diff --git a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties index de917dc3a..4f0d9f649 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties +++ b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties @@ -14,6 +14,8 @@ sql-injection.error=Sorry, this solution is not sql-injection.2.success=You have succeded! sql-injection.2.failed=Something went wrong! You got no results, check your SQL Statement and the table above +sql-injection.error=Sorry, this solution is not correct. Try again! + NoResultsMatched=No results matched. Try Again. SqlInjectionChallengeHint1=The Table Name is randomized at each start of Webgoat, try to figure out the name first. @@ -68,21 +70,21 @@ sql-injection.8.no.results=No employee found with matching lastname. Or maybe yo sql-injection.9.success=Well done! Now you're earning the most money. And at the same time you successfully compromised the integrity of data by changing the salary! {0} sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data. -SqlStringInjectionHint8-1=The application is taking your input and inserting the values into the variables 'name' and 'auth_tan' of the pre-formed SQL command. -SqlStringInjectionHint8-2=Compound SQL statements can be made by expanding the WHERE clause of the statement with keywords like AND and OR. -SqlStringInjectionHint8-3=Try appending a SQL statement that always resolves to true. -SqlStringInjectionHint8-4=Make sure all quotes (" ' ") are opened and closed properly so the resulting SQL query is syntactically correct. -SqlStringInjectionHint8-5=Try extending the WHERE clause of the statement by adding something like: ' OR '1' = '1. +SqlStringInjectionHint.8.1=The application is taking your input and inserting the values into the variables 'name' and 'auth_tan' of the pre-formed SQL command. +SqlStringInjectionHint.8.2=Compound SQL statements can be made by expanding the WHERE clause of the statement with keywords like AND and OR. +SqlStringInjectionHint.8.3=Try appending a SQL statement that always resolves to true. +SqlStringInjectionHint.8.4=Make sure all quotes (" ' ") are opened and closed properly so the resulting SQL query is syntactically correct. +SqlStringInjectionHint.8.5=Try extending the WHERE clause of the statement by adding something like: ' OR '1' = '1. -SqlStringInjectionHint9-1=Try to find a way, to chain another query to the end of the existing one. -SqlStringInjectionHint9-2=Use the ; metacharacter to do so. -SqlStringInjectionHint9-3=Make use of DML to change your salary. -SqlStringInjectionHint9-4=Make sure that the resulting query is syntactically correct. -SqlStringInjectionHint9-5=How about something like '; UPDATE employees.... +SqlStringInjectionHint.9.1=Try to find a way, to chain another query to the end of the existing one. +SqlStringInjectionHint.9.2=Use the ; metacharacter to do so. +SqlStringInjectionHint.9.3=Make use of DML to change your salary. +SqlStringInjectionHint.9.4=Make sure that the resulting query is syntactically correct. +SqlStringInjectionHint.9.5=How about something like '; UPDATE employees.... -SqlStringInjectionHint10-1=Use the techniques that you have learned before. -SqlStringInjectionHint10-2=The application takes your input and filters for entries that are LIKE it. -SqlStringInjectionHint10-3=Try query chaining to reach the goal. -SqlStringInjectionHint10-4=The DDL allows you to delete (DROP) database tables. -SqlStringInjectionHint10-5=The underlying sql query looks like that: "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'". -SqlStringInjectionHint10-6=Remember that you can use the -- metacharacter to comment out the rest of the line. \ No newline at end of file +SqlStringInjectionHint.10.1=Use the techniques that you have learned before. +SqlStringInjectionHint.10.2=The application takes your input and filters for entries that are LIKE it. +SqlStringInjectionHint.10.3=Try query chaining to reach the goal. +SqlStringInjectionHint.10.4=The DDL allows you to delete (DROP) database tables. +SqlStringInjectionHint.10.5=The underlying sql query looks like that: "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'". +SqlStringInjectionHint.10.6=Remember that you can use the -- metacharacter to comment out the rest of the line. \ No newline at end of file