typ von Angriff auf eine parametrisierte Anfrage. Starten Sie Diese Lektion neu, wenn Sie zur verwundbaren SQL Anfrage gelangen m\u00f6chten.
EnterLastName=Geben Sie Ihren Nachnamen ein:
NoResultsMatched=Keine Resultate gefunden, versuchen Sie es erneut
SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command.
SqlStringInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true
SqlStringInjectionHint4=Try entering [ smith' OR '1' = '1 ].
#LogSpoofing.java
LoginFailedForUserName=Login failed for username
LoginSucceededForUserName=LOGIN SUCCEEDED FOR USERNAME
LogSpoofingHint1=Versuchen Sie das menschliche Auge durch Einf\u00fcgen von weiteren Zeilen zu verwirren
LogSpoofingHint2=Benutzen Sie CR (%0d) und LF (%0a) f\u00fcr eine neue Zeile.
LogSpoofingHint3=Versuchen Sie: Smith%0d%0aLogin Succeeded for username: admin
LogSpoofingHint4=Versuchen Sie: Smith%0d%0aLogin Succeeded for username: admin&lt;script&gt;alert(document.cookie)&lt;/script&gt;
#StoredXss.java
StoredXssHint1=Sie k\u00f6nnen HTML tags in Ihre Nachricht einbauen.
StoredXssHint2=Bauen Sie ein SCRIPT tag in Ihre Nachricht ein um jeden Anzugreifen der sie liest
StoredXssHint3=Geben Sie: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; in das Nachrichtenfeld ein.
StoredXssHint4=Geben Sie: &lt;script&gt;alert(document.cookie);&lt;/script&gt; in das Nachrichtenfeld ein.
MessageContentsFor=Nachrichteninhalt f\u00fcr
Title=Titel
PostedBy=Geschrieben von
CouldNotFindMessage=Konnte diese Nachricht nicht finden
Message=Nachricht
MessageList=Nachrichtenliste
CouldNotAddMessage=Could not add message to database
ErroGeneratingMessageList=Error while getting message list.
#ReflectedXSS.java
ReflectedXSSWhoops1=Ups! Sie haben
ReflectedXSSWhoops2= anstatt des drei stelligen Codes eingegeben. Bitte versuchen Sie es erneut.
ShoppingCart=Warenkorb
ShoppingCartItems=Inhalt des Warenkorbs -- Jetzt kaufen
Price=Preis
Quantity=Menge
Total=Gesamt
TotalChargedCreditCard=Der Gesamtbetrag, mit dem Ihre Kreditkarte belastet wird
UpdateCart=Warenkorb aktualisieren
EnterCreditCard=Geben Sie Ihre Kreditkartennummern ein
Enter3DigitCode=Geben Sie Ihren 3-stelligen Sicherheitscode ein
Purchase=Kaufen
ReflectedXSSHint1=Ein einfaches Skript ist &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.
ReflectedXSSHint2=K\u00f6nnen Sie das Skript dazu bringen den JSESSIONID Cookie zu ver\u00f6ffentlichen?
ReflectedXSSHint3=Sie k\u00f6nnen &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; benutzen um an den Session ID Cookie zu kommen
ReflectedXSSHint4=K\u00f6nnen Sie das Skript so gestalten, dass es an den Inhalt des Kreditkartenfeldes kommt?
ReflectedXSSHint5=Versuchen Sie einen cross site trace (XST) Befehl:<br>&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1){var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); document.write(str1);}&lt;/script&gt;");
#HtmlClues.java
HtmlCluesBINGO=BINGO -- admin authentisiert
HtmlCluesHint1=Sie k\u00f6nnen Sich den HTML Quellcode anschauen indem Sie "View Source" im Browser anklicken.
HtmlCluesHint2=Es gibt viele Hinweise in HTML
HtmlCluesHint3=Suchen Sie nach den Worten HIDDEN, schauen Sie sich URLs an und suchen Sie nach Kommentaren.
#JavaScriptValidation.java
3LowerCase=Feld1: genau drei kleine Buchstaben
Exactly3Digits=Feld2: genau drei Ziffern
LettersNumbersSpaceOnly=Feld3: Buchstaben, Ziffern und Leerzeichen
EnumerationOfNumbers=Feld4: ausgeschriebene Ziffern
SimpleZipCode=Feld5: Einfach Postleitzahlen (5 stellige Zahl)
ZIPDashFour=Feld6: Postleitzahlen mit optionalem Bindestrich und 4 stelliger Zahl
USPhoneNumber=Feld7: Telefonnummer in den USA, mit oder ohne Bindestriche
ServerSideValidationViolation=Server-seitige Validierungsversto\u00df: Sie waren erfolgreich f\u00fcr
JavaScriptValidationHint1=Die Validierung findet in Ihrem Browser statt.
JavaScriptValidationHint2=Versuchen Sie den Wert zu ver\u00e4ndern nachdem er Ihren Browser verlassen hat.
JavaScriptValidationHint3=Sie k\u00f6nnen aber auch JavaScript abschalten, bevor Sie sich die Seite anschauen.
#HiddenFieldTampering.java
TotalPriceIs=Der Gesamtpreis ist
ThisAmountCharged=Ihre Kreditkarte wird sofort mit dem Betrag belastet
HiddenFieldTamperingHint1=Die Applikation nutzt ein verstecktes Feld um Preisinformationen an den Server zu \u00fcbertragen.
HiddenFieldTamperingHint2=Benutzen Sie ein Programm um den Wert des versteckten Feldes abzufangen und zu ver\u00e4ndern.
HiddenFieldTamperingHint3=Benutzen Sie <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> um den Preis des Fernsehers auf einen anderen Wert einzustellen.
HiddenFieldTamperingHint32= bis

215
src/main/resources/WebGoatLabels_fr.properties
View File

@ -5,218 +5,3 @@ SolutionVideos=Solution vid\u00e9os
ErrorGenerating=Error generating
InvalidData=Donn\u00e9e invalide
#HttpBasics.java
EnterYourName=Entrez votre nom
Go!=Go!
#BasicAuthentication.java
BasicAuthHeaderNameIncorrect=Le nom de l'en-t\u00eate d'authentification Basic est incorrect.
BasicAuthHeaderValueIncorrect=La valeur de l'en-t\u00eate d'authentification Basic est incorrecte.
BasicAuthenticationWhatIsNameOfHeader=Quel est le nom de l'en-t\u00eate d'authentification ?
BasicAuthenticationWhatIsDecodedValueOfHeader=Quelle est la valeur d\u00e9cod\u00e9e de l'en-t\u00eate d'authentification ?
Submit=Envoyer
BasicAuthenticationGreenStars1=Fermer votre navigateur et connectez-vous en tant que
BasicAuthenticationGreenStars2= afin de retrouver vos \u00e9toiles vertes.
BasicAuthenticationStage1Completed=F\u00e9licitations, vous avez compris la m\u00e9canique de l'authentification Basic.&nbsp;&nbsp;- Vous devez maintenant faire en sorte que WebGoat vous r\u00e9authentifie en tant que: &nbsp;&nbsp;&nbsp;&nbsp;- username: basic &nbsp;&nbsp;&nbsp;&nbsp;- password: basic. Utilisez le menu Basic Authentication pour d\u00e9marrer \u00e0 la page de connexion.
BasicAuthenticationAlmostThere1=Vous y \u00eates presque ! Vous avez modifi\u00e9 l'en-t\u00eate
BasicAuthenticationAlmostThere2= mais vous \u00eates toujours connect\u00e9 en tant que
BasicAuthenticationAlmostThere3=. Etudiez la requ\u00eate soumise apr\u00e8s la saisie des identifiants 'basic' d'utilisateur. Souvenez-vous de l'ordre des \u00e9v\u00e9nements intervenant durant l'authentification Basic.
BasicAuthenticationReallyClose=Vous touchez au but ! Changer le cookie de session contraint le serveur \u00e0 vous assigner une nouvelle session. Cela ne contraint pas le serveur \u00e0 vous r\u00e9authentifier. Quand vous aurez d\u00e9termin\u00e9 comment forcer le serveur \u00e0 op\u00e9rer une requ\u00eate d'authentification, vous devrez vous authentifier en tant que:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;user name: basic<br> &nbsp;&nbsp;&nbsp;&nbsp;password: basic<br>
BasicAuthenticationUseTheHints=Utiliez les indices ! Un \u00e0 la fois...
BasicAuthenticationHint1=L'authentification Basic utilise un cookie pour transmettre les donn\u00e9es d'identification. Utilisez un proxy pour intercepter la requ\u00eate. Etudiez les cookies.
BasicAuthenticationHint2=L'authentification Basic utilise l'encodage Base64 pour 'brouiller' the " + "user's login credentials.
BasicAuthenticationHint3=L'authentification Basic utilise 'Authorization' comme nom de cookie pour " + "store the user's credentials.
BasicAuthenticationHint4=Utiliez WebScarab -> Tools -> Transcoder to Base64 decode the value in the Authorization cookie.
BasicAuthenticationHint5=L'authentification Basic utilise un cookie pour transmettre les donn\u00e9es d'identification. Utilisez un proxy pour intercepter la requ\u00eate. Etudiez les cookies.
BasicAuthenticationHint6=Avant que le serveur web ne requiert une identification du client, la validit\u00e9 de la session courante est contr\u00f4l\u00e9e.
BasicAuthenticationHint7=Si la session est invalide, le serveur web utilisera les identifiants d'authentification Basic
BasicAuthenticationHint8=Si la session est invalide et que les identifiants d'authentification Basic sont \u00e9galement invalides, de nouveaux identifiants seront r\u00e9clam\u00e9s au client.
BasicAuthenticationHint9=Interceptez la requ\u00eate et falsifiez le JSESSIONID et l'en-t\u00eate d'Authorization.
#WeakAuthenticationCookie.java
InvalidCookie=Cookie invalide
IdentityRemembered=Votre identit\u00e9 a \u00e9t\u00e9 m\u00e9moris\u00e9e
InvalidUsernameAndPassword=Nom d'utilisateur et mot de passe saisis invalides.
UserName=Nom d'utilisateur
Password=Mot de passe
Login=Login
RequiredFields=Champs obligatoires
WeakAuthenticationCookiePleaseSignIn=Veuillez vous connecter \u00e0 votre compte. Contactez l'admin OWASP si vous n'avez pas de compte.
SignIn=Connexion
PasswordForgotten=Au revoir ! Votre mot de passe a \u00e9t\u00e9 oubli\u00e9
WelcomeUser=Bienvenue,
YouHaveBeenAuthenticatedWith=Vous avez \u00e9t\u00e9 authentifi\u00e9 par
Logout=D\u00e9connexion
Refresh=Rafraichir
WeakAuthenticationCookieHints1=Le serveur authentifie l'utilisateur au moyen d'un cookie, si vous envoyez le bon cookie.
WeakAuthenticationCookieHints2=La valeur AuthCookie peut-elle \u00eatre d\u00e9duite du nom d'utilisateur et du mot de passe ?
WeakAuthenticationCookieHints3=Ajoutez 'AuthCookie=********;' \u00e0 l'en-t\u00eate Cookie: header en utilisant <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">ZAP</A>.
WeakAuthenticationCookieHints4=Apr\u00e8s s'\u00eatre connect\u00e9 \u00e0 en tant que webgoat, un cookie est ajout\u00e9. 65432ubphcfx<br/>Apr\u00e8s s'\u00eatre connect\u00e9 en tant que aspect, un cookie est ajout\u00e9. 65432udfqtb<br/>Existe-t-il des similarit\u00e9s entre le cookie et les noms de login ?
#RemoteAdminFlaw.java
RemoteAdminFlawHint1=WebGoat a 2 interfaces d'admin.
RemoteAdminFlawHint2=WebGoat a une interface d'admin qui est contr\u00f4l\u00e9e via un param\u00e8tre d'URL et est 'attaquable'
RemoteAdminFlawHint3=WebGoat a une interface d'admin qui est contr\u00f4l\u00e9e par des contraintes de s\u00e9curit\u00e9 c\u00f4t\u00e9 serveur, et ne devrait pas \u00eatre 'attaquable'
RemoteAdminFlawHint4=Follow the Source!
RemoteAdminFlawHint5=En cas de succ\u00e8s, vous verrez appara\u00eetre de nouveaux sous-menus sous l'entr\u00e9e 'Admin Functions'
#PathBasedAccessControl.java
CurrentDirectory=R\u00e9pertoire courant :
ChooseFileToView=Choisissez le fichier \u00e0 visualiser :
ViewFile=Voir le fichier
AccessDenied=Acc\u00e8s refus\u00e9
ItAppears1=Vous \u00eates sur la bonne voie. Les commandes pouvant compromettre le syst\u00e8me d'exploitation ont \u00e9t\u00e9 d\u00e9sactiv\u00e9es. Vous \u00eates seulement autoris\u00e9 \u00e0 visualiser un fichier dans ce r\u00e9pertoire.
ItAppears2=Vous \u00eates sur la bonne voie. Les commandes pouvant compromettre le syst\u00e8me d'exploitation ont \u00e9t\u00e9 d\u00e9sactiv\u00e9es. Vous \u00eates seulement autoris\u00e9 \u00e0 visualiser les fichiers dans le r\u00e9pertoire webgoat.
CongratsAccessToFileAllowed=F\u00e9licitations ! Acc\u00e8s au fichier autoris\u00e9
FileInAllowedDirectory=Le fichier est d\u00e9j\u00e0 dans un r\u00e9pertoire autoris\u00e9 - essayez \u00e0 nouveau !
AccessToFileDenied1=Acc\u00e8s au fichier/r\u00e9pertoire "
AccessToFileDenied2=" refus\u00e9
FileTooLarge=Le fichier est trop volumineux
FileBinary=Le fichier est binaire
TheFollowingError=L'erreur suivante est intervenue lors de l'acc\u00e8s au fichier : <
PathBasedAccessControlInstr1=L'utilisateur '
PathBasedAccessControlInstr2=' a acc\u00e8s \u00e0 tous les fichiers du r\u00e9pertoire lesson_plans/English directory. Essayez de tromper le m\u00e9canisme de contr\u00f4le d'acc\u00e8s et d'acc\u00e9der \u00e0 une ressource ext\u00e9rieure au r\u00e9pertoire list\u00e9. Un ressource int\u00e9ressante \u00e0 obtenir peut \u00eatre un fichier tel que tomcat/conf/tomcat-users.xml. Souvenez-vous que les chemins d'acc\u00e8s seront diff\u00e9rents si vous utilisez les sources WebGoat.
ErrorGenerating=Error generating
ViewingFile=Fichier visualis\u00e9:
File=Fichier:
Dir=R\u00e9pertoire :
IsFile= - isFile() :
Exists= - exists() :
PathBasedAccessControlHint1=La plupart des syst\u00e8mes d'exploitation autorise les caract\u00e8res sp\u00e9ciaux dans un chemin.
PathBasedAccessControlHint2=Utilisez un explorateur de fichiers pour trouver the tomcat\\webapps\\WebGoat\\lesson_plans directory");
PathBasedAccessControlHint3=Essayez .. dans le chemin
PathBasedAccessControlHint4=Essayez ..\\..\\..\\LICENSE
#CommandInjection.java
Command=Commande
CommandInjectionRightTrack1=Vous \u00eates sur la bonne voie. Les commandes pouvant compromettre le syst\u00e8me d'exploitation ont \u00e9t\u00e9 d\u00e9sactiv\u00e9es. Les commandes suivantes sont autoris\u00e9es : netstat -a, dir, ls, ifconfig, and ipconfig.
CommandInjectionRightTrack2=Vous \u00eates sur la bonne voie. Les commandes pouvant compromettre le syst\u00e8me d'exploitation ont \u00e9t\u00e9 d\u00e9sactiv\u00e9es. Cette le\u00e7on est une le\u00e7on sur l'injection de commande, pas sur le contr\u00f4le d'acc\u00e8s.
YouAreCurrentlyViewing=Vous \u00eates en train de visualiser :
SelectFileFromListBelow=S\u00e9lectionnez un fichier depuis la liste ci-dessous
SelectLessonPlanToView=S\u00e9lectionnez le plan de le\u00e7on \u00e0 visualiser :
View=Voir
CommandInjectionHint1=L'application utilise une commande syst\u00e8me pour retourner le contenu d'un fichier.
CommandInjectionHint2=L'esperluette(&) s\u00e9pare les commandes dans le shell de commandes de Windows 2000. Sous Unix, le s\u00e9parateur est g\u00e9n\u00e9ralement un point-virgule(;)
CommandInjectionHint3=Utilisez un proxy pour ins\u00e9rer & netstat -a sous Windows or ;netstat -a sous Unix.
CommandInjectionHint4=Notez que le serveur peut encadrer le fichier soumis par des guillements
#NumericSqlInjection.java
NumericSqlInjectionSecondStage=Pas capable de r\u00e9ussir \u00e0 nouveau ! La le\u00e7on a d\u00e9tect\u00e9 votre attaque r\u00e9ussie et a maintenant bascul\u00e9 en mode d\u00e9fensif. Essayez \u00e0 nouveau d'attaquer une requ\u00eate param\u00e9tr\u00e9e.
NoResultsMatched=Aucun r\u00e9sultat retourn\u00e9. Essayez \u00e0 nouveau.
NumericSqlInjectionSecondStage2=Maintenant que vous avez r\u00e9alis\u00e9 une injection SQL avec succ\u00e8s, essayer le m\u00eame type d'attaque sur une requ\u00eate param\u00e9tr\u00e9e.
ErrorParsingAsNumber=Erreur lors de l'interpr\u00e9tation de station comme valeur num\u00e9rique :
SelectYourStation=S\u00e9lectionnez votre station m\u00e9t\u00e9o locale :
SqlNumericInjectionHint1=L'application r\u00e9cup\u00e8re la valeur sp\u00e9cifi\u00e9e depuis la liste d\u00e9roulante et l'ins\u00e8re \u00e0 la fin d'une commande SQL pr\u00e9-form\u00e9e.
SqlNumericInjectionHint2=Voici le code de la requ\u00eate assembl\u00e9e et ex\u00e9cut\u00e9e par WebGoat :<br><br>"SELECT * FROM weather_data WHERE station = " + station
SqlNumericInjectionHint3=Les commandes SQL compos\u00e9es peuvent \u00eatre assembl\u00e9es en associant de multiples conditions au moyen de mots-cl\u00e9 tels que AND et OR. Essayez d'assembler une commande qui sera toujours r\u00e9solue \u00e0 vrai.
SqlNumericInjectionHint4=Essayez d'intercepter la requ\u00eate post avec ZAP, et remplacez la valeur du param\u00e8tre station par [ 101 OR 1 = 1 ].
#StringSqlInjection.java
StringSqlInjectionSecondStage=Maintenant que vous avez r\u00e9alis\u00e9 une injection SQL avec succ\u00e8s, essayer le m\u00eame type d'attaque sur une requ\u00eate param\u00e9tr\u00e9e. Red\u00e9marrez la le\u00e7on si vous souhaitez revenir \u00e0 la requ\u00eate injectable.
EnterLastName=Entrez votre nom :
NoResultsMatched=Aucun r\u00e9sultat correspondant. Essayez encore.
SqlStringInjectionHint1=L'application r\u00e9cup\u00e8re votre saisie et l'ins\u00e8re \u00e0 la fin d'une commande SQL pr\u00e9-form\u00e9e.
SqlStringInjectionHint2=Voici le code de la requ\u00eate assembl\u00e9e et ex\u00e9cut\u00e9e par WebGoat :<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=Les commandes SQL compos\u00e9es peuvent \u00eatre assembl\u00e9es en associant de multiples conditions au moyen de mots-cl\u00e9 tels que AND et OR. Essayez d'assembler une condition qui sera toujours r\u00e9solue \u00e0 vrai.
SqlStringInjectionHint4=Essayez de saisir [ smith' OR '1' = '1 ].
#LogSpoofing.java
LoginFailedForUserName=Login failed for username
LoginSucceededForUserName=LOGIN SUCCEEDED FOR USERNAME
LogSpoofingHint1=Essayez de tromper l'\u0153il humain en utilisant de nouvelles lignes.
LogSpoofingHint2=Utilisez CR (%0d) et LF (%0a) pour une nouvelle ligne.
LogSpoofingHint3=Essayez : Smith%0d%0aLogin Succeeded for username: admin
LogSpoofingHint4=Essayez : Smith%0d%0aLogin Succeeded for username: admin&lt;script&gt;alert(document.cookie)&lt;/script&gt;
#StoredXss.java
StoredXssHint1=Vous pouvez utiliser des tags HTML dans votre message.
StoredXssHint1=Dissimulez un tag SCRIPT dns le message afin d'attaquer quiconque le lira.
StoredXssHint1=Entrez : &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; dans le champ message.
StoredXssHint1=Entrez : &lt;script&gt;alert(document.cookie);&lt;/script&gt; dans le champ message.
MessageContentsFor=Contenu du message pour
Title=Titre
PostedBy=Post\u00e9 par
CouldNotFindMessage=Impossible de trouver ce message
Message=Message
MessageList=Liste de Messages
CouldNotAddMessage=Impossible d'ajouter un message \u00e0 la base de donn\u00e9es
ErroGeneratingMessageList=Erreur lors de la r\u00e9cup\u00e9ration de la liste de messages.
#ReflectedXSS.java
ReflectedXSSWhoops1=Whoops! Vous avez saisi
ReflectedXSSWhoops2= au lieu de votre code de trois digits. Veuillez essayez \u00e0 nouveau.
ShoppingCart=Panier
ShoppingCartItems=Articles du panier -- To Buy Now
Price=Prix
Quantity=Quantit\u00e9
Total=Total
TotalChargedCreditCard=Le montant pr\u00e9lev\u00e9 sur votre carte de cr\u00e9dit
UpdateCart=UpdateCart
EnterCreditCard=Entrez votre num\u00e9ro de carte de cr\u00e9dit
Enter3DigitCode=Entrez votre code d'acc\u00e8s de trois digits
Purchase=Acheter
ReflectedXSSHint1=Un script simple est &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.
ReflectedXSSHint2=Pouvez-vous r\u00e9v\u00e9ler le cookie JSESSIONID au moyen du script ?
ReflectedXSSHint3=Vous pouvez utiliser &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; pour acc\u00e9der au session id du cookie
ReflectedXSSHint4=Pouvez-vous acc\u00e9der au champ carte de cr\u00e9dit du formulaire depuis le script ?
ReflectedXSSHint5=Essayez une commande de cross site trace (XST) :<br>&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1){var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); document.write(str1);}&lt;/script&gt;");
#HtmlClues.java
HtmlCluesBINGO=BINGO -- admin authentifi\u00e9
HtmlCluesHint1=Vous pouvez visualiser les sources HTML en s\u00e9lectionnant 'Afficher le code source' depuis les menus du navigateur.
HtmlCluesHint2=De nombreux indices sont pr\u00e9sents dans le code HTML
HtmlCluesHint3=Recherchez le mot HIDDEN, \u00e9tudiez les URL, recherchez les commentaires.
#JavaScriptValidation.java
3LowerCase=Champ1 : exactement trois caract\u00e8res miniscules
Exactly3Digits=Champ2 : exactement trois digits
LettersNumbersSpaceOnly=Champ3 : lettres, nombres et espace seulement
EnumerationOfNumbers=Champ4 : \u00e9numeration de nombres
SimpleZipCode=Champ5 : code postal simple
ZIPDashFour=Champ6 : zip with optional dash four
USPhoneNumber=Champ7 : num\u00e9ro de t\u00e9l\u00e9phone US avec ou sans tiret(s)
ServerSideValidationViolation=Violation de la validation c\u00f4t\u00e9 serveur : You succeeded for
JavaScriptValidationHint1=La validation s'op\u00e8re dans votre navigateur.
JavaScriptValidationHint2=Essayez de modifier les valeurs au moyen d'un proxy apr\u00e8s soumission depuis le navigateur
JavaScriptValidationHint3=Une autre approche est de supprimer le JavaScript avant de visualiser la page.
#HiddenFieldTampering.java
TotalPriceIs=Votre montant total est de
ThisAmountCharged=Ce montant sera d\u00e9bit\u00e9 sur votre carte de cr\u00e9dit imm\u00e9diatement.
HiddenFieldTamperingHint1=Cette application utilise des champs cach\u00e9s pour transmettre des informations de tarification au serveur.
HiddenFieldTamperingHint2=Utilisez un programme pour intercepter et modifier la valeur du champ cach\u00e9.
HiddenFieldTamperingHint3=Utilisez <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">ZAP</A> pour modifier le prix de la TV de "
HiddenFieldTamperingHint32= \u00e0
# Modify data with SQL Injection
EnterUserid=Entrez votre userid :
SqlModifyDataHint1=Vous pouvez utiliser l'injection SQL pour ex\u00e9cuter plus d'une instruction SQL.
SqlModifyDataHint2=Utilisez le point-virgule (;) pour s\u00e9parer les instructions SQL.
SqlModifyDataHint3=Modifiez les donn\u00e9es en utilisant une instruction SQL UPDATE.
SqlModifyDataHint4=Pour des d\u00e9tails et des exemples d'utilisation d'instructions SQL UPDATE, consultez <A href=\"http://www.w3schools.com/SQl/sql_update.asp\">http://www.w3schools.com/SQl/sql_update.asp</A>
SqlModifyDataHint5=SOLUTION :<br/>foo'; UPDATE salaries SET salary=9999999 WHERE userid='jsmith
# Modify data with SQL Injection
SqlAddDataHint1=Vous pouvez utiliser l'injection SQL pour ex\u00e9cuter plus d'une instruction SQL.
SqlAddDataHint2=Utilisez le point-virgule (;) pour s\u00e9parer les instructions SQL. Vous aurez \u00e9galement besoin de commenter certains caract\u00e8res pr\u00e9sents apr\u00e8s l'injection avec un double tiret (--).
SqlAddDataHint3=Modifiez les donn\u00e9es en utilisant une instruction SQL INSERT.
SqlAddDataHint4=Pour des d\u00e9tails et des exemples d'utilisation d'instructions SQL INSERT, consultez <A href=\"http://www.w3schools.com/SQl/sql_insert.asp\">http://www.w3schools.com/SQl/sql_insert.asp</A>
SqlAddDataHint5=SOLUTION :<br/>bar'; INSERT INTO salaries VALUES ('cwillis', 999999); --
# Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=Vous devez r\u00e9activer le champ de formulaire d\u00e9sactiv\u00e9 ou ajouter manuellement le param\u00e8tre correspondant \u00e0 votre requ\u00eate.
BypassHtmlFieldRestrictionsHint2=Vous pouvez utiliser <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">ZAP</A> pour intercepter et modifier les requ\u00eates.
BypassHtmlFieldRestrictionsHint3=Plut\u00f4t que d'utiliser <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">ZAP</A>, vous pouvez utiliser <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> et/ou l'extension Firefox <A href=\"https://addons.mozilla.org/en-US/firefox/addon/hackbar/\">Hackbar</a> pour mener \u00e0 bien cette le\u00e7on.

216
src/main/resources/WebGoatLabels_ru.properties
View File

@ -5,219 +5,3 @@ SolutionVideos=\u0412\u0438\u0434\u0435\u043e \u0441 \u0440\u0435\u0448\u0435\u0
ErrorGenerating=\u041f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0430
InvalidData=\u041d\u0435\u0432\u0435\u0440\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435
#HttpBasics.java
EnterYourName=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0432\u0430\u0448\u0435 \u0438\u043c\u044f
Go!=\u0412\u043f\u0435\u0440\u0451\u0434!
#BasicAuthentication.java
BasicAuthHeaderNameIncorrect=\u0418\u043c\u044f \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u043e\u0431\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043e \u043d\u0435\u0432\u0435\u0440\u043d\u043e.
BasicAuthHeaderValueIncorrect=\u0417\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 \u043e\u0431\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043e \u043d\u0435\u0432\u0435\u0440\u043d\u043e.
BasicAuthenticationWhatIsNameOfHeader=\u041a\u0430\u043a\u043e\u0435 \u0438\u043c\u044f \u0443 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438:
BasicAuthenticationWhatIsDecodedValueOfHeader=\u041a\u0430\u043a\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 (\u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435) \u0443 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438:
Submit=\u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c
BasicAuthenticationGreenStars1=\u0417\u0430\u043a\u0440\u043e\u0439\u0442\u0435 \u0432\u0430\u0448 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u0438 \u0432\u043e\u0439\u0434\u0438\u0442\u0435 \u043a\u0430\u043a
BasicAuthenticationGreenStars2= \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431 \u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432\u0430\u0448\u0438 \u0437\u0435\u043b\u0451\u043d\u044b\u0435 \u043e\u0442\u043c\u0435\u0442\u043a\u0438.
BasicAuthenticationStage1Completed=\u041f\u043e\u0437\u0434\u0440\u0430\u0432\u043b\u044f\u0435\u043c, \u0432\u044b \u043f\u043e\u043d\u044f\u043b\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0440\u0430\u0431\u043e\u0442\u044b \u043e\u0431\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.&nbsp;&nbsp;- \u0422\u0435\u043f\u0435\u0440\u044c \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u043f\u044b\u0442\u0430\u0442\u044c\u0441\u044f \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0442\u0430\u043a, \u0447\u0442\u043e\u0431 WebGoat \u0440\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043b \u0432\u0430\u0441 \u043a\u0430\u043a: &nbsp;&nbsp;&nbsp;&nbsp;- \u0438\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f: basic &nbsp;&nbsp;&nbsp;&nbsp;- \u043f\u0430\u0440\u043e\u043b\u044c: basic. \u0412\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435\u0441\u044c \u043c\u0435\u043d\u044e \u043e\u0431\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431 \u043e\u043a\u0430\u0437\u0430\u0442\u044c\u0441\u044f \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u0432\u0445\u043e\u0434\u0430.
BasicAuthenticationAlmostThere1=\u0412\u044b \u043f\u043e\u0447\u0442\u0438 \u0442\u0430\u043c! \u0412\u044b \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0438
BasicAuthenticationAlmostThere2= \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a, \u043d\u043e \u0432\u044b \u0432\u0441\u0451 \u0435\u0449\u0451 \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0435\u0441\u044c \u0432\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043a\u0430\u043a
BasicAuthenticationAlmostThere3=. \u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u043d\u0430 \u0437\u0430\u043f\u0440\u043e\u0441 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a \u0432\u044b \u0443\u043a\u0430\u0437\u0430\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f 'basic' \u0438 \u043e\u0442\u043e\u0441\u043b\u0430\u043b\u0438 \u0435\u0433\u043e. \u0417\u0430\u043f\u043e\u043c\u043d\u0438\u0442\u0435 \u043f\u043e\u0440\u044f\u0434\u043e\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u0432\u0451\u043b \u043a \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044e \u0441 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439.
BasicAuthenticationReallyClose=\u0412\u044b \u043f\u043e\u0447\u0442\u0438 \u0443 \u0446\u0435\u043b\u0438! \u0418\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 cookies \u0441\u0435\u0441\u0441\u0438\u0438 \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0435\u0440\u0432\u0435\u0440 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u0430\u0441 \u043d\u043e\u0432\u0443\u044e \u0441\u0435\u0441\u0441\u0438\u044e. \u042d\u0442\u043e \u043d\u0435 \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442 \u0435\u0433\u043e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0430\u0441 \u0437\u0430\u043d\u043e\u0432\u043e. \u041a\u043e\u0433\u0434\u0430 \u0432\u044b \u043f\u043e\u0439\u043c\u0451\u0442\u0435 \u043a\u0430\u043a \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0432\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0442\u043e \u0441\u043c\u043e\u0436\u0435\u0442\u0435 \u0432\u043e\u0439\u0442\u0438 \u043a\u0430\u043a:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;\u0438\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f: basic<br> &nbsp;&nbsp;&nbsp;&nbsp;\u043f\u0430\u0440\u043e\u043b\u044c: basic<br>
BasicAuthenticationUseTheHints=\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0438! \u0422\u043e\u043b\u044c\u043a\u043e \u043f\u043e \u043e\u0434\u043d\u043e\u0439...
BasicAuthenticationHint1=\u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 cookie \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u0430. \u0421\u043c\u043e\u0442\u0440\u0438\u0442\u0435 cookies \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u043d\u0451\u043c \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f.
BasicAuthenticationHint2=\u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 Base64 \u0434\u043b\u044f \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0432\u0432\u0435\u0434\u0451\u043d\u043d\u044b\u0445 " + "\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043e\u0434\u043d\u0443 \u0441\u0442\u0440\u043e\u043a\u0443.
BasicAuthenticationHint3=\u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 cookies \u0441 \u0438\u043c\u0435\u043d\u0435\u043c 'Authorization' " + "\u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0442\u043e\u0433\u043e \u0447\u0442\u043e \u0432\u0432\u0451\u043b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c.
BasicAuthenticationHint4=\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 WebScarab -> Tools -> Transcoder \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431 \u0440\u0430\u0441\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u0437 Base64 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0445 \u0432\u0430\u043c cookie.
BasicAuthenticationHint5=\u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 cookie \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u0430. \u0421\u043c\u043e\u0442\u0440\u0438\u0442\u0435 cookies \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u043d\u0451\u043c \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f.
BasicAuthenticationHint6=\u041f\u0435\u0440\u0435\u0434 \u0442\u0435\u043c \u043a\u0430\u043a \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0437\u0430\u043f\u0440\u043e\u0441\u0438\u0442 \u043b\u043e\u0433\u0438\u043d \u0438 \u043f\u0430\u0440\u043e\u043b\u044c \u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043e\u043d \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0442\u0435\u043a\u0443\u0449\u0443\u044e \u0441\u0435\u0441\u0441\u0438\u044e \u0432 \u043d\u0430\u0434\u0435\u0436\u0434\u0435 \u043d\u0430 \u0442\u043e \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0443\u0436\u0435 \u0432\u043e\u0448\u0451\u043b \u0440\u0430\u043d\u0435\u0435.
BasicAuthenticationHint7=\u0415\u0441\u043b\u0438 \u0442\u0435\u043a\u0443\u0449\u0430\u044f \u0441\u0435\u0441\u0441\u0438\u044f \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0445 \u043e \u0442\u043e\u043c \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0443\u0436\u0435 \u0432\u043e\u0448\u0451\u043b, \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438
BasicAuthenticationHint8=\u0415\u0441\u043b\u0438 \u0442\u0435\u043a\u0443\u0449\u0430\u044f \u0441\u0435\u0441\u0441\u0438\u044f \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0445 \u043e \u0442\u043e\u043c \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0443\u0436\u0435 \u0432\u043e\u0448\u0451\u043b, \u0430 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0435\u0432\u0435\u0440\u043d\u044b, \u043a\u043b\u0438\u0435\u043d\u0442\u0443 \u0443\u0439\u0434\u0451\u0442 \u043d\u043e\u0432\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0432\u0432\u043e\u0434 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043f\u0430\u0440\u043e\u043b\u044f.
BasicAuthenticationHint9=\u041f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u0435 \u0437\u0430\u043f\u0440\u043e\u0441 \u0438 \u0438\u0441\u043f\u043e\u0440\u0442\u044c\u0442\u0435 cookie JSESSIONID \u0438 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a Authorization.
#WeakAuthenticationCookie.java
InvalidCookie=\u041d\u0435\u0432\u0435\u0440\u043d\u044b\u0435 cookie
IdentityRemembered=\u0421\u0435\u0440\u0432\u0435\u0440 \u0437\u0430\u043f\u043e\u043c\u043d\u0438\u043b \u0434\u0430\u043d\u043d\u044b\u0435 \u043e \u0432\u0430\u0448\u0435\u0439 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438
InvalidUsernameAndPassword=\u041d\u0435\u0432\u0435\u0440\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u043d\u044b \u043b\u043e\u0433\u0438\u043d \u0438 \u043f\u0430\u0440\u043e\u043b\u044c
UserName=\u0418\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f
Password=\u041f\u0430\u0440\u043e\u043b\u044c
Login=\u041b\u043e\u0433\u0438\u043d
RequiredFields=\u041e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u044f
WeakAuthenticationCookiePleaseSignIn=\u041f\u043e\u0436\u0430\u043b\u0443\u0439\u0441\u0442\u0430, \u0432\u043e\u0439\u0434\u0438\u0442\u0435 \u043f\u043e\u0434 \u0441\u0432\u043e\u0438\u043c \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u043e\u043c. \u0421\u043c\u043e\u0442\u0440\u0438\u0442\u0435 OWASP admin \u0435\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 \u0435\u0433\u043e \u043d\u0435\u0442.
SignIn=\u0412\u043e\u0439\u0442\u0438
PasswordForgotten=\u0414\u043e\u0441\u0432\u0438\u0434\u0430\u043d\u0438\u044f! \u0412\u0430\u0448 \u043f\u0430\u0440\u043e\u043b\u044c \u0437\u0430\u043f\u043e\u043c\u043d\u0435\u043d
WelcomeUser=\u0414\u043e\u0431\u0440\u043e \u043f\u043e\u0436\u0430\u043b\u043e\u0432\u0430\u044c,
YouHaveBeenAuthenticatedWith=\u0412\u044b \u0431\u044b\u043b\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441
Logout=\u0412\u044b\u0439\u0442\u0438
Refresh=\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u044c
WeakAuthenticationCookieHints1=\u0421\u0435\u0440\u0432\u0435\u0440 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c cookie \u0435\u0441\u043b\u0438 \u0432 \u043d\u0438\u0445 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432\u0435\u0440\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435
WeakAuthenticationCookieHints2=\u041c\u043e\u0436\u043d\u043e \u043b\u0438 \u0443\u0433\u0430\u0434\u0430\u0442\u044c \u043b\u043e\u0433\u0438\u043d \u0438 \u043f\u0430\u0440\u043e\u043b\u044c \u0438\u0437 AuthCookie?
WeakAuthenticationCookieHints3=\u0414\u043e\u0431\u0430\u0432\u044c\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a 'Cookie:' \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>.
WeakAuthenticationCookieHints4=\u041f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a \u0432\u044b \u0432\u043e\u0448\u043b\u0438 \u043f\u043e\u0434 \u0438\u043c\u0435\u043d\u0435\u043c webgoat \u0443 \u0432\u0430\u0441 \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c \u043d\u043e\u0432\u044b\u0435 cookie \u0441\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\u043c '65432ubphcfx'<br/>\u041f\u043e\u0441\u043b\u0435 \u0432\u0445\u043e\u0434\u0430 \u043f\u043e\u0434 \u0438\u043c\u0435\u043d\u0435\u043c aspect \u0443 \u0432\u0430\u0441 \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c \u043d\u043e\u0432\u044b\u0435 cookie \u0441\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\u043c '65432udfqtb'<br/>\u0415\u0441\u0442\u044c \u043b\u0438 \u0447\u0442\u043e-\u0442\u043e \u043e\u0431\u0449\u0435\u0435 \u043c\u0435\u0436\u0434\u0443 cookies \u0438 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u043c\u0438 \u043b\u043e\u0433\u0438\u043d\u0430\u043c\u0438?
#RemoteAdminFlaw.java
RemoteAdminFlawHint1=WebGoat \u0438\u043c\u0435\u0435\u0442 2 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f
RemoteAdminFlawHint2=WebGoat \u0438\u043c\u0435\u0435\u0442 \u043e\u0434\u0438\u043d \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0442 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e URL-\u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e '\u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c'
RemoteAdminFlawHint3=WebGoat \u0438\u043c\u0435\u0435\u0442 \u043e\u0434\u0438\u043d \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0445 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0438 \u0435\u0433\u043e \u043d\u0435\u043b\u044c\u0437\u044f '\u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c'
RemoteAdminFlawHint4=\u0421\u043b\u0435\u0434\u0443\u0439\u0442\u0435 \u0437\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u043c!
RemoteAdminFlawHint5=\u041f\u0440\u0438 \u0443\u0434\u0430\u0447\u043d\u043e\u0439 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0432\u044b \u0443\u0432\u0438\u0434\u0438\u0442\u0435 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u043c\u0435\u043d\u044e 'Admin Functions' \u0441 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c\u0438 \u0432\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0443\u043d\u043a\u0442\u0430\u043c\u0438.
#PathBasedAccessControl.java
CurrentDirectory=\u0422\u0435\u043a\u0443\u0449\u0430\u044f \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044f:
ChooseFileToView=\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u0444\u0430\u0439\u043b \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430:
ViewFile=\u041f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0444\u0430\u0439\u043b
AccessDenied=\u0414\u043e\u0441\u0442\u0443\u043f \u0437\u0430\u043f\u0440\u0435\u0449\u0451\u043d
ItAppears1=\u0412\u044b \u043d\u0430 \u0432\u0435\u0440\u043d\u043e\u043c \u043f\u0443\u0442\u0438. \u041a\u043e\u043c\u0430\u043d\u0434\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u044b. \u0412\u0430\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e \u043b\u0438\u0448\u044c \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043f\u043e \u043e\u0434\u043d\u043e\u043c\u0443 \u0444\u0430\u0439\u043b\u0443 \u0438\u0437 \u0434\u0430\u043d\u043d\u043e\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438.
ItAppears2=\u0412\u044b \u043d\u0430 \u0432\u0435\u0440\u043d\u043e\u043c \u043f\u0443\u0442\u0438. \u041a\u043e\u043c\u0430\u043d\u0434\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u044b. \u0412\u0430\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e \u043b\u0438\u0448\u044c \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043f\u043e \u043e\u0434\u043d\u043e\u043c\u0443 \u0444\u0430\u0439\u043b\u0443 \u0438\u0437 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 WebGoat.
CongratsAccessToFileAllowed=\u041f\u043e\u0437\u0434\u0440\u0430\u0432\u043b\u044f\u0435\u043c! \u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0443 \u043f\u043e\u043b\u0443\u0447\u0435\u043d
FileInAllowedDirectory=\u0424\u0430\u0439\u043b \u0443\u0436\u0435 \u0432 \u0440\u0430\u0437\u0440\u0435\u0448\u0451\u043d\u043d\u043e\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 - \u043f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0435\u0449\u0451 \u0440\u0430\u0437!
AccessToFileDenied1=\u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0443/\u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 "
AccessToFileDenied2=" \u0437\u0430\u043f\u0440\u0435\u0449\u0451\u043d
FileTooLarge=\u0424\u0430\u0439\u043b \u043e\u0447\u0435\u043d\u044c \u0431\u043e\u043b\u044c\u0448\u043e\u0439
FileBinary=\u042d\u0442\u043e \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0439 \u0444\u0430\u0439\u043b
TheFollowingError=\u041f\u0440\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0443 \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430: <
PathBasedAccessControlInstr1=\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c '
PathBasedAccessControlInstr2=' \u0438\u043c\u0435\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u043e \u0432\u0441\u0435\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 lesson_plans/English. \u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u043e\u0431\u043e\u0439\u0442\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u0432\u043d\u0435 \u0434\u0430\u043d\u043d\u043e\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438. \u041f\u043e\u0441\u043b\u0435 \u0432\u044b\u0431\u043e\u0440\u0430 \u0444\u0430\u0439\u043b\u0430 WebGoat \u0441\u043e\u043e\u0431\u0449\u0438\u0442 \u0432\u0430\u043c \u0435\u0441\u043b\u0438 \u043a \u043d\u0435\u043c\u0443 \u0435\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f. \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u043e\u043c \u0432 \u0434\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0444\u0430\u0439\u043b tomcat/conf/tomcat-users.xml
ErrorGenerating=\u041f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0430
ViewingFile=\u041f\u0440\u043e\u0441\u043c\u043e\u0442\u0440 \u0444\u0430\u0439\u043b\u0430:
File=\u0424\u0430\u0439\u043b:
Dir=\u0414\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044f:
IsFile= - isFile():
Exists= - exists():
PathBasedAccessControlHint1=\u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u044b \u043f\u0440\u0438 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0438 \u043f\u0443\u0442\u0435\u0439.
PathBasedAccessControlHint2=\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0439 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u043d\u0430\u0439\u0442\u0438 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e tomcat\\webapps\\WebGoat\\lesson_plans");
PathBasedAccessControlHint3=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u043f\u043e\u043c\u0435\u0441\u0442\u0438\u0442\u044c .. \u0432 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u0443\u0442\u044c
PathBasedAccessControlHint4=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0432\u0432\u0435\u0441\u0442\u0438 ..\\..\\..\\LICENSE
#CommandInjection.java
Command=\u041a\u043e\u043c\u0430\u043d\u0434\u0430
CommandInjectionRightTrack1=\u0412\u044b \u043d\u0430 \u0432\u0435\u0440\u043d\u043e\u043c \u043f\u0443\u0442\u0438. \u041a\u043e\u043c\u0430\u043d\u0434\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u044b. \u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u044b: netstat -a, dir, ls, ifconfig, \u0438 ipconfig.
CommandInjectionRightTrack2=\u0412\u044b \u043d\u0430 \u0432\u0435\u0440\u043d\u043e\u043c \u043f\u0443\u0442\u0438. \u041a\u043e\u043c\u0430\u043d\u0434\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u044b. \u0414\u0430\u043d\u043d\u044b\u0439 \u0443\u0440\u043e\u043a \u0441\u0432\u044f\u0437\u0430\u043d \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421, \u043d\u0435 \u0441 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0430.
YouAreCurrentlyViewing=\u0412 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0432\u044b \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u0442\u0435:
SelectFileFromListBelow=\u0432\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u0444\u0430\u0439\u043b \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 \u043d\u0438\u0436\u0435
SelectLessonPlanToView=\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u043f\u043b\u0430\u043d \u0443\u0440\u043e\u043a\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430:
View=\u041f\u0440\u043e\u0441\u043c\u043e\u0442\u0440
CommandInjectionHint1=\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043b\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430.
CommandInjectionHint2=\u0410\u043c\u043f\u0435\u0440\u0441\u0430\u043d\u0434(&) \u0440\u0430\u0437\u0434\u0435\u043b\u044f\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0435 Windows 2000. \u0412 Unix \u0442\u0430\u043a\u0438\u043c \u0440\u0430\u0437\u0434\u0435\u043b\u0438\u0442\u0435\u043b\u0435\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u043e\u0447\u043a\u0430 \u0441 \u0437\u0430\u043f\u044f\u0442\u043e\u0439(;)
CommandInjectionHint3=\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431 \u0432\u0441\u0442\u0430\u0432\u0438\u0442\u044c '& netstat -a' \u043d\u0430 Windows \u0438\u043b\u0438 ';netstat -a' \u043d\u0430 Unix.
CommandInjectionHint4=\u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0432 \u043a\u0430\u0432\u044b\u0447\u043a\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0435 \u0438\u043c\u044f \u0444\u0430\u0439\u043b\u0430.
#NumericSqlInjection.java
NumericSqlInjectionSecondStage=\u0414\u0435\u0440\u0436\u0443 \u043f\u0430\u0440\u0438 \u0432\u044b \u043d\u0435 \u0441\u043c\u043e\u0436\u0435\u0442\u0435 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u044d\u0442\u043e \u0441\u043d\u043e\u0432\u0430! \u042d\u0442\u043e\u0442 \u0443\u0440\u043e\u043a \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b \u0432\u0430\u0448\u0443 \u0443\u0434\u0430\u0447\u043d\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u0430\u0442\u0430\u043a\u0438 \u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0438\u043b\u0441\u044f \u0432 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u0439 \u0440\u0435\u0436\u0438\u043c \u0437\u0430\u0449\u0438\u0442\u044b. \u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430.
NoResultsMatched=\u041d\u0435\u0442 \u0441\u043e\u0432\u043f\u0430\u0434\u0435\u043d\u0438\u0439. \u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0441\u043d\u043e\u0432\u0430.
NumericSqlInjectionSecondStage2=\u0412\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0434\u0430\u043d\u043d\u0443\u044e SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e. \u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0442\u043e\u0436\u0435 \u0441\u0430\u043c\u043e\u0435 \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u043c.
ErrorParsingAsNumber=\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u043e\u0437\u0438\u0446\u0438\u0438 \u043a\u0430\u043a \u0447\u0438\u0441\u043b\u0430:
SelectYourStation=\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u0432\u0430\u0448\u0443 \u043c\u0435\u0441\u0442\u043d\u0443\u044e \u043f\u043e\u0433\u043e\u0434\u043d\u0443\u044e \u0441\u0442\u0430\u043d\u0446\u0438\u044e:
SqlNumericInjectionHint1=\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0431\u0435\u0440\u0451\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0438\u0437 \u0432\u044b\u043f\u0430\u0434\u0430\u044e\u0449\u0435\u0433\u043e \u0441\u043f\u0438\u0441\u043a\u0430 \u0438 \u0432\u0441\u0438\u0430\u0432\u043e\u044f\u0435\u0438 \u0435\u0433\u043e \u0432 \u043a\u043e\u043d\u0435\u0446 \u0437\u0430\u0440\u0430\u043d\u0435\u0435 \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u0430.
SqlNumericInjectionHint2=\u0412\u043e\u0442 \u043a\u043e\u0434 \u0437\u0430\u043f\u0440\u043e\u0441\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f WebGoat`\u043e\u043c:<br><br>"SELECT * FROM weather_data WHERE station = " + \u0441\u0442\u0430\u043d\u0446\u0438\u044f
SqlNumericInjectionHint3=\u0426\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0434\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0442\u0430\u043a\u0438\u0445 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0445 \u0441\u043b\u043e\u0432 \u043a\u0430\u043a AND \u0438 OR. \u041f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0442\u0430\u043a\u043e\u0435 SQL-\u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0431\u0443\u0434\u0435\u0442 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0442\u044c \u0438\u0441\u0442\u0438\u043d\u0443.
SqlNumericInjectionHint4=\u041f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c POST-\u0437\u0430\u043f\u0440\u043e\u0441 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e WebScarab \u0438 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u0435 \u0438\u043c\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u0438 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435\u043c [ 101 OR 1 = 1 ].
#StringSqlInjection.java
StringSqlInjectionSecondStage=\u0422\u0435\u043f\u0435\u0440\u044c, \u043a\u043e\u0433\u0434\u0430 \u0432\u0430\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0443\u0434\u0430\u0447\u043d\u043e \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e, \u043f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u044d\u0442\u043e \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u043c. \u041d\u0430\u0447\u043d\u0438\u0442\u0435 \u0443\u0440\u043e\u043a \u0437\u0430\u043d\u043e\u0432\u043e \u0435\u0441\u043b\u0438 \u0432\u044b \u0445\u043e\u0442\u0438\u0442\u0435 \u0432\u043d\u043e\u0432\u044c \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0435 \u043f\u043e\u043b\u0435.
EnterLastName=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0432\u0430\u0448\u0443 \u0444\u0430\u043c\u0438\u043b\u0438\u044e:
NoResultsMatched=\u041d\u0435\u0442 \u0441\u043e\u0432\u043f\u0430\u0434\u0435\u043d\u0438\u0439. \u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0441\u043d\u043e\u0432\u0430.
SqlStringInjectionHint1=\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0431\u0435\u0440\u0451\u0442 \u0442\u043e \u0447\u0442\u043e \u0432\u044b \u0432\u0432\u043e\u0434\u0438\u0442\u0435 \u0438 \u0432\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0432 \u043a\u043e\u043d\u0435\u0446 \u0437\u0430\u0440\u0430\u043d\u0435\u0435 \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u0430.
SqlStringInjectionHint2=\u0412\u043e\u0442 \u043a\u043e\u0434 \u0437\u0430\u043f\u0440\u043e\u0441\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f WebGoat`\u043e\u043c:<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=\u0426\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0434\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0442\u0430\u043a\u0438\u0445 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0445 \u0441\u043b\u043e\u0432 \u043a\u0430\u043a AND \u0438 OR. \u041f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0442\u0430\u043a\u043e\u0435 SQL-\u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0431\u0443\u0434\u0435\u0442 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0442\u044c \u0438\u0441\u0442\u0438\u043d\u0443.
SqlStringInjectionHint4=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0432\u0432\u0435\u0441\u0442\u0438 [ smith' OR '1' = '1 ].
#LogSpoofing.java
LoginFailedForUserName=\u0412\u0445\u043e\u0434 \u0437\u0430\u0432\u0435\u0440\u0448\u0438\u043b\u0441\u044f \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e \u0434\u043b\u044f \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f
LoginSucceededForUserName=\u0412\u0425\u041e\u0414 \u0423\u0421\u041f\u0415\u0428\u041d\u041e \u041e\u0421\u0423\u0429\u0415\u0421\u0422\u0412\u041b\u0401\u041d \u041f\u041e\u041b\u042c\u0417\u041e\u0412\u0410\u0422\u0415\u041b\u0415\u041c
LogSpoofingHint1=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u043e\u0431\u043c\u0430\u043d\u0443\u0442\u044c \u0447\u0435\u043b\u043e\u0432\u0435\u0447\u0435\u0441\u043a\u0438\u0439 \u0433\u043b\u0430\u0437 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u043e\u0432\u044b\u0435 \u0441\u0442\u0440\u043e\u043a\u0438.
LogSpoofingHint2=\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u044b CR (%0d) \u0438 LF (%0a) \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u044b\u0445 \u0441\u0442\u0440\u043e\u043a.
LogSpoofingHint3=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435: Smith%0d%0a\u0412\u0445\u043e\u0434 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0451\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c: admin
LogSpoofingHint4=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435: Smith%0d%0a\u0412\u0445\u043e\u0434 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0451\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c: admin&lt;script&gt;alert(document.cookie)&lt;/script&gt;
#StoredXss.java
StoredXssHint1=\u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u043f\u044b\u0442\u0430\u0442\u044c\u0441\u044f \u043f\u043e\u043c\u0435\u0441\u0442\u0438\u0442\u044c HTML-\u0442\u0435\u0433\u0438 \u0432 \u0432\u0430\u0448\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435.
StoredXssHint2=\u0412\u043f\u0438\u0448\u0438\u0442\u0435 \u0442\u0435\u0433 SCRIPT \u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u043a\u0430\u0436\u0434\u043e\u0433\u043e, \u043a\u0442\u043e \u0435\u0433\u043e \u043f\u0440\u043e\u0447\u0442\u0451\u0442.
StoredXssHint3=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0432\u0432\u0435\u0441\u0442\u0438: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; \u0432 \u043f\u043e\u043b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f.
StoredXssHint4=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0432\u0432\u0435\u0441\u0442\u0438: &lt;script&gt;alert(document.cookie);&lt;/script&gt; \u0432 \u043f\u043e\u043b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f.
MessageContentsFor=\u0421\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0434\u043b\u044f
Title=\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435
PostedBy=\u041e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e
CouldNotFindMessage=\u041d\u0435 \u043c\u043e\u0433\u0443 \u043d\u0430\u0439\u0442\u0438 \u044d\u0442\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435
Message=\u0421\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435
MessageList=\u0421\u043f\u0438\u0441\u043e\u043a \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439
CouldNotAddMessage=\u041d\u0435 \u043c\u043e\u0433\u0443 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u0432 \u0431\u0430\u0437\u0443
ErroGeneratingMessageList=\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u0440\u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0438 \u0441\u043f\u0438\u0441\u043a\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439
#ReflectedXSS.java
ReflectedXSSWhoops1=\u0423\u043f\u0441! \u0412\u044b \u0432\u043e\u0448\u043b\u0438
ReflectedXSSWhoops2= \u0432\u043c\u0435\u0441\u0442\u043e \u043a\u043e\u0434\u0430 \u0438\u0437 \u0442\u0440\u0451\u0445 \u0446\u0438\u0444\u0440. \u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0435\u0449\u0451 \u0440\u0430\u0437.
ShoppingCart=\u041a\u043e\u0440\u0437\u0438\u043d\u0430
ShoppingCartItems=\u041f\u0440\u0435\u0434\u043c\u0435\u0442\u044b \u0432 \u043a\u043e\u0440\u0437\u0438\u043d\u0435 -- \u041a\u0443\u043f\u0438\u0442\u044c \u0441\u0435\u0439\u0447\u0430\u0441
Price=\u0426\u0435\u043d\u0430
Quantity=\u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e
Total=\u0412\u0441\u0435\u0433\u043e
TotalChargedCreditCard=\u041e\u0431\u0449\u0430\u044f \u0441\u0443\u043c\u043c\u0430 \u0441\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c\u0430\u044f \u0441 \u0432\u0430\u0448\u0435\u0439 \u043a\u0440\u0435\u0434\u0438\u0442\u043d\u043e\u0439 \u043a\u0430\u0440\u0442\u044b
UpdateCart=\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043a\u043e\u0440\u0437\u0438\u043d\u0443
EnterCreditCard=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u043d\u043e\u043c\u0435\u0440 \u0432\u0430\u0448\u0435\u0439 \u043a\u0440\u0435\u0434\u0438\u0442\u043d\u043e\u0439 \u043a\u0430\u0440\u0442\u044b
Enter3DigitCode=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0432\u0430\u0448 \u0442\u0440\u0451\u0445\u0437\u043d\u0430\u0447\u043d\u044b\u0439 \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043a\u043e\u0434
Purchase=\u041f\u0440\u0438\u043e\u0431\u0440\u0435\u0441\u0442\u0438
ReflectedXSSHint1=\u041f\u0440\u043e\u0441\u0442\u0435\u0439\u0448\u0438\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 - &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.
ReflectedXSSHint2=\u041c\u043e\u0436\u0435\u0442\u0435 \u043b\u0438 \u0432\u044b \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u044e\u0449\u0438\u0439 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 cookie JSESSIONID?
ReflectedXSSHint3=\u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431 \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0441\u0435\u0441\u0441\u0438\u0438
ReflectedXSSHint4=\u041c\u043e\u0436\u0435\u0442\u0435 \u043b\u0438 \u0432\u044b \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0431\u044b \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u043b\u044e \u0441 \u043d\u043e\u043c\u0435\u0440\u043e\u043c \u043a\u0440\u0435\u0434\u0438\u0442\u043d\u043e\u0439 \u043a\u0430\u0440\u0442\u044b?
ReflectedXSSHint5=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043c\u0435\u0442\u043e\u0434\u043e\u043c TRACE (cross site trace, XST) :<br>&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1){var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); document.write(str1);}&lt;/script&gt;");
#HtmlClues.java
HtmlCluesBINGO=\u0411\u0418\u041d\u0413\u041e -- \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440 \u0432\u043e\u0448\u0451\u043b
HtmlCluesHint1=\u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 HTML-\u043a\u043e\u0434 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0432\u044b\u0431\u0440\u0430\u0432 \u043f\u0443\u043d\u043a\u0442 '\u0418\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434' \u0432 \u043c\u0435\u043d\u044e \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430.
HtmlCluesHint2=\u041e\u0447\u0435\u043d\u044c \u043c\u043d\u043e\u0433\u043e \u0437\u0430\u0446\u0435\u043f\u043e\u043a \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432\u043d\u0443\u0442\u0440\u0438 HTML-\u043a\u043e\u0434\u0430
HtmlCluesHint3=\u0418\u0449\u0438\u0442\u0435 \u0441\u043b\u043e\u0432\u043e HIDDEN, \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u043d\u0430 \u0441\u0441\u044b\u043b\u043a\u0438, \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u043d\u0430 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0438.
#JavaScriptValidation.java
3LowerCase=\u041f\u043e\u043b\u0435 1: \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u0440\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u0430 \u043d\u0438\u0436\u043d\u0435\u0433\u043e \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430
Exactly3Digits=\u041f\u043e\u043b\u0435 2: \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u0440\u0438 \u0446\u0438\u0444\u0440\u044b
LettersNumbersSpaceOnly=\u041f\u043e\u043b\u0435 3: \u0442\u043e\u043b\u044c\u043a\u043e \u0431\u0443\u043a\u0432\u044b, \u0446\u0438\u0444\u0440\u044b \u0438 \u043f\u0440\u043e\u0431\u0435\u043b\u044b
EnumerationOfNumbers=\u041f\u043e\u043b\u0435 4: \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0435 \u043d\u043e\u043c\u0435\u0440\u043e\u0432
SimpleZipCode=\u041f\u043e\u043b\u0435 5: \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u043a\u043e\u0434
ZIPDashFour=\u041f\u043e\u043b\u0435 6: \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043d\u0435\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0447\u0435\u0442\u044b\u0440\u044c\u043c\u044f \u0442\u0438\u0440\u0435
USPhoneNumber=\u041f\u043e\u043b\u0435 7: \u041d\u043e\u043c\u0435\u0440 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430 \u0432 US \u0441 \u0438\u043b\u0438 \u0431\u0435\u0437 \u0442\u0438\u0440\u0435
ServerSideValidationViolation=\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430: \u0412\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e
JavaScriptValidationHint1=\u0412\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u0448\u043b\u0430 \u0432 \u0432\u0430\u0448\u0435\u043c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435.
JavaScriptValidationHint2=\u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0435\u0440\u0435\u0434 \u0442\u0435\u043c \u043a\u0430\u043a \u043e\u043d\u0438 \u0443\u0439\u0434\u0443\u0442 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443.
JavaScriptValidationHint3=\u0415\u0449\u0451 \u043e\u0434\u0438\u043d \u0432\u0430\u0440\u0438\u0430\u043d\u0442 - \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043c\u0435\u0448\u0430\u044e\u0449\u0435\u0433\u043e\u0441\u044f JavaScript-\u043a\u043e\u0434\u0430 \u0438\u0437 \u0442\u0435\u043b\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043f\u0435\u0440\u0435\u0434 \u0442\u0435\u043c \u043a\u0430\u043a \u043e\u043d\u0430 \u043e\u0442\u043e\u0431\u0440\u0430\u0437\u0438\u0442\u0441\u044f \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435.
#HiddenFieldTampering.java
TotalPriceIs=\u041e\u0431\u0449\u0430\u044f \u0441\u0443\u043c\u043c\u0430
ThisAmountCharged=\u0414\u0430\u043d\u043d\u0430\u044f \u0441\u0443\u043c\u043c\u0430 \u0431\u0443\u0434\u0435\u0442 \u0441\u043f\u0438\u0441\u0430\u043d\u0430 \u0441 \u0432\u0430\u0448\u0435\u0439 \u043a\u0440\u0435\u0434\u0438\u0442\u043d\u043e\u0439 \u043a\u0430\u0440\u0442\u044b \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e.
HiddenFieldTamperingHint1=\u0414\u0430\u043d\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u043a\u0440\u044b\u0442\u044b\u0435 \u043f\u043e\u043b\u044f \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0446\u0435\u043d\u0435 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.
HiddenFieldTamperingHint2=\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0441\u043a\u0440\u044b\u0442\u044b\u0445 \u043f\u043e\u043b\u0435\u0439.
HiddenFieldTamperingHint3=\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0434\u0434\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0446\u0435\u043d\u0443 TV \u0441 "
HiddenFieldTamperingHint32= \u043d\u0430
# Modify data with SQL Injection
EnterUserid=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0432\u0430\u0448 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u043d\u043e\u043c\u0435\u0440:
SqlModifyDataHint1=\u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0441\u0440\u0430\u0437\u0443.
SqlModifyDataHint2=\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0442\u043e\u0447\u043a\u0443 \u0441 \u0437\u0430\u043f\u044f\u0442\u043e\u0439(;) \u0434\u043b\u044f \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u044f SQL-\u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0439.
SqlModifyDataHint3=\u0418\u0437\u043c\u0435\u043d\u044f\u0439\u0442\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c SQL-\u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u044f UPDATE.
SqlModifyDataHint4=\u0414\u043b\u044f \u0431\u043e\u043b\u0435\u0435 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u0441 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435\u043c UPDATE \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 <A href=\"http://www.w3schools.com/SQl/sql_update.asp\">http://www.w3schools.com/SQl/sql_update.asp</A>
SqlModifyDataHint5=\u0420\u0415\u0428\u0415\u041d\u0418\u0415:<br/>foo'; UPDATE salaries SET salary=9999999 WHERE userid='jsmith
# Modify data with SQL Injection
SqlAddDataHint1=\u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0441\u0440\u0430\u0437\u0443.
SqlAddDataHint2=\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0442\u043e\u0447\u043a\u0443 \u0441 \u0437\u0430\u043f\u044f\u0442\u043e\u0439(;) \u0434\u043b\u044f \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u044f SQL-\u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0439. \u0412\u0430\u043c \u0442\u0430\u043a\u0436\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043e\u0441\u0442\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u043e\u0442 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u044b \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0434\u0432\u043e\u0439\u043d\u043e\u0433\u043e \u0442\u0438\u0440\u0435 (--).
SqlAddDataHint3=\u0418\u0437\u043c\u0435\u043d\u044f\u0439\u0442\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c SQL-\u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u044f INSERT.
SqlAddDataHint4=\u0414\u043b\u044f \u0431\u043e\u043b\u0435\u0435 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u0441 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435\u043c INSERT \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 <A href=\"http://www.w3schools.com/SQl/sql_insert.asp\">http://www.w3schools.com/SQl/sql_insert.asp</A>
SqlAddDataHint5=\u0420\u0415\u0428\u0415\u041d\u0418\u0415:<br/>bar'; INSERT INTO salaries VALUES ('cwillis', 999999); --
# Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=\u0412\u044b \u0434\u043e\u043b\u0436\u043d\u044b \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044f \u0444\u043e\u0440\u043c\u044b \u0438\u043b\u0438 \u0432\u0440\u0443\u0447\u043d\u0443\u044e \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0432 \u0437\u0430\u043f\u0440\u043e\u0441.
BypassHtmlFieldRestrictionsHint2=\u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445.
BypassHtmlFieldRestrictionsHint3=\u041f\u0435\u0440\u0435\u0434 \u0442\u0435\u043c \u043a\u0430\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u043c\u0438 \u0434\u043b\u044f Firefox - <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> \u0438/\u0438\u043b\u0438 <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a>.