dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restructured the baseline to remove extra src/main directory structure. Added eclipes project file

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64@gmail.com
2012-11-19 23:57:51 +00:00
parent fb938e0933
commit 6a96547ef0
1204 changed files with 85 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

193
src/main/resources/New Lesson Instructions.txt
View File

@ -1,193 +0,0 @@
Detailed instructions for adding a lesson
All you have to do is implement the abstract methods in LessonAdapter.
Follow the outline below.
WebGoat uses the Element Construction Set from the Jakarta project.
You should read up on the API for ECS at
http://jakarta.apache.org/site/downloads/downloads_ecs.cgi.
In addition you can look at the other lessons for examples of how to use the ECS.
Step 1: Set up the framework
import java.util.*;
import org.apache.ecs.*;
import org.apache.ecs.html.*;
// Add copyright text - use text from another lesson
public class NewLesson extends LessonAdapter
{
protected Element createContent(WebSession s)
{
return( new StringElement( "Hello World" ) );
}
public String getCategory()
{
}
protected List getHints()
{
}
protected String getInstructions()
{
}
protected Element getMenuItem()
{
}
protected Integer getRanking()
{
}
public String getTitle()
{
}
}
Step 2: Implement createContent
Creating the content for a lesson is fairly simple. There are two main parts:
(1) handling the input from the user's last request,
(2) generating the next screen for the user.
This all happens within the createContent method. Remember that each lesson
should be handled on a single page, so you'll need to design your lesson to
work that way. A good generic pattern for the createContent method is shown
below:
// define a constant for the field name
private static final String INPUT = "input";
protected Element createContent(WebSession s)
{
ElementContainer ec = new ElementContainer();
try
{
// get some input from the user -- see ParameterParser
// for details
String userInput = s.getParser().getStringParameter(INPUT, "");
// do something with the input
// -- SQL query?
// -- Runtime.exec?
// -- Some other dangerous thing
// generate some output -- a string and an input field
ec.addElement(new StringElement("Enter a string: "));
ec.addElement( new Input(Input.TEXT, INPUT, userInput) );
// Tell the lesson tracker the lesson has completed.
// This should occur when the user has 'hacked' the lesson.
makeSuccess(s);
}
catch (Exception e)
{
s.setMessage("Error generating " + this.getClass().getName());
e.printStackTrace();
}
return (ec);
}
ECS is quite powerful -- see the Encoding lesson for an example of how
to use it to create a table with rows and rows of output.
Step 3: Implement the other methods
The other methods in the LessonAdapter class help the lesson plug into
the overall WebGoat framework. They are simple and should only take a
few minutes to implement.
public String getCategory()
{
// The default category is "General" Only override this
// method if you wish to create a new category or if you
// wish this lesson to reside within a category other the
// "General"
return( "NewCategory" ); // or use an existing category
}
protected List getHints()
{
// Hints will be returned to the user in the order they
// appear below. The user must click on the "next hint"
// button before the hint will be displayed.
List hints = new ArrayList();
hints.add("A general hint to put users on the right track");
hints.add("A hint that gives away a little piece of the problem");
hints.add("A hint that basically gives the answer");
return hints;
}
protected String getInstructions()
{
// Instructions will rendered as html and will appear below
// the area and above the actual lesson area.
// Instructions should provide the user with the general setup
// and goal of the lesson.
return("The text that goes at the top of the page");
}
protected Element getMenuItem()
{
// This is the text of the link that will appear on
// the left hand menus under the appropriate category.
// Their is a limited amount of horizontal space in
// this area before wrapping will occur.
return( "MyLesson" );
}
protected Integer getRanking()
{
// The ranking denotes the order in which the menu item
// will appear in menu list for each category. The lowest
// number will appear as the first lesson.
return new Integer(10);
}
public String getTitle()
{
// The title of the lesson. This will appear above the
// control area at the top of the page. This field will
// be rendered as html.
return ("My Lesson's Short Title");
}
Step 4: Build and test
Once you've implemented your new lesson, you can test the lesson by
starting the Tomcat server (within Eclipse). See the
"readme.txt" document in the WebGoat root.
Step 5: Create the lesson plan
All WebGoat lessons have a lesson plan that describes the goals of the lesson.
Create a lesson plan and put it in lesson_plans folder for each supported language.
Step 6: Give back to the community
If you've come up with a lesson that you think helps to teach people about
web application security, please contribute it by sending it to the people
who maintain the WebGoat application.
Thanks!
The WebGoat Team.

227
src/main/resources/WebGoatLabels_english.properties
View File

@ -1,227 +0,0 @@
#General
LessonCompleted=Congratulations. You have successfully completed this lesson.
RestartLesson=Restart this Lesson
SolutionVideos=Solution Videos
ErrorGenerating=Error generating
InvalidData=Invalid Data
#HttpBasics.java
EnterYourName=Enter your Name
Go!=Go!
#BasicAuthentication.java
BasicAuthHeaderNameIncorrect=Basic Authentication header name is incorrect.
BasicAuthHeaderValueIncorrect=Basic Authentication header value is incorrect.
BasicAuthenticationWhatIsNameOfHeader=What is the name of the authentication header:
BasicAuthenticationWhatIsDecodedValueOfHeader=What is the decoded value of the authentication header:
Submit=Submit
BasicAuthenticationGreenStars1=Close your browser and login as
BasicAuthenticationGreenStars2= to get your green stars back.
BasicAuthenticationStage1Completed=Congratulations, you have figured out the mechanics of basic authentication.  - Now you must try to make WebGoat reauthenticate you as:     - username: basic     - password: basic. Use the Basic Authentication Menu to start at login page.
BasicAuthenticationAlmostThere1=You're almost there! You've modified the
BasicAuthenticationAlmostThere2= header but you are still logged in as
BasicAuthenticationAlmostThere3=. Look at the request after you typed in the 'basic' user credentials and submitted the request. Remember the order of events that occur during Basic Authentication.
BasicAuthenticationReallyClose=You're really close! Changing the session cookie caused the server to create a new session for you. This did not cause the server to reauthenticate you. When you figure out how to force the server to perform an authentication request, you have to authenticate as:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;user name: basic<br> &nbsp;&nbsp;&nbsp;&nbsp;password: basic<br>
BasicAuthenticationUseTheHints=Use the hints! One at a time...
BasicAuthenticationHint1=Basic authentication uses a cookie to pass the credentials. Use a proxy to intercept the request. Look at the cookies.
BasicAuthenticationHint2=Basic authentication uses Base64 encoding to 'scramble' the " + "user's login credentials.
BasicAuthenticationHint3=Basic authentication uses 'Authorization' as the cookie name to " + "store the user's credentials.
BasicAuthenticationHint4=Use WebScarab -> Tools -> Transcoder to Base64 decode the value in the Authorization cookie.
BasicAuthenticationHint5=Basic authentication uses a cookie to pass the credentials. Use a proxy to intercept the request. Look at the cookies.
BasicAuthenticationHint6=Before the WebServer requests credentials from the client, the current session is checked for validitity.
BasicAuthenticationHint7=If the session is invalid the webserver will use the basic authentication credentials
BasicAuthenticationHint8=If the session is invalid and the basic authentication credentials are invalid, new credentials will be requested from the client.
BasicAuthenticationHint9=Intercept the request and corrupt the JSESSIONID and the Authorization header.
#WeakAuthenticationCookie.java
InvalidCookie=Invalid cookie
IdentityRemembered=Your identity has been remembered
InvalidUsernameAndPassword=Invalid username and password entered.
UserName=User Name
Password=Password
Login=Login
RequiredFields=Required Fields
WeakAuthenticationCookiePleaseSignIn=Please sign in to your account. See the OWASP admin if you do not have an account.
SignIn=Sign in
PasswordForgotten=Goodbye! Your password has been forgotten
WelcomeUser=Welcome,
YouHaveBeenAuthenticatedWith=You have been authenticated with
Logout=Logout
Refresh=Refresh
WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>.
WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names?
#RemoteAdminFlaw.java
RemoteAdminFlawHint1=WebGoat has 2 admin interfaces.
RemoteAdminFlawHint2=WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'
RemoteAdminFlawHint3=WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'
RemoteAdminFlawHint4=Follow the Source!
RemoteAdminFlawHint5=On success you will see new submenu items in the menupoint 'Admin Functions'
#PathBasedAccessControl.java
CurrentDirectory=Current Directory is:
ChooseFileToView=Choose the file to view:
ViewFile=View File
AccessDenied=Access denied
ItAppears1=It appears that you are on the right track. Commands that may compromise the operating system have been disabled. You are only allowed to see one file in this directory.
ItAppears2=It appears that you are on the right track. Commands that may compromise the operating system have been disabled. You are only allowed to see files in the webgoat directory.
CongratsAccessToFileAllowed=Congratulations! Access to file allowed
FileInAllowedDirectory=File is already in allowed directory - try again!
AccessToFileDenied1=Access to file/directory "
AccessToFileDenied2=" denied
FileTooLarge=File is too large
FileBinary=File is binary
TheFollowingError=The following error occurred while accessing the file: <
PathBasedAccessControlInstr1=The '
PathBasedAccessControlInstr2=' user has access to all the files in the lesson_plans/English directory. Try to break the access control mechanism and access a resource that is not in the listed directory. After selecting a file to view, WebGoat will report if access to the file was granted. An interesting file to try and obtain might be a file like tomcat/conf/tomcat-users.xml. Remember that file paths will be different if using the WebGoat source.
ErrorGenerating=Error generating
ViewingFile=Viewing file:
File=File:
Dir=Dir:
IsFile= - isFile():
Exists= - exists():
PathBasedAccessControlHint1=Most operating systems allow special characters in the path.
PathBasedAccessControlHint2=Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory");
PathBasedAccessControlHint3=Try .. in the path
PathBasedAccessControlHint4=Try ..\\..\\..\\LICENSE
#CommandInjection.java
Command=Command
CommandInjectionRightTrack1=It appears that you are on the right track. Commands that may compromise the operating system have been disabled. The following commands are allowed: netstat -a, dir, ls, ifconfig, and ipconfig.
CommandInjectionRightTrack2=It appears that you are on the right track. Commands that may compromise the operating system have been disabled. This lesson is a command injection lesson, not access control.
YouAreCurrentlyViewing=You are currently viewing:
SelectFileFromListBelow=select file from list below
SelectLessonPlanToView=Select the lesson plan to view:
View=View
CommandInjectionHint1=The application is using a system command to return the contents of a file.
CommandInjectionHint2=The ampersand(&) separates commands in the Windows 2000 command shell. In Unix the separator is typically a semi-colon(;)
CommandInjectionHint3=Use a proxy to insert & netstat -a on Windows or ;netstat -a on Unix.
CommandInjectionHint4=Note that the server may enclose the submitted file name within quotes
#NumericSqlInjection.java
NumericSqlInjectionSecondStage=Bet you can't do it again! This lesson has detected your successful attack and has now switched to a defensive mode. Try again to attack a parameterized query.
NoResultsMatched=No results matched. Try Again.
NumericSqlInjectionSecondStage2=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query.
ErrorParsingAsNumber=Error parsing station as a number:
SelectYourStation=Select your local weather station:
SqlNumericInjectionHint1=The application is taking the input from the select box and inserts it at the end of a pre-formed SQL command.
SqlNumericInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br>"SELECT * FROM weather_data WHERE station = " + station
SqlNumericInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true.
SqlNumericInjectionHint4=Try to intercept the post request with WebScarab and replace the station with [ 101 OR 1 = 1 ].
#StringSqlInjection.java
StringSqlInjectionSecondStage=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query. Restart the lesson if you wish to return to the injectable query.
EnterLastName=Enter your last name:
NoResultsMatched=No results matched. Try Again.
SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command.
SqlStringInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true
SqlStringInjectionHint4=Try entering [ smith' OR '1' = '1 ].
#LogSpoofing.java
LoginFailedForUserName=Login failed for username
LoginSucceededForUserName=LOGIN SUCCEEDED FOR USERNAME
LogSpoofingHint1=Try to fool the human eye by using new lines.
LogSpoofingHint2=Use CR (%0d) and LF (%0a) for a new line.
LogSpoofingHint3=Try: Smith%0d%0aLogin Succeeded for username: admin
LogSpoofingHint4=Try: Smith%0d%0aLogin Succeeded for username: admin&lt;script&gt;alert(document.cookie)&lt;/script&gt;
#StoredXss.java
StoredXssHint1=You can put HTML tags in your message.
StoredXssHint1=Bury a SCRIPT tag in the message to attack anyone who reads it.
StoredXssHint1=Enter this: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; in the message field.
StoredXssHint1=Enter this: &lt;script&gt;alert(document.cookie);&lt;/script&gt; in the message field.
MessageContentsFor=Message Contents For
Title=Title
PostedBy=Posted by
CouldNotFindMessage=Could not find this message
Message=Message
MessageList=Message List
CouldNotAddMessage=Could not add message to database
ErroGeneratingMessageList=Error while getting message list.
#ReflectedXSS.java
ReflectedXSSWhoops1=Whoops! You entered
ReflectedXSSWhoops2= instead of your three digit code. Please try again.
ShoppingCart=Shopping Cart
ShoppingCartItems=Shopping Cart Items -- To Buy Now
Price=Price
Quantity=Quantity
Total=Total
TotalChargedCreditCard=The total charged to your credit card
UpdateCart=UpdateCart
EnterCreditCard=Enter your credit card number
Enter3DigitCode=Enter your three digit access code
Purchase=Purchase
ReflectedXSSHint1=A simple script is &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.
ReflectedXSSHint2=Can you get the script to disclose the JSESSIONID cookie?
ReflectedXSSHint3=You can use &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; to access the session id cookie
ReflectedXSSHint4=Can you get the script to access the credit card form field?
ReflectedXSSHint5=Try a cross site trace (XST) Command:<br>&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1){var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); document.write(str1);}&lt;/script&gt;");
#HtmlClues.java
HtmlCluesBINGO=BINGO -- admin authenticated
HtmlCluesHint1=You can view the HTML source by selecting 'view source' in the browser menu.
HtmlCluesHint2=There are lots of clues in the HTML
HtmlCluesHint3=Search for the word HIDDEN, look at URLs, look for comments.
#JavaScriptValidation.java
3LowerCase=Field1: exactly three lowercase characters
Exactly3Digits=Field2: exactly three digits
LettersNumbersSpaceOnly=Field3: letters, numbers, and space only
EnumerationOfNumbers=Field4: enumeration of numbers
SimpleZipCode=Field5: simple zip code
ZIPDashFour=Field6: zip with optional dash four
USPhoneNumber=Field7: US phone number with or without dashes
ServerSideValidationViolation=Server side validation violation: You succeeded for
JavaScriptValidationHint1=The validation is happening in your browser.
JavaScriptValidationHint2=Try modifying the values with a proxy after they leave your browser
JavaScriptValidationHint3=Another way is to delete the JavaScript before you view the page.
#HiddenFieldTampering.java
TotalPriceIs=Your total price is
ThisAmountCharged=This amount will be charged to your credit card immediately.
HiddenFieldTamperingHint1=This application is using hidden fields to transmit price information to the server.
HiddenFieldTamperingHint2=Use a program to intercept and change the value in the hidden field.
HiddenFieldTamperingHint3=Use <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> to change the price of the TV from "
HiddenFieldTamperingHint32= to
# Modify data with SQL Injection
EnterUserid=Enter your userid:
SqlModifyDataHint1=You can use SQL Injection to execute more than one SQL statement.
SqlModifyDataHint2=Use a semicolon (;) to separate SQL statements.
SqlModifyDataHint3=Modify data using a SQL UPDATE Statement.
SqlModifyDataHint4=For details and examples for SQL UPDATE statements, see <A href=\"http://www.w3schools.com/SQl/sql_update.asp\">http://www.w3schools.com/SQl/sql_update.asp</A>
SqlModifyDataHint5=SOLUTION:<br/>foo'; UPDATE salaries SET salary=9999999 WHERE userid='jsmith
# Modify data with SQL Injection
SqlAddDataHint1=You can use SQL Injection to execute more than one SQL statement.
SqlAddDataHint2=Use a semicolon (;) to separate SQL statements. You will also need to comment out some characters that come after the injection with a double hyphen (--).
SqlAddDataHint3=Modify data using a SQL INSERT Statement.
SqlAddDataHint4=For details and examples for SQL INSERT statements, see <A href=\"http://www.w3schools.com/SQl/sql_insert.asp\">http://www.w3schools.com/SQl/sql_insert.asp</A>
SqlAddDataHint5=SOLUTION:<br/>bar'; INSERT INTO salaries VALUES ('cwillis', 999999); --
# Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=You must re-enable the disabled form field or manually add its parameter name to your request.
BypassHtmlFieldRestrictionsHint2=You can use <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> to intercept requests and make changes.
BypassHtmlFieldRestrictionsHint3=Rather than using <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>, you could instead use the <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> and/or <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a> Firefox extensions to complete this lesson.

206
src/main/resources/WebGoatLabels_german.properties
View File

@ -1,206 +0,0 @@
#General
LessonCompleted=Herzlichen Gl<47>ckwunsch! Sie haben diese Lektion erfolgreich abgeschlossen.
RestartLesson=Lektion neu beginnen
SolutionVideos=L<EFBFBD>sungsvideos
ErrorGenerating=Fehler beim Generieren von
InvalidData=Ung<EFBFBD>ltige Daten
#HttpBasics.java
EnterYourName=Geben Sie Ihren Namen ein
Go!=Los gehts!
#BasicAuthentication.java
BasicAuthHeaderNameIncorrect=Basic Authentication Header Name ist inkorrekt.
BasicAuthHeaderValueIncorrect=Basic Authentication Header Wert ist inkorrekt.
BasicAuthenticationWhatIsNameOfHeader=Was ist der Name des Authentication Header:
BasicAuthenticationWhatIsDecodedValueOfHeader=Was ist der dekodierte Wert des Authentication Header:
Submit=Abschicken
BasicAuthenticationGreenStars1=Schlie<EFBFBD>en Sie Ihren Browser und loggen sich Sich als
BasicAuthenticationGreenStars2= ein um Ihre gr<67>nen Sterne wiederzubekommen.
BasicAuthenticationStage1Completed=Herzlichen Gl<47>ckwunsch, Sie haben die Grundlagen von Basic Authentication verstanden - Jetzt versuchen Sie sich von WebGoat als: username: basic &nbsp;&nbsp;&nbsp;&nbsp;- password: basic authentisieren zu lassen. Benutzen Sie das Basic Authentication Menu um eine Login Seite zu <20>ffnen.
BasicAuthenticationAlmostThere1=Sie Sind fast da! Sie haben den
BasicAuthenticationAlmostThere2= Header manipuliert aber Sie sind immernoch als
BasicAuthenticationAlmostThere3= eingeloggt. Schauen Sie sich den Request an nachdem Sie die 'basic' Authentisierungsdaten eingetippt haben und die Anfrage abgeschickt haben. Halten Sie sich die Reihenfolge der Ereignisse die bei Basic Authentication eintreten vor Augen.
BasicAuthenticationReallyClose=Sie sind sehr nahe dran! Durch das <20>ndern des Session Cookie haben Sie den Server dazu gebracht eine neue Session f<>r Sie zu erstellen. Dies hat sie allerdings nicht re-authentisiert. Wenn Sie herausgefunden haben wie Sie den Server dazu zwingen k<>nnen Sie zu re-authentisieren dann authentisieren Sie sich als:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;user name: basic<br> &nbsp;&nbsp;&nbsp;&nbsp;password: basic<br>
BasicAuthenticationUseTheHints=Benutzen Sie die Hinweise! Einen nach dem anderen...
BasicAuthenticationHint1=Basic authentication uses a cookie to pass the credentials. Use a proxy to intercept the request. Look at the cookies.
BasicAuthenticationHint2=Basic authentication uses Base64 encoding to 'scramble' the " + "user's login credentials.
BasicAuthenticationHint3=Basic authentication uses 'Authorization' as the cookie name to " + "store the user's credentials.
BasicAuthenticationHint4=Use WebScarab -> Tools -> Transcoder to Base64 decode the value in the Authorization cookie.
BasicAuthenticationHint5=Basic authentication uses a cookie to pass the credentials. Use a proxy to intercept the request. Look at the cookies.
BasicAuthenticationHint6=Before the WebServer requests credentials from the client, the current session is checked for validitity.
BasicAuthenticationHint7=If the session is invalid the webserver will use the basic authentication credentials
BasicAuthenticationHint8=If the session is invalid and the basic authentication credentials are invalid, new credentials will be requested from the client.
BasicAuthenticationHint9=Intercept the request and corrupt the JSESSIONID and the Authorization header.
#WeakAuthenticationCookie.java
InvalidCookie=Ung<EFBFBD>ltiger Cookie!
IdentityRemembered=Ihre Identit<69>t wurde abgespeichert
InvalidUsernameAndPassword=Benutzername und Passwort ung<6E>ltig.
UserName=Benutzername
Password=Passwort
Login=Anmelden
RequiredFields=*Ben<65>tigte Felder
WeakAuthenticationCookiePleaseSignIn=Bitte melden Sie sich an. Kontaktieren Sie den OWASP Administrator wenn Sie keine Anmeldedaten haben.
SignIn=Anmeldung
PasswordForgotten=Auf Wiedersehen! Ihr Passwort wurde vergessen
WelcomeUser=Willkommen,
YouHaveBeenAuthenticatedWith=Sie wurden authentisiert mit
Logout=Abmelden
Refresh=Neu Laden
WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>.
WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names?
#RemoteAdminFlaw.java
RemoteAdminFlawHint1=WebGoat has 2 admin interfaces.
RemoteAdminFlawHint2=WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'
RemoteAdminFlawHint3=WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'
RemoteAdminFlawHint4=Follow the Source!
RemoteAdminFlawHint5=On success you will see new submenu items in the menupoint 'Admin Functions'
#PathBasedAccessControl.java
CurrentDirectory=Das aktuelle Verzeichnis ist:
ChooseFileToView=W<EFBFBD>hlen Sie die Datei zum Anzeigen:
ViewFile=Datei anzeigen
AccessDenied=Zugang verweigert
ItAppears1=Es scheint als w<>ren Sie auf dem richtigen Weg. Befehle die das Betriebssystem beeinflussen k<>nnten werden ignoriert. Sie d<>rfen nur eine Datei in diesem Verzeichnis anzeigen.
ItAppears2=Es scheint als w<>ren Sie auf dem richtigen Weg. Befehle die das Betriebssystem beeinflussen k<>nnten werden ignoriert. Sie d<>rfen nur Dateien im WebGoat Verzeichnis anzeigen.
CongratsAccessToFileAllowed=Herzlichen Gl<47>ckwunsch! Zugang zur Datei gew<65>hrt
FileInAllowedDirectory=Die Datei ist bereits in einem erlaubten Verzeichnis - Versuchen Sie es erneut!
AccessToFileDenied1=Zugang zu Datei/Verzeichnis "
AccessToFileDenied2=" verweigert
FileTooLarge=Datei ist zu gro<72>
FileBinary=Datei hat bin<69>r-Inhalt
TheFollowingError=Der folgende Fehler trat auf beim Zugriff auf die Datei: <
PathBasedAccessControlInstr1=Der '
PathBasedAccessControlInstr2=' Benutzer hat Zugriff auf alle Dateien im lesson_plans/English Verzeichnis. Versuchen Sie den Zugangsmechanismus zu brechen indem Sie auf eine Resource zugreifen die nicht im gelisteten Verzeichnis liegt. Nachdem Sie eine Datei ausgew<65>hlt haben, wird WebGoat Ihnen sagen ob Sie Zugriff darauf haben. Eine interessante Datei k<>nnte tomcat/conf/tomcat-users.xml sein.
ErrorGenerating=Fehler beim Generieren von
ViewingFile=Anzeige von Datei:
File=Datei:
Dir=Verzeichnis:
IsFile= - isFile() (ist eine Datei):
Exists= - exists() (existiert):
PathBasedAccessControlHint1=Most operating systems allow special characters in the path.
PathBasedAccessControlHint2=Use a file explorer to find the tomcat\\webapps\\WebGoat\\lesson_plans directory");
PathBasedAccessControlHint3=Try .. in the path
PathBasedAccessControlHint4=Try ..\\..\\..\\LICENSE
#CommandInjection.java
Command=Befehl
CommandInjectionRightTrack1=Es scheint, dass Sie auf dem richtigen Weg sind. Befehle die das Betriebssystem kompromittieren k<>nnen wurden deaktiviert. Die folgenden Befehle sind erlaubt: netstat -a, dir, ls, ifconfig und ipconfig.
CommandInjectionRightTrack2=Es scheint, dass Sie auf dem richtigen Weg sind. Befehle die das Betriebssystem kompromittieren k<>nnen wurden deaktiviert. In dieser Lektion geht es um das Einschleusen von Befehlen, nicht um Zugangskontrolle.
YouAreCurrentlyViewing=Sie betrachten gerade:
SelectFileFromListBelow=w<EFBFBD>hlen Sie eine Datei aus der Liste
SelectLessonPlanToView=W<EFBFBD>hlen Sie die zu betrachtende Lektion aus:
View=Anzeigen
CommandInjectionHint1=The application is using a system command to return the contents of a file.
CommandInjectionHint2=The ampersand(&) separates commands in the Windows 2000 command shell. In Unix the separator is typically a semi-colon(;)
CommandInjectionHint3=Use a proxy to insert & netstat -a on Windows or ;netstat -a on Unix.
CommandInjectionHint4=Note that the server may enclose the submitted file name within quotes
#NumericSqlInjection.java
NumericSqlInjectionSecondStage=Ich wette das k<>nnen Sie nicht wiederholen. Diese Lektion hat nun in einen defensiven Modus gewechselt. Versuchen Sie nun eine parametrisierte Anfrage anzugreifen.
NoResultsMatched=Keine Resultate gefunden. Versuchen Sie es erneut.
NumericSqlInjectionSecondStage2=Da sie nun erfolgreich eine SQL Injection durchgef<65>hrt haben, versuchen Sie denselben Typ von Angriff auf eine parametrisierte Anfrage.
ErrorParsingAsNumber=Fehler beim interpretieren der Wetterstationsnummer als Zahl:
SelectYourStation=W<EFBFBD>hlen Sie Ihre lokale Wetterstation aus:
SqlNumericInjectionHint1=The application is taking the input from the select box and inserts it at the end of a pre-formed SQL command.
SqlNumericInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br>"SELECT * FROM weather_data WHERE station = " + station
SqlNumericInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true.
SqlNumericInjectionHint4=Try to intercept the post request with WebScarab and replace the station with [ 101 OR 1 = 1 ].
#StringSqlInjection.java
StringSqlInjectionSecondStage=Da sie nun erfolgreich eine SQL Injection durchgef<65>hrt haben, versuchen Sie denselben Typ von Angriff auf eine parametrisierte Anfrage. Starten Sie Diese Lektion neu, wenn Sie zur verwundbaren SQL Anfrage gelangen m<>chten.
EnterLastName=Geben Sie Ihren Nachnamen ein:
NoResultsMatched=Keine Resultate gefunden, versuchen Sie es erneut
SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command.
SqlStringInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true
SqlStringInjectionHint4=Try entering [ smith' OR '1' = '1 ].
#LogSpoofing.java
LoginFailedForUserName=Login failed for username
LoginSucceededForUserName=LOGIN SUCCEEDED FOR USERNAME
LogSpoofingHint1=Versuchen Sie das menschliche Auge durch Einf<6E>gen von weiteren Zeilen zu verwirren
LogSpoofingHint2=Benutzen Sie CR (%0d) und LF (%0a) f<>r eine neue Zeile.
LogSpoofingHint3=Versuchen Sie: Smith%0d%0aLogin Succeeded for username: admin
LogSpoofingHint4=Versuchen Sie: Smith%0d%0aLogin Succeeded for username: admin&lt;script&gt;alert(document.cookie)&lt;/script&gt;
#StoredXss.java
StoredXssHint1=Sie k<>nnen HTML tags in Ihre Nachricht einbauen.
StoredXssHint1=Bauen Sie ein SCRIPT tag in Ihre Nachricht ein um jeden Anzugreifen der sie liest
StoredXssHint1=Geben Sie: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; in das Nachrichtenfeld ein.
StoredXssHint1=Geben Sie: &lt;script&gt;alert(document.cookie);&lt;/script&gt; in das Nachrichtenfeld ein.
MessageContentsFor=Nachrichteninhalt f<>r
Title=Titel
PostedBy=Geschrieben von
CouldNotFindMessage=Konnte diese Nachricht nicht finden
Message=Nachricht
MessageList=Nachrichtenliste
CouldNotAddMessage=Could not add message to database
ErroGeneratingMessageList=Error while getting message list.
#ReflectedXSS.java
ReflectedXSSWhoops1=Ups! Sie haben
ReflectedXSSWhoops2= anstatt des drei stelligen Codes eingegeben. Bitte versuchen Sie es erneut.
ShoppingCart=Warenkorb
ShoppingCartItems=Inhalt des Warenkorbs -- Jetzt kaufen
Price=Preis
Quantity=Menge
Total=Gesamt
TotalChargedCreditCard=Der Gesamtbetrag, mit dem Ihre Kreditkarte belastet wird
UpdateCart=Warenkorb aktualisieren
EnterCreditCard=Geben Sie Ihre Kreditkartennummern ein
Enter3DigitCode=Geben Sie Ihren 3-stelligen Sicherheitscode ein
Purchase=Kaufen
ReflectedXSSHint1=Ein einfaches Skript ist &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.
ReflectedXSSHint2=K<EFBFBD>nnen Sie das Skript dazu bringen den JSESSIONID Cookie zu ver<65>ffentlichen?
ReflectedXSSHint3=Sie k<>nnen &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; benutzen um an den Session ID Cookie zu kommen
ReflectedXSSHint4=K<EFBFBD>nnen Sie das Skript so gestalten, dass es an den Inhalt des Kreditkartenfeldes kommt?
ReflectedXSSHint5=Versuchen Sie einen cross site trace (XST) Befehl:<br>&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1){var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); document.write(str1);}&lt;/script&gt;");
#HtmlClues.java
HtmlCluesBINGO=BINGO -- admin authentisiert
HtmlCluesHint1=Sie k<>nnen Sich den HTML Quellcode anschauen indem Sie "View Source" im Browser anklicken.
HtmlCluesHint2=Es gibt viele Hinweise in HTML
HtmlCluesHint3=Suchen Sie nach den Worten HIDDEN, schauen Sie sich URLs an und suchen Sie nach Kommentaren.
#JavaScriptValidation.java
3LowerCase=Feld1: genau drei kleine Buchstaben
Exactly3Digits=Feld2: genau drei Ziffern
LettersNumbersSpaceOnly=Feld3: Buchstaben, Ziffern und Leerzeichen
EnumerationOfNumbers=Feld4: ausgeschriebene Ziffern
SimpleZipCode=Feld5: Einfach Postleitzahlen (5 stellige Zahl)
ZIPDashFour=Feld6: Postleitzahlen mit optionalem Bindestrich und 4 stelliger Zahl
USPhoneNumber=Feld7: Telefonnummer in den USA, mit oder ohne Bindestriche
ServerSideValidationViolation=Server-seitige Validierungsversto<74>: Sie waren erfolgreich f<>r
JavaScriptValidationHint1=Die Validierung findet in Ihrem Browser statt.
JavaScriptValidationHint2=Versuchen Sie den Wert zu ver<65>ndern nachdem er Ihren Browser verlassen hat.
JavaScriptValidationHint3=Sie k<>nnen aber auch JavaScript abschalten, bevor Sie sich die Seite anschauen.
#HiddenFieldTampering.java
TotalPriceIs=Der Gesamtpreis ist
ThisAmountCharged=Ihre Kreditkarte wird sofort mit dem Betrag belastet
HiddenFieldTamperingHint1=Die Applikation nutzt ein verstecktes Feld um Preisinformationen an den Server zu <20>bertragen.
HiddenFieldTamperingHint2=Benutzen Sie ein Programm um den Wert des versteckten Feldes abzufangen und zu ver<65>ndern.
HiddenFieldTamperingHint3=Benutzen Sie <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> um den Preis des Fernsehers auf einen anderen Wert einzustellen.
HiddenFieldTamperingHint32= bis

223
src/main/resources/WebGoatLabels_russian.properties
View File

@ -1,223 +0,0 @@
#General
LessonCompleted=\u041F\u043E\u0437\u0434\u0440\u0430\u0432\u043B\u044F\u044E. \u0412\u044B \u043F\u043E\u043B\u043D\u043E\u0441\u0442\u044C\u044E \u043F\u0440\u043E\u0448\u043B\u0438 \u0434\u0430\u043D\u043D\u044B\u0439 \u0443\u0440\u043E\u043A.
RestartLesson=\u041D\u0430\u0447\u0430\u043B\u044C \u0441\u043D\u0430\u0447\u0430\u043B\u0430
SolutionVideos=\u0412\u0438\u0434\u0435\u043E \u0441 \u0440\u0435\u0448\u0435\u043D\u0438\u0435\u043C
ErrorGenerating=\u041F\u0440\u043E\u0438\u0437\u043E\u0448\u043B\u0430 \u043E\u0448\u0438\u0431\u043A\u0430
InvalidData=\u041D\u0435\u0432\u0435\u0440\u043D\u044B\u0435 \u0434\u0430\u043D\u043D\u044B\u0435
#HttpBasics.java
EnterYourName=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0432\u0430\u0448\u0435 \u0438\u043C\u044F
Go!=\u0412\u043F\u0435\u0440\u0451\u0434!
#BasicAuthentication.java
BasicAuthHeaderNameIncorrect=\u0418\u043C\u044F \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043A\u0430 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u043C\u043E\u0433\u043E \u0434\u043B\u044F \u043E\u0431\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0438 \u0432\u0432\u0435\u0434\u0435\u043D\u043E \u043D\u0435\u0432\u0435\u0440\u043D\u043E.
BasicAuthHeaderValueIncorrect=\u0417\u043D\u0430\u0447\u0435\u043D\u0438\u0435 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043A\u0430 \u043E\u0431\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0438 \u0432\u0432\u0435\u0434\u0435\u043D\u043E \u043D\u0435\u0432\u0435\u0440\u043D\u043E.
BasicAuthenticationWhatIsNameOfHeader=\u041A\u0430\u043A\u043E\u0435 \u0438\u043C\u044F \u0443 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043A\u0430 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0438:
BasicAuthenticationWhatIsDecodedValueOfHeader=\u041A\u0430\u043A\u043E\u0435 \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 (\u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043E\u0432\u0430\u043D\u043D\u043E\u0435) \u0443 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043A\u0430 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0438:
Submit=\u041E\u0442\u043F\u0440\u0430\u0432\u0438\u0442\u044C
BasicAuthenticationGreenStars1=\u0417\u0430\u043A\u0440\u043E\u0439\u0442\u0435 \u0432\u0430\u0448 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u0438 \u0432\u043E\u0439\u0434\u0438\u0442\u0435 \u043A\u0430\u043A
BasicAuthenticationGreenStars2= \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0432\u0435\u0440\u043D\u0443\u0442\u044C \u0432\u0430\u0448\u0438 \u0437\u0435\u043B\u0451\u043D\u044B\u0435 \u043E\u0442\u043C\u0435\u0442\u043A\u0438.
BasicAuthenticationStage1Completed=\u041F\u043E\u0437\u0434\u0440\u0430\u0432\u043B\u044F\u0435\u043C, \u0432\u044B \u043F\u043E\u043D\u044F\u043B\u0438 \u043C\u0435\u0445\u0430\u043D\u0438\u0437\u043C \u0440\u0430\u0431\u043E\u0442\u044B \u043E\u0431\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0438.&nbsp;&nbsp;- \u0422\u0435\u043F\u0435\u0440\u044C \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u043F\u043E\u043F\u044B\u0442\u0430\u0442\u044C\u0441\u044F \u0441\u0434\u0435\u043B\u0430\u0442\u044C \u0442\u0430\u043A, \u0447\u0442\u043E\u0431 WebGoat \u0440\u0435\u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043E\u0432\u0430\u043B \u0432\u0430\u0441 \u043A\u0430\u043A: &nbsp;&nbsp;&nbsp;&nbsp;- \u0438\u043C\u044F \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F: basic &nbsp;&nbsp;&nbsp;&nbsp;- \u043F\u0430\u0440\u043E\u043B\u044C: basic. \u0412\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435\u0441\u044C \u043C\u0435\u043D\u044E \u043E\u0431\u0449\u0435\u0439 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0438 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u043E\u043A\u0430\u0437\u0430\u0442\u044C\u0441\u044F \u043D\u0430 \u0441\u0442\u0440\u0430\u043D\u0438\u0446\u0435 \u0432\u0445\u043E\u0434\u0430.
BasicAuthenticationAlmostThere1=\u0412\u044B \u043F\u043E\u0447\u0442\u0438 \u0442\u0430\u043C! \u0412\u044B \u0438\u0437\u043C\u0435\u043D\u0438\u043B\u0438
BasicAuthenticationAlmostThere2= \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A, \u043D\u043E \u0432\u044B \u0432\u0441\u0451 \u0435\u0449\u0451 \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0435\u0441\u044C \u0432\u043E\u0448\u0435\u0434\u0448\u0438\u043C \u043A\u0430\u043A
BasicAuthenticationAlmostThere3=. \u041F\u043E\u0441\u043C\u043E\u0442\u0440\u0438\u0442\u0435 \u043D\u0430 \u0437\u0430\u043F\u0440\u043E\u0441 \u043F\u043E\u0441\u043B\u0435 \u0442\u043E\u0433\u043E \u043A\u0430\u043A \u0432\u044B \u0443\u043A\u0430\u0437\u0430\u043B\u0438 \u0434\u0430\u043D\u043D\u044B\u0435 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F 'basic' \u0438 \u043E\u0442\u043E\u0441\u043B\u0430\u043B\u0438 \u0435\u0433\u043E. \u0417\u0430\u043F\u043E\u043C\u043D\u0438\u0442\u0435 \u043F\u043E\u0440\u044F\u0434\u043E\u043A \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043A\u043E\u0442\u043E\u0440\u044B\u0439 \u043F\u0440\u0438\u0432\u0451\u043B \u043A \u043D\u043E\u0440\u043C\u0430\u043B\u044C\u043D\u043E\u043C\u0443 \u0432\u0437\u0430\u0438\u043C\u043E\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044E \u0441 \u043E\u0441\u043D\u043E\u0432\u043D\u043E\u0439 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0435\u0439.
BasicAuthenticationReallyClose=\u0412\u044B \u043F\u043E\u0447\u0442\u0438 \u0443 \u0446\u0435\u043B\u0438! \u0418\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u0435 cookies \u0441\u0435\u0441\u0441\u0438\u0438 \u0437\u0430\u0441\u0442\u0430\u0432\u043B\u044F\u0435\u0442 \u0441\u0435\u0440\u0432\u0435\u0440 \u0441\u043E\u0437\u0434\u0430\u0432\u0430\u0442\u044C \u0434\u043B\u044F \u0432\u0430\u0441 \u043D\u043E\u0432\u0443\u044E \u0441\u0435\u0441\u0441\u0438\u044E. \u042D\u0442\u043E \u043D\u0435 \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442 \u0435\u0433\u043E \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u0432\u0430\u0441 \u0437\u0430\u043D\u043E\u0432\u043E. \u041A\u043E\u0433\u0434\u0430 \u0432\u044B \u043F\u043E\u0439\u043C\u0451\u0442\u0435 \u043A\u0430\u043A \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044C \u0441\u0435\u0440\u0432\u0435\u0440 \u0432\u044B\u043F\u043E\u043B\u043D\u044F\u0442\u044C \u0437\u0430\u043F\u0440\u043E\u0441\u044B \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0438, \u0432\u044B \u0437\u0430\u043F\u0440\u043E\u0441\u0442\u043E \u0441\u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0439\u0442\u0438 \u043A\u0430\u043A:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;\u0438\u043C\u044F \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F: basic<br> &nbsp;&nbsp;&nbsp;&nbsp;\u043F\u0430\u0440\u043E\u043B\u044C: basic<br>
BasicAuthenticationUseTheHints=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u043E\u0434\u0441\u043A\u0430\u0437\u043A\u0438! \u0422\u043E\u043B\u044C\u043A\u043E \u043F\u043E \u043E\u0434\u043D\u043E\u0439...
BasicAuthenticationHint1=\u041E\u0441\u043D\u043E\u0432\u043D\u0430\u044F \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u044F \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 cookie \u0434\u043B\u044F \u0445\u0440\u0430\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F. \u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u043A\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043F\u0440\u043E\u0441\u0430. \u0421\u043C\u043E\u0442\u0440\u0438\u0442\u0435 cookies \u043A\u043E\u0442\u043E\u0440\u044B\u0435 \u0432 \u043D\u0451\u043C \u043F\u0435\u0440\u0435\u0434\u0430\u044E\u0442\u0441\u044F.
BasicAuthenticationHint2=\u041E\u0441\u043D\u043E\u0432\u043D\u0430\u044F \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u044F \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 Base64 \u0434\u043B\u044F \u043E\u0431\u044A\u0435\u0434\u0438\u043D\u0435\u043D\u0438\u044F \u0432\u0432\u0435\u0434\u0451\u043D\u043D\u044B\u0445 " + "\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u0435\u043C \u0434\u0430\u043D\u043D\u044B\u0445 \u0432 \u043E\u0434\u043D\u0443 \u0441\u0442\u0440\u043E\u043A\u0443.
BasicAuthenticationHint3=\u041E\u0441\u043D\u043E\u0432\u043D\u0430\u044F \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u044F \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 cookies \u0441 \u0438\u043C\u0435\u043D\u0435\u043C 'Authorization' " + "\u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0442\u043E\u0433\u043E \u0447\u0442\u043E \u0432\u0432\u0451\u043B \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044C.
BasicAuthenticationHint4=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 WebScarab -> Tools -> Transcoder \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0440\u0430\u0441\u043A\u043E\u0434\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u0438\u0437 Base64 \u0441\u043E\u0434\u0435\u0440\u0436\u0438\u043C\u043E\u0435 \u043D\u0435\u043E\u0431\u0445\u043E\u0434\u0438\u043C\u044B\u0445 \u0432\u0430\u043C cookie.
BasicAuthenticationHint5=\u041E\u0441\u043D\u043E\u0432\u043D\u0430\u044F \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u044F \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 cookie \u0434\u043B\u044F \u0445\u0440\u0430\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F. \u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u043A\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043F\u0440\u043E\u0441\u0430. \u0421\u043C\u043E\u0442\u0440\u0438\u0442\u0435 cookies \u043A\u043E\u0442\u043E\u0440\u044B\u0435 \u0432 \u043D\u0451\u043C \u043F\u0435\u0440\u0435\u0434\u0430\u044E\u0442\u0441\u044F.
BasicAuthenticationHint6=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0437\u0430\u043F\u0440\u043E\u0441\u0438\u0442 \u043B\u043E\u0433\u0438\u043D \u0438 \u043F\u0430\u0440\u043E\u043B\u044C \u0443 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F \u043E\u043D \u043F\u0440\u043E\u0432\u0435\u0440\u044F\u0435\u0442 \u0442\u0435\u043A\u0443\u0449\u0443\u044E \u0441\u0435\u0441\u0441\u0438\u044E \u0432 \u043D\u0430\u0434\u0435\u0436\u0434\u0435 \u043D\u0430 \u0442\u043E \u0447\u0442\u043E \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044C \u0443\u0436\u0435 \u0432\u043E\u0448\u0451\u043B \u0440\u0430\u043D\u0435\u0435.
BasicAuthenticationHint7=\u0415\u0441\u043B\u0438 \u0442\u0435\u043A\u0443\u0449\u0430\u044F \u0441\u0435\u0441\u0441\u0438\u044F \u043D\u0435 \u0438\u043C\u0435\u0435\u0442 \u0434\u0430\u043D\u043D\u044B\u0445 \u043E \u0442\u043E\u043C \u0447\u0442\u043E \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044C \u0443\u0436\u0435 \u0432\u043E\u0448\u0451\u043B, \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 \u0434\u0430\u043D\u043D\u044B\u0435 \u043E\u0441\u043D\u043E\u0432\u043D\u043E\u0439 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0438
BasicAuthenticationHint8=\u0415\u0441\u043B\u0438 \u0442\u0435\u043A\u0443\u0449\u0430\u044F \u0441\u0435\u0441\u0441\u0438\u044F \u043D\u0435 \u0438\u043C\u0435\u0435\u0442 \u0434\u0430\u043D\u043D\u044B\u0445 \u043E \u0442\u043E\u043C \u0447\u0442\u043E \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044C \u0443\u0436\u0435 \u0432\u043E\u0448\u0451\u043B, \u0430 \u0434\u0430\u043D\u043D\u044B\u0435 \u043E\u0441\u043D\u043E\u0432\u043D\u043E\u0439 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u0438 \u043D\u0435\u0432\u0435\u0440\u043D\u044B, \u043A\u043B\u0438\u0435\u043D\u0442\u0443 \u0443\u0439\u0434\u0451\u0442 \u043D\u043E\u0432\u044B\u0439 \u0437\u0430\u043F\u0440\u043E\u0441 \u043D\u0430 \u0432\u0432\u043E\u0434 \u0438\u043C\u0435\u043D\u0438 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F \u0438 \u043F\u0430\u0440\u043E\u043B\u044F.
BasicAuthenticationHint9=\u041F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u0435 \u0437\u0430\u043F\u0440\u043E\u0441 \u0438 \u0438\u0441\u043F\u043E\u0440\u0442\u044C\u0442\u0435 cookie JSESSIONID \u0438 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A Authorization.
#WeakAuthenticationCookie.java
InvalidCookie=\u041D\u0435\u0432\u0435\u0440\u043D\u044B\u0435 cookie
IdentityRemembered=\u0421\u0435\u0440\u0432\u0435\u0440 \u0437\u0430\u043F\u043E\u043C\u043D\u0438\u043B \u0434\u0430\u043D\u043D\u044B\u0435 \u043E \u0432\u0430\u0448\u0435\u0439 \u043F\u043E\u0434\u043B\u0438\u043D\u043D\u043E\u0441\u0442\u0438
InvalidUsernameAndPassword=\u041D\u0435\u0432\u0435\u0440\u043D\u043E \u0443\u043A\u0430\u0437\u0430\u043D\u044B \u043B\u043E\u0433\u0438\u043D \u0438 \u043F\u0430\u0440\u043E\u043B\u044C
UserName=\u0418\u043C\u044F \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F
Password=\u041F\u0430\u0440\u043E\u043B\u044C
Login=\u041B\u043E\u0433\u0438\u043D
RequiredFields=\u041E\u0431\u044F\u0437\u0430\u0442\u0435\u043B\u044C\u043D\u044B\u0435 \u043F\u043E\u043B\u044F
WeakAuthenticationCookiePleaseSignIn=\u041F\u043E\u0436\u0430\u043B\u0443\u0439\u0441\u0442\u0430, \u0432\u043E\u0439\u0434\u0438\u0442\u0435 \u043F\u043E\u0434 \u0441\u0432\u043E\u0438\u043C \u0430\u043A\u043A\u0430\u0443\u043D\u0442\u043E\u043C. \u0421\u043C\u043E\u0442\u0440\u0438\u0442\u0435 OWASP admin \u0435\u0441\u043B\u0438 \u0443 \u0432\u0430\u0441 \u0435\u0433\u043E \u043D\u0435\u0442.
SignIn=\u0412\u043E\u0439\u0442\u0438
PasswordForgotten=\u0414\u043E\u0441\u0432\u0438\u0434\u0430\u043D\u0438\u044F! \u0412\u0430\u0448 \u043F\u0430\u0440\u043E\u043B\u044C \u0437\u0430\u043F\u043E\u043C\u043D\u0435\u043D
WelcomeUser=\u0414\u043E\u0431\u0440\u043E \u043F\u043E\u0436\u0430\u043B\u043E\u0432\u0430\u044C,
YouHaveBeenAuthenticatedWith=\u0412\u044B \u0431\u044B\u043B\u0438 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043E\u0432\u0430\u043D\u044B \u0441
Logout=\u0412\u044B\u0439\u0442\u0438
Refresh=\u041E\u0431\u043D\u043E\u0432\u0438\u0442\u044C
WeakAuthenticationCookieHints1=\u0421\u0435\u0440\u0432\u0435\u0440 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C cookie \u0435\u0441\u043B\u0438 \u0432 \u043D\u0438\u0445 \u043D\u0430\u0445\u043E\u0434\u044F\u0442\u0441\u044F \u0432\u0435\u0440\u043D\u044B\u0435 \u0434\u0430\u043D\u043D\u044B\u0435
WeakAuthenticationCookieHints2=\u041C\u043E\u0436\u043D\u043E \u043B\u0438 \u0443\u0433\u0430\u0434\u0430\u0442\u044C \u043B\u043E\u0433\u0438\u043D \u0438 \u043F\u0430\u0440\u043E\u043B\u044C \u0438\u0437 AuthCookie?
WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>.
WeakAuthenticationCookieHints4=\u041F\u043E\u0441\u043B\u0435 \u0442\u043E\u0433\u043E \u043A\u0430\u043A \u0432\u044B \u0432\u043E\u0448\u043B\u0438 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C webgoat \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432ubphcfx'<br/>\u041F\u043E\u0441\u043B\u0435 \u0432\u0445\u043E\u0434\u0430 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C aspect \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432udfqtb'<br/>\u0415\u0441\u0442\u044C \u043B\u0438 \u0447\u0442\u043E-\u0442\u043E \u043E\u0431\u0449\u0435\u0435 \u043C\u0435\u0436\u0434\u0443 cookies \u0438 \u0432\u0432\u043E\u0434\u0438\u043C\u044B\u043C\u0438 \u043B\u043E\u0433\u0438\u043D\u0430\u043C\u0438?
#RemoteAdminFlaw.java
RemoteAdminFlawHint1=WebGoat \u0438\u043C\u0435\u0435\u0442 2 \u0438\u043D\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0430\u0434\u043C\u0438\u043D\u0438\u0441\u0442\u0440\u0438\u0440\u043E\u0432\u0430\u043D\u0438\u044F
RemoteAdminFlawHint2=WebGoat \u0438\u043C\u0435\u0435\u0442 \u043E\u0434\u0438\u043D \u0430\u0434\u043C\u0438\u043D\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043D\u044B\u0439 \u0438\u043D\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0442 \u043A\u043E\u0442\u043E\u0440\u044B\u0439 \u043A\u043E\u043D\u0442\u0440\u043E\u043B\u0438\u0440\u0443\u0435\u0442\u0441\u044F \u0441 \u043F\u043E\u043C\u043E\u0449\u044C\u044E URL-\u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u0430 \u043A\u043E\u0442\u043E\u0440\u044B\u0439 \u043C\u043E\u0436\u043D\u043E '\u0432\u0437\u043B\u043E\u043C\u0430\u0442\u044C'
RemoteAdminFlawHint3=WebGoat \u0438\u043C\u0435\u0435\u0442 \u043E\u0434\u0438\u043D \u0430\u0434\u043C\u0438\u043D\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043D\u044B\u0439 \u0438\u043D\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043A\u043E\u0442\u043E\u0440\u044B\u0439 \u043A\u043E\u043D\u0442\u0440\u043E\u043B\u0438\u0440\u0443\u0435\u0442\u0441\u044F \u0441 \u043F\u043E\u043C\u043E\u0449\u044C\u044E \u0437\u0430\u0449\u0438\u0442\u043D\u044B\u0445 \u043C\u0435\u0445\u0430\u043D\u0438\u0437\u043C\u043E\u0432 \u043D\u0430 \u0441\u0442\u043E\u0440\u043E\u043D\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0438 \u0435\u0433\u043E \u043D\u0435\u043B\u044C\u0437\u044F '\u0432\u0437\u043B\u043E\u043C\u0430\u0442\u044C'
RemoteAdminFlawHint4=\u0421\u043B\u0435\u0434\u0443\u0439\u0442\u0435 \u0437\u0430 \u0438\u0441\u0442\u043E\u0447\u043D\u0438\u043A\u043E\u043C!
RemoteAdminFlawHint5=\u041F\u0440\u0438 \u0443\u0434\u0430\u0447\u043D\u043E\u0439 \u043F\u043E\u043F\u044B\u0442\u043A\u0435 \u0432\u044B \u0443\u0432\u0438\u0434\u0438\u0442\u0435 \u043F\u043E\u044F\u0432\u043B\u0435\u043D\u0438\u0435 \u043C\u0435\u043D\u044E 'Admin Functions' \u0441 \u043D\u0435\u0441\u043A\u043E\u043B\u044C\u043A\u0438\u043C\u0438 \u0432\u043B\u043E\u0436\u0435\u043D\u043D\u044B\u043C\u0438 \u043F\u0443\u043D\u043A\u0442\u0430\u043C\u0438.
#PathBasedAccessControl.java
CurrentDirectory=\u0422\u0435\u043A\u0443\u0449\u0430\u044F \u0434\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u044F:
ChooseFileToView=\u0412\u044B\u0431\u0435\u0440\u0438\u0442\u0435 \u0444\u0430\u0439\u043B \u0434\u043B\u044F \u043F\u0440\u043E\u0441\u043C\u043E\u0442\u0440\u0430:
ViewFile=\u041F\u0440\u043E\u0441\u043C\u043E\u0442\u0440\u0435\u0442\u044C \u0444\u0430\u0439\u043B
AccessDenied=\u0414\u043E\u0441\u0442\u0443\u043F \u0437\u0430\u043F\u0440\u0435\u0449\u0451\u043D
ItAppears1=\u0412\u044B \u043D\u0430 \u0432\u0435\u0440\u043D\u043E\u043C \u043F\u0443\u0442\u0438. \u041A\u043E\u043C\u0430\u043D\u0434\u044B, \u043A\u043E\u0442\u043E\u0440\u044B\u0435 \u043C\u043E\u0433\u0443\u0442 \u0441\u043A\u043E\u043C\u043F\u0440\u043E\u043C\u0435\u0442\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u0441\u0438\u0441\u0442\u0435\u043C\u0443, \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u044B. \u0412\u0430\u043C \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043D\u043E \u043B\u0438\u0448\u044C \u043F\u0440\u043E\u0441\u043C\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044C \u043F\u043E \u043E\u0434\u043D\u043E\u043C\u0443 \u0444\u0430\u0439\u043B\u0443 \u0438\u0437 \u0434\u0430\u043D\u043D\u043E\u0439 \u0434\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u0438.
ItAppears2=\u0412\u044B \u043D\u0430 \u0432\u0435\u0440\u043D\u043E\u043C \u043F\u0443\u0442\u0438. \u041A\u043E\u043C\u0430\u043D\u0434\u044B, \u043A\u043E\u0442\u043E\u0440\u044B\u0435 \u043C\u043E\u0433\u0443\u0442 \u0441\u043A\u043E\u043C\u043F\u0440\u043E\u043C\u0435\u0442\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u0441\u0438\u0441\u0442\u0435\u043C\u0443, \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u044B. \u0412\u0430\u043C \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043D\u043E \u043B\u0438\u0448\u044C \u043F\u0440\u043E\u0441\u043C\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044C \u043F\u043E \u043E\u0434\u043D\u043E\u043C\u0443 \u0444\u0430\u0439\u043B\u0443 \u0438\u0437 \u0434\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u0438 WebGoat.
CongratsAccessToFileAllowed=\u041F\u043E\u0437\u0434\u0440\u0430\u0432\u043B\u044F\u0435\u043C! \u0414\u043E\u0441\u0442\u0443\u043F \u043A \u0444\u0430\u0439\u043B\u0443 \u043F\u043E\u043B\u0443\u0447\u0435\u043D
FileInAllowedDirectory=\u0424\u0430\u0439\u043B \u0443\u0436\u0435 \u0432 \u0440\u0430\u0437\u0440\u0435\u0448\u0451\u043D\u043D\u043E\u0439 \u0434\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u0438 - \u043F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0435\u0449\u0451 \u0440\u0430\u0437!
AccessToFileDenied1=\u0414\u043E\u0441\u0442\u0443\u043F \u043A \u0444\u0430\u0439\u043B\u0443/\u0434\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u0438 "
AccessToFileDenied2=" \u0437\u0430\u043F\u0440\u0435\u0449\u0451\u043D
FileTooLarge=\u0424\u0430\u0439\u043B \u043E\u0447\u0435\u043D\u044C \u0431\u043E\u043B\u044C\u0448\u043E\u0439
FileBinary=\u042D\u0442\u043E \u0431\u0438\u043D\u0430\u0440\u043D\u044B\u0439 \u0444\u0430\u0439\u043B
TheFollowingError=\u041F\u0440\u0438 \u043F\u043E\u043F\u044B\u0442\u043A\u0435 \u0434\u043E\u0441\u0442\u0443\u043F\u0430 \u043A \u0444\u0430\u0439\u043B\u0443 \u0432\u043E\u0437\u043D\u0438\u043A\u043B\u0430 \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0430\u044F \u043E\u0448\u0438\u0431\u043A\u0430: <
PathBasedAccessControlInstr1=\u041F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044C '
PathBasedAccessControlInstr2=' \u0438\u043C\u0435\u0435\u0442 \u0434\u043E\u0441\u0442\u0443\u043F \u043A\u043E \u0432\u0441\u0435\u043C \u0444\u0430\u0439\u043B\u0430\u043C \u0432 \u0434\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u0438 lesson_plans/English. \u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u043E\u0431\u043E\u0439\u0442\u0438 \u043C\u0435\u0445\u0430\u043D\u0438\u0437\u043C \u043A\u043E\u043D\u0442\u0440\u043E\u043B\u044F \u0434\u043E\u0441\u0442\u0443\u043F\u0430 \u0438 \u043F\u043E\u043B\u0443\u0447\u0438\u0442\u044C \u0434\u043E\u0441\u0442\u0443\u043F \u043A \u0440\u0435\u0441\u0443\u0440\u0441\u0443, \u043A\u043E\u0442\u043E\u0440\u044B\u0439 \u0440\u0430\u0441\u043F\u043E\u043B\u0430\u0433\u0430\u0435\u0442\u0441\u044F \u0432\u043D\u0435 \u0434\u0430\u043D\u043D\u043E\u0439 \u0434\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u0438. \u041F\u043E\u0441\u043B\u0435 \u0432\u044B\u0431\u043E\u0440\u0430 \u0444\u0430\u0439\u043B\u0430 WebGoat \u0441\u043E\u043E\u0431\u0449\u0438\u0442 \u0432\u0430\u043C \u0435\u0441\u043B\u0438 \u043A \u043D\u0435\u043C\u0443 \u0435\u0441\u0442\u044C \u0434\u043E\u0441\u0442\u0443\u043F. \u0418\u043D\u0442\u0435\u0440\u0435\u0441\u043D\u044B\u043C \u0444\u0430\u0439\u043B\u043E\u043C \u0432 \u0434\u0430\u043D\u043D\u043E\u0439 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438 \u043C\u043E\u0436\u0435\u0442 \u0431\u044B\u0442\u044C \u0444\u0430\u0439\u043B tomcat/conf/tomcat-users.xml
ErrorGenerating=\u041F\u0440\u043E\u0438\u0437\u043E\u0448\u043B\u0430 \u043E\u0448\u0438\u0431\u043A\u0430
ViewingFile=\u041F\u0440\u043E\u0441\u043C\u043E\u0442\u0440 \u0444\u0430\u0439\u043B\u0430:
File=\u0424\u0430\u0439\u043B:
Dir=\u0414\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u044F:
IsFile= - isFile():
Exists= - exists():
PathBasedAccessControlHint1=\u0411\u043E\u043B\u044C\u0448\u0438\u043D\u0441\u0442\u0432\u043E \u043E\u043F\u0435\u0440\u0430\u0446\u0438\u043E\u043D\u043D\u044B\u0445 \u0441\u0438\u0441\u0442\u0435\u043C \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u044E\u0442 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C \u0441\u043F\u0435\u0446\u0438\u0430\u043B\u044C\u043D\u044B\u0435 \u0441\u0438\u043C\u0432\u043E\u043B\u044B \u043F\u0440\u0438 \u0443\u043A\u0430\u0437\u0430\u043D\u0438\u0438 \u043F\u0443\u0442\u0435\u0439.
PathBasedAccessControlHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u0444\u0430\u0439\u043B\u043E\u0432\u044B\u0439 \u043C\u0435\u043D\u0435\u0434\u0436\u0435\u0440 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431\u044B \u043D\u0430\u0439\u0442\u0438 \u0434\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u044E tomcat\\webapps\\WebGoat\\lesson_plans");
PathBasedAccessControlHint3=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u043F\u043E\u043C\u0435\u0441\u0442\u0438\u0442\u044C .. \u0432 \u0443\u043A\u0430\u0437\u044B\u0432\u0430\u0435\u043C\u044B\u0439 \u043F\u0443\u0442\u044C
PathBasedAccessControlHint4=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0432\u0432\u0435\u0441\u0442\u0438 ..\\..\\..\\LICENSE
#CommandInjection.java
Command=\u041A\u043E\u043C\u0430\u043D\u0434\u0430
CommandInjectionRightTrack1=\u0412\u044B \u043D\u0430 \u0432\u0435\u0440\u043D\u043E\u043C \u043F\u0443\u0442\u0438. \u041A\u043E\u043C\u0430\u043D\u0434\u044B, \u043A\u043E\u0442\u043E\u0440\u044B\u0435 \u043C\u043E\u0433\u0443\u0442 \u0441\u043A\u043E\u043C\u043F\u0440\u043E\u043C\u0435\u0442\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u0441\u0438\u0441\u0442\u0435\u043C\u0443, \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u044B. \u0421\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u0435 \u043A\u043E\u043C\u0430\u043D\u0434\u044B \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043D\u044B: netstat -a, dir, ls, ifconfig, \u0438 ipconfig.
CommandInjectionRightTrack2=\u0412\u044B \u043D\u0430 \u0432\u0435\u0440\u043D\u043E\u043C \u043F\u0443\u0442\u0438. \u041A\u043E\u043C\u0430\u043D\u0434\u044B, \u043A\u043E\u0442\u043E\u0440\u044B\u0435 \u043C\u043E\u0433\u0443\u0442 \u0441\u043A\u043E\u043C\u043F\u0440\u043E\u043C\u0435\u0442\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u0441\u0438\u0441\u0442\u0435\u043C\u0443, \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u044B. \u0414\u0430\u043D\u043D\u044B\u0439 \u0443\u0440\u043E\u043A \u0441\u0432\u044F\u0437\u0430\u043D \u0441 \u0432\u044B\u043F\u043E\u043B\u043D\u0435\u043D\u0438\u0435\u043C \u043A\u043E\u043C\u0430\u043D\u0434 \u041E\u0421, \u043D\u0435 \u0441 \u043A\u043E\u043D\u0442\u0440\u043E\u043B\u0435\u043C \u0434\u043E\u0441\u0442\u0443\u043F\u0430.
YouAreCurrentlyViewing=\u0412 \u0434\u0430\u043D\u043D\u044B\u0439 \u043C\u043E\u043C\u0435\u043D\u0442 \u0432\u044B \u043F\u0440\u043E\u0441\u043C\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u0442\u0435:
SelectFileFromListBelow=\u0432\u044B\u0431\u0435\u0440\u0438\u0442\u0435 \u0444\u0430\u0439\u043B \u0438\u0437 \u0441\u043F\u0438\u0441\u043A\u0430 \u043D\u0438\u0436\u0435
SelectLessonPlanToView=\u0412\u044B\u0431\u0435\u0440\u0438\u0442\u0435 \u043F\u043B\u0430\u043D \u0443\u0440\u043E\u043A\u0430 \u0434\u043B\u044F \u043F\u0440\u043E\u0441\u043C\u043E\u0442\u0440\u0430:
View=\u041F\u0440\u043E\u0441\u043C\u043E\u0442\u0440
CommandInjectionHint1=\u041F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 \u043A\u043E\u043C\u0430\u043D\u0434\u044B \u0441\u0438\u0441\u0442\u0435\u043C\u044B \u0434\u043B\u044F \u043E\u0442\u043E\u0431\u0440\u0430\u0436\u0435\u043D\u0438\u044F \u0441\u043E\u0434\u0435\u0440\u0436\u0438\u043C\u043E\u0433\u043E \u0444\u0430\u0439\u043B\u0430.
CommandInjectionHint2=\u0410\u043C\u043F\u0435\u0440\u0441\u0430\u043D\u0434(&) \u0440\u0430\u0437\u0434\u0435\u043B\u044F\u0435\u0442 \u043A\u043E\u043C\u0430\u043D\u0434\u044B \u0432 \u043A\u043E\u043C\u0430\u043D\u0434\u043D\u043E\u0439 \u0441\u0442\u0440\u043E\u043A\u0435 Windows 2000. \u0412 Unix \u0442\u0430\u043A\u0438\u043C \u0440\u0430\u0437\u0434\u0435\u043B\u0438\u0442\u0435\u043B\u0435\u043C \u044F\u0432\u043B\u044F\u0435\u0442\u0441\u044F \u0442\u043E\u0447\u043A\u0430 \u0441 \u0437\u0430\u043F\u044F\u0442\u043E\u0439(;)
CommandInjectionHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u043A\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0432\u0441\u0442\u0430\u0432\u0438\u0442\u044C '& netstat -a' \u043D\u0430 Windows \u0438\u043B\u0438 ';netstat -a' \u043D\u0430 Unix.
CommandInjectionHint4=\u041E\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043D\u0438\u043C\u0430\u043D\u0438\u0435 \u043D\u0430 \u0442\u043E, \u0447\u0442\u043E \u0441\u0435\u0440\u0432\u0435\u0440 \u043C\u043E\u0436\u0435\u0442 \u0437\u0430\u043A\u043B\u044E\u0447\u0430\u0442\u044C \u0432 \u043A\u0430\u0432\u044B\u0447\u043A\u0438 \u043E\u0442\u043F\u0440\u0430\u0432\u043B\u0435\u043D\u043D\u043E\u0435 \u0438\u043C\u044F \u0444\u0430\u0439\u043B\u0430.
#NumericSqlInjection.java
NumericSqlInjectionSecondStage=\u0414\u0435\u0440\u0436\u0443 \u043F\u0430\u0440\u0438 \u0432\u044B \u043D\u0435 \u0441\u043C\u043E\u0436\u0435\u0442\u0435 \u0441\u0434\u0435\u043B\u0430\u0442\u044C \u044D\u0442\u043E \u0441\u043D\u043E\u0432\u0430! \u042D\u0442\u043E\u0442 \u0443\u0440\u043E\u043A \u0437\u0430\u0444\u0438\u043A\u0441\u0438\u0440\u043E\u0432\u0430\u043B \u0432\u0430\u0448\u0443 \u0443\u0434\u0430\u0447\u043D\u0443\u044E \u043F\u043E\u043F\u044B\u0442\u043A\u0443 \u0430\u0442\u0430\u043A\u0438 \u0438 \u0442\u0435\u043F\u0435\u0440\u044C \u043F\u0435\u0440\u0435\u043A\u043B\u044E\u0447\u0438\u043B\u0441\u044F \u0432 \u043F\u043E\u0432\u044B\u0448\u0435\u043D\u043D\u044B\u0439 \u0440\u0435\u0436\u0438\u043C \u0437\u0430\u0449\u0438\u0442\u044B. \u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0442\u0435\u043F\u0435\u0440\u044C \u043F\u0440\u043E\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043A\u0443 \u0447\u0435\u0440\u0435\u0437 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u044B \u0437\u0430\u043F\u0440\u043E\u0441\u0430.
NoResultsMatched=\u041D\u0435\u0442 \u0441\u043E\u0432\u043F\u0430\u0434\u0435\u043D\u0438\u0439. \u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0441\u043D\u043E\u0432\u0430.
NumericSqlInjectionSecondStage2=\u0412\u044B \u0443\u0441\u043F\u0435\u0448\u043D\u043E \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043B\u0438 \u0434\u0430\u043D\u043D\u0443\u044E SQL-\u0438\u043D\u044A\u0435\u043A\u0446\u0438\u044E. \u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0441\u0434\u0435\u043B\u0430\u0442\u044C \u0442\u043E\u0436\u0435 \u0441\u0430\u043C\u043E\u0435 \u0441 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u0438\u0437\u0438\u0440\u043E\u0432\u0430\u043D\u043D\u044B\u043C \u0437\u0430\u043F\u0440\u043E\u0441\u043E\u043C.
ErrorParsingAsNumber=\u041E\u0448\u0438\u0431\u043A\u0430 \u043E\u0431\u0440\u0430\u0431\u043E\u0442\u043A\u0438 \u043F\u043E\u0437\u0438\u0446\u0438\u0438 \u043A\u0430\u043A \u0447\u0438\u0441\u043B\u0430:
SelectYourStation=\u0412\u044B\u0431\u0435\u0440\u0438\u0442\u0435 \u0432\u0430\u0448\u0443 \u043C\u0435\u0441\u0442\u043D\u0443\u044E \u043F\u043E\u0433\u043E\u0434\u043D\u0443\u044E \u0441\u0442\u0430\u043D\u0446\u0438\u044E:
SqlNumericInjectionHint1=\u041F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0431\u0435\u0440\u0451\u0442 \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 \u0438\u0437 \u0432\u044B\u043F\u0430\u0434\u0430\u044E\u0449\u0435\u0433\u043E \u0441\u043F\u0438\u0441\u043A\u0430 \u0438 \u0432\u0441\u0438\u0430\u0432\u043E\u044F\u0435\u0438 \u0435\u0433\u043E \u0432 \u043A\u043E\u043D\u0435\u0446 \u0437\u0430\u0440\u0430\u043D\u0435\u0435 \u0441\u0444\u043E\u0440\u043C\u0438\u0440\u043E\u0432\u0430\u043D\u043D\u043E\u0433\u043E SQL-\u0437\u0430\u043F\u0440\u043E\u0441\u0430.
SqlNumericInjectionHint2=\u0412\u043E\u0442 \u043A\u043E\u0434 \u0437\u0430\u043F\u0440\u043E\u0441\u0430, \u043A\u043E\u0442\u043E\u0440\u044B\u0439 \u0441\u043E\u0441\u0442\u0430\u0432\u043B\u044F\u0435\u0442\u0441\u044F \u0438 \u0432\u044B\u043F\u043E\u043B\u043D\u044F\u0435\u0442\u0441\u044F WebGoat`\u043E\u043C:<br><br>"SELECT * FROM weather_data WHERE station = " + \u0441\u0442\u0430\u043D\u0446\u0438\u044F
SqlNumericInjectionHint3=\u0426\u0435\u043B\u043E\u0441\u0442\u043D\u043E\u0441\u0442\u044C SQL-\u0437\u0430\u043F\u0440\u043E\u0441\u0430 \u043C\u043E\u0436\u043D\u043E \u043E\u0431\u0435\u0441\u043F\u0435\u0447\u0438\u0442\u044C \u043F\u0440\u043E\u0432\u0435\u0434\u044F \u043D\u0435\u0441\u043A\u043E\u043B\u044C\u043A\u043E \u043F\u0440\u043E\u0432\u0435\u0440\u043E\u043A \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C \u0442\u0430\u043A\u0438\u0445 \u043A\u043B\u044E\u0447\u0435\u0432\u044B\u0445 \u0441\u043B\u043E\u0432 \u043A\u0430\u043A AND \u0438 OR. \u041F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0441\u043E\u0441\u0442\u0430\u0432\u0438\u0442\u044C \u0442\u0430\u043A\u043E\u0435 SQL-\u0432\u044B\u0440\u0430\u0436\u0435\u043D\u0438\u0435, \u043A\u043E\u0442\u043E\u0440\u043E\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0431\u0443\u0434\u0435\u0442 \u0432\u043E\u0437\u0432\u0440\u0430\u0449\u0430\u0442\u044C \u0438\u0441\u0442\u0438\u043D\u0443.
SqlNumericInjectionHint4=\u041F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044C POST-\u0437\u0430\u043F\u0440\u043E\u0441 \u0441 \u043F\u043E\u043C\u043E\u0449\u044C\u044E WebScarab \u0438 \u0437\u0430\u043C\u0435\u043D\u0438\u0442\u0435 \u0438\u043C\u044F \u0441\u0442\u0430\u043D\u0446\u0438\u0438 \u0432\u044B\u0440\u0430\u0436\u0435\u043D\u0438\u0435\u043C [ 101 OR 1 = 1 ].
#StringSqlInjection.java
StringSqlInjectionSecondStage=\u0422\u0435\u043F\u0435\u0440\u044C, \u043A\u043E\u0433\u0434\u0430 \u0432\u0430\u043C \u0443\u0434\u0430\u043B\u043E\u0441\u044C \u0443\u0434\u0430\u0447\u043D\u043E \u043F\u0440\u043E\u044D\u043A\u0441\u043F\u043B\u0443\u0430\u0442\u0438\u0440\u043E\u0432\u0430\u0442\u044C SQL-\u0438\u043D\u044A\u0435\u043A\u0446\u0438\u044E, \u043F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u043E\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044C \u044D\u0442\u043E \u0441 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u0438\u0437\u0438\u0440\u043E\u0432\u0430\u043D\u043D\u044B\u043C \u0437\u0430\u043F\u0440\u043E\u0441\u043E\u043C. \u041D\u0430\u0447\u043D\u0438\u0442\u0435 \u0443\u0440\u043E\u043A \u0437\u0430\u043D\u043E\u0432\u043E \u0435\u0441\u043B\u0438 \u0432\u044B \u0445\u043E\u0442\u0438\u0442\u0435 \u0432\u043D\u043E\u0432\u044C \u0443\u0432\u0438\u0434\u0435\u0442\u044C \u0443\u044F\u0437\u0432\u0438\u043C\u043E\u0435 \u043F\u043E\u043B\u0435.
EnterLastName=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0432\u0430\u0448\u0443 \u0444\u0430\u043C\u0438\u043B\u0438\u044E:
NoResultsMatched=\u041D\u0435\u0442 \u0441\u043E\u0432\u043F\u0430\u0434\u0435\u043D\u0438\u0439. \u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0441\u043D\u043E\u0432\u0430.
SqlStringInjectionHint1=\u041F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0431\u0435\u0440\u0451\u0442 \u0442\u043E \u0447\u0442\u043E \u0432\u044B \u0432\u0432\u043E\u0434\u0438\u0442\u0435 \u0438 \u0432\u0441\u0442\u0430\u0432\u043B\u044F\u0435\u0442 \u0432 \u043A\u043E\u043D\u0435\u0446 \u0437\u0430\u0440\u0430\u043D\u0435\u0435 \u0441\u0444\u043E\u0440\u043C\u0438\u0440\u043E\u0432\u0430\u043D\u043D\u043E\u0433\u043E SQL-\u0437\u0430\u043F\u0440\u043E\u0441\u0430.
SqlStringInjectionHint2=\u0412\u043E\u0442 \u043A\u043E\u0434 \u0437\u0430\u043F\u0440\u043E\u0441\u0430, \u043A\u043E\u0442\u043E\u0440\u044B\u0439 \u0441\u043E\u0441\u0442\u0430\u0432\u043B\u044F\u0435\u0442\u0441\u044F \u0438 \u0432\u044B\u043F\u043E\u043B\u043D\u044F\u0435\u0442\u0441\u044F WebGoat`\u043E\u043C:<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=\u0426\u0435\u043B\u043E\u0441\u0442\u043D\u043E\u0441\u0442\u044C SQL-\u0437\u0430\u043F\u0440\u043E\u0441\u0430 \u043C\u043E\u0436\u043D\u043E \u043E\u0431\u0435\u0441\u043F\u0435\u0447\u0438\u0442\u044C \u043F\u0440\u043E\u0432\u0435\u0434\u044F \u043D\u0435\u0441\u043A\u043E\u043B\u044C\u043A\u043E \u043F\u0440\u043E\u0432\u0435\u0440\u043E\u043A \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C \u0442\u0430\u043A\u0438\u0445 \u043A\u043B\u044E\u0447\u0435\u0432\u044B\u0445 \u0441\u043B\u043E\u0432 \u043A\u0430\u043A AND \u0438 OR. \u041F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0441\u043E\u0441\u0442\u0430\u0432\u0438\u0442\u044C \u0442\u0430\u043A\u043E\u0435 SQL-\u0432\u044B\u0440\u0430\u0436\u0435\u043D\u0438\u0435, \u043A\u043E\u0442\u043E\u0440\u043E\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0431\u0443\u0434\u0435\u0442 \u0432\u043E\u0437\u0432\u0440\u0430\u0449\u0430\u0442\u044C \u0438\u0441\u0442\u0438\u043D\u0443.
SqlStringInjectionHint4=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0432\u0432\u0435\u0441\u0442\u0438 [ smith' OR '1' = '1 ].
#LogSpoofing.java
LoginFailedForUserName=\u0412\u0445\u043E\u0434 \u0437\u0430\u0432\u0435\u0440\u0448\u0438\u043B\u0441\u044F \u043D\u0435\u0443\u0434\u0430\u0447\u043D\u043E \u0434\u043B\u044F \u0438\u043C\u0435\u043D\u0438 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F
LoginSucceededForUserName=\u0412\u0425\u041E\u0414 \u0423\u0421\u041F\u0415\u0428\u041D\u041E \u041E\u0421\u0423\u0429\u0415\u0421\u0422\u0412\u041B\u0401\u041D \u041F\u041E\u041B\u042C\u0417\u041E\u0412\u0410\u0422\u0415\u041B\u0415\u041C
LogSpoofingHint1=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u043E\u0431\u043C\u0430\u043D\u0443\u0442\u044C \u0447\u0435\u043B\u043E\u0432\u0435\u0447\u0435\u0441\u043A\u0438\u0439 \u0433\u043B\u0430\u0437 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F \u043D\u043E\u0432\u044B\u0435 \u0441\u0442\u0440\u043E\u043A\u0438.
LogSpoofingHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u0441\u0438\u043C\u0432\u043E\u043B\u044B CR (%0d) \u0438 LF (%0a) \u0434\u043B\u044F \u0441\u043E\u0437\u0434\u0430\u043D\u0438\u044F \u043D\u043E\u0432\u044B\u0445 \u0441\u0442\u0440\u043E\u043A.
LogSpoofingHint3=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435: Smith%0d%0a\u0412\u0445\u043E\u0434 \u0443\u0441\u043F\u0435\u0448\u043D\u043E \u043E\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043B\u0451\u043D \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u0435\u043C: admin
LogSpoofingHint4=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435: Smith%0d%0a\u0412\u0445\u043E\u0434 \u0443\u0441\u043F\u0435\u0448\u043D\u043E \u043E\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043B\u0451\u043D \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u0435\u043C: admin&lt;script&gt;alert(document.cookie)&lt;/script&gt;
#StoredXss.java
StoredXssHint1=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u043F\u043E\u043F\u044B\u0442\u0430\u0442\u044C\u0441\u044F \u043F\u043E\u043C\u0435\u0441\u0442\u0438\u0442\u044C HTML-\u0442\u0435\u0433\u0438 \u0432 \u0432\u0430\u0448\u0435 \u0441\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u0435.
StoredXssHint1=\u0412\u043F\u0438\u0448\u0438\u0442\u0435 \u0442\u0435\u0433 SCRIPT \u0432 \u0441\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u0435 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0430\u0442\u0430\u043A\u043E\u0432\u0430\u0442\u044C \u043A\u0430\u0436\u0434\u043E\u0433\u043E, \u043A\u0442\u043E \u0435\u0433\u043E \u043F\u0440\u043E\u0447\u0442\u0451\u0442.
StoredXssHint1=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0432\u0432\u0435\u0441\u0442\u0438: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; \u0432 \u043F\u043E\u043B\u0435 \u0441\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u044F.
StoredXssHint1=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0432\u0432\u0435\u0441\u0442\u0438: &lt;script&gt;alert(document.cookie);&lt;/script&gt; \u0432 \u043F\u043E\u043B\u0435 \u0441\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u044F.
MessageContentsFor=\u0421\u043E\u0434\u0435\u0440\u0436\u0438\u043C\u043E\u0435 \u0441\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u044F \u0434\u043B\u044F
Title=\u041D\u0430\u0437\u0432\u0430\u043D\u0438\u0435
PostedBy=\u041E\u0442\u043F\u0440\u0430\u0432\u043B\u0435\u043D\u043E
CouldNotFindMessage=\u041D\u0435 \u043C\u043E\u0433\u0443 \u043D\u0430\u0439\u0442\u0438 \u044D\u0442\u043E \u0441\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u0435
Message=\u0421\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u0435
MessageList=\u0421\u043F\u0438\u0441\u043E\u043A \u0441\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u0439
CouldNotAddMessage=\u041D\u0435 \u043C\u043E\u0433\u0443 \u0434\u043E\u0431\u0430\u0432\u0438\u0442\u044C \u0441\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u0435 \u0432 \u0431\u0430\u0437\u0443
ErroGeneratingMessageList=\u041E\u0448\u0438\u0431\u043A\u0430 \u043F\u0440\u0438 \u043F\u043E\u043B\u0443\u0447\u0435\u043D\u0438\u0438 \u0441\u043F\u0438\u0441\u043A\u0430 \u0441\u043E\u043E\u0431\u0449\u0435\u043D\u0438\u0439
#ReflectedXSS.java
ReflectedXSSWhoops1=\u0423\u043F\u0441! \u0412\u044B \u0432\u043E\u0448\u043B\u0438
ReflectedXSSWhoops2= \u0432\u043C\u0435\u0441\u0442\u043E \u043A\u043E\u0434\u0430 \u0438\u0437 \u0442\u0440\u0451\u0445 \u0446\u0438\u0444\u0440. \u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0435\u0449\u0451 \u0440\u0430\u0437.
ShoppingCart=\u041A\u043E\u0440\u0437\u0438\u043D\u0430
ShoppingCartItems=\u041F\u0440\u0435\u0434\u043C\u0435\u0442\u044B \u0432 \u043A\u043E\u0440\u0437\u0438\u043D\u0435 -- \u041A\u0443\u043F\u0438\u0442\u044C \u0441\u0435\u0439\u0447\u0430\u0441
Price=\u0426\u0435\u043D\u0430
Quantity=\u041A\u043E\u043B\u0438\u0447\u0435\u0441\u0442\u0432\u043E
Total=\u0412\u0441\u0435\u0433\u043E
TotalChargedCreditCard=\u041E\u0431\u0449\u0430\u044F \u0441\u0443\u043C\u043C\u0430 \u0441\u043F\u0438\u0441\u044B\u0432\u0430\u0435\u043C\u0430\u044F \u0441 \u0432\u0430\u0448\u0435\u0439 \u043A\u0440\u0435\u0434\u0438\u0442\u043D\u043E\u0439 \u043A\u0430\u0440\u0442\u044B
UpdateCart=\u041E\u0431\u043D\u043E\u0432\u0438\u0442\u044C \u043A\u043E\u0440\u0437\u0438\u043D\u0443
EnterCreditCard=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u043D\u043E\u043C\u0435\u0440 \u0432\u0430\u0448\u0435\u0439 \u043A\u0440\u0435\u0434\u0438\u0442\u043D\u043E\u0439 \u043A\u0430\u0440\u0442\u044B
Enter3DigitCode=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0432\u0430\u0448 \u0442\u0440\u0451\u0445\u0437\u043D\u0430\u0447\u043D\u044B\u0439 \u0446\u0438\u0444\u0440\u043E\u0432\u043E\u0439 \u043A\u043E\u0434
Purchase=\u041F\u0440\u0438\u043E\u0431\u0440\u0435\u0441\u0442\u0438
ReflectedXSSHint1=\u041F\u0440\u043E\u0441\u0442\u0435\u0439\u0448\u0438\u0439 \u0441\u043A\u0440\u0438\u043F\u0442 - &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.
ReflectedXSSHint2=\u041C\u043E\u0436\u0435\u0442\u0435 \u043B\u0438 \u0432\u044B \u0441\u043E\u0437\u0434\u0430\u0442\u044C \u0441\u043A\u0440\u0438\u043F\u0442 \u043E\u0442\u043E\u0431\u0440\u0430\u0436\u0430\u044E\u0449\u0438\u0439 \u0434\u0430\u043D\u043D\u044B\u0435 \u0438\u0437 cookie JSESSIONID?
ReflectedXSSHint3=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0443\u0432\u0438\u0434\u0435\u0442\u044C \u0438\u0434\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0442\u043E\u0440 \u0441\u0435\u0441\u0441\u0438\u0438
ReflectedXSSHint4=\u041C\u043E\u0436\u0435\u0442\u0435 \u043B\u0438 \u0432\u044B \u0441\u043E\u0437\u0434\u0430\u0442\u044C \u0441\u043A\u0440\u0438\u043F\u0442 \u043A\u043E\u0442\u043E\u0440\u044B\u0439 \u043F\u043E\u043B\u0443\u0447\u0438\u043B \u0431\u044B \u0434\u043E\u0441\u0442\u0443\u043F \u043A \u043F\u043E\u043B\u044E \u0441 \u043D\u043E\u043C\u0435\u0440\u043E\u043C \u043A\u0440\u0435\u0434\u0438\u0442\u043D\u043E\u0439 \u043A\u0430\u0440\u0442\u044B?
ReflectedXSSHint5=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u043C\u0435\u0442\u043E\u0434\u043E\u043C TRACE (cross site trace, XST) :<br>&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1){var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); document.write(str1);}&lt;/script&gt;");
#HtmlClues.java
HtmlCluesBINGO=\u0411\u0418\u041D\u0413\u041E -- \u0430\u0434\u043C\u0438\u043D\u0438\u0441\u0442\u0440\u0430\u0442\u043E\u0440 \u0432\u043E\u0448\u0451\u043B
HtmlCluesHint1=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u043F\u043E\u0441\u043C\u043E\u0442\u0440\u0435\u0442\u044C \u0438\u0441\u0445\u043E\u0434\u043D\u044B\u0439 HTML-\u043A\u043E\u0434 \u0441\u0442\u0440\u0430\u043D\u0438\u0446\u044B \u0432\u044B\u0431\u0440\u0430\u0432 \u043F\u0443\u043D\u043A\u0442 '\u0418\u0441\u0445\u043E\u0434\u043D\u044B\u0439 \u043A\u043E\u0434' \u0432 \u043C\u0435\u043D\u044E \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430.
HtmlCluesHint2=\u041E\u0447\u0435\u043D\u044C \u043C\u043D\u043E\u0433\u043E \u0437\u0430\u0446\u0435\u043F\u043E\u043A \u043D\u0430\u0445\u043E\u0434\u0438\u0442\u0441\u044F \u0432\u043D\u0443\u0442\u0440\u0438 HTML-\u043A\u043E\u0434\u0430
HtmlCluesHint3=\u0418\u0449\u0438\u0442\u0435 \u0441\u043B\u043E\u0432\u043E HIDDEN, \u043F\u043E\u0441\u043C\u043E\u0442\u0440\u0438\u0442\u0435 \u043D\u0430 \u0441\u0441\u044B\u043B\u043A\u0438, \u043F\u043E\u0441\u043C\u043E\u0442\u0440\u0438\u0442\u0435 \u043D\u0430 \u043A\u043E\u043C\u043C\u0435\u043D\u0442\u0430\u0440\u0438\u0438.
#JavaScriptValidation.java
3LowerCase=\u041F\u043E\u043B\u0435 1: \u0442\u043E\u043B\u044C\u043A\u043E \u0442\u0440\u0438 \u0441\u0438\u043C\u0432\u043E\u043B\u0430 \u043D\u0438\u0436\u043D\u0435\u0433\u043E \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430
Exactly3Digits=\u041F\u043E\u043B\u0435 2: \u0442\u043E\u043B\u044C\u043A\u043E \u0442\u0440\u0438 \u0446\u0438\u0444\u0440\u044B
LettersNumbersSpaceOnly=\u041F\u043E\u043B\u0435 3: \u0442\u043E\u043B\u044C\u043A\u043E \u0431\u0443\u043A\u0432\u044B, \u0446\u0438\u0444\u0440\u044B \u0438 \u043F\u0440\u043E\u0431\u0435\u043B\u044B
EnumerationOfNumbers=\u041F\u043E\u043B\u0435 4: \u043F\u0435\u0440\u0435\u0447\u0438\u0441\u043B\u0435\u043D\u0438\u0435 \u043D\u043E\u043C\u0435\u0440\u043E\u0432
SimpleZipCode=\u041F\u043E\u043B\u0435 5: \u043F\u0440\u043E\u0441\u0442\u043E\u0439 \u043F\u043E\u0447\u0442\u043E\u0432\u044B\u0439 \u043A\u043E\u0434
ZIPDashFour=\u041F\u043E\u043B\u0435 6: \u043F\u043E\u0447\u0442\u043E\u0432\u044B\u0439 \u043A\u043E\u0434 \u0441 \u043D\u0435\u043E\u0431\u044F\u0437\u0430\u0442\u0435\u043B\u044C\u043D\u044B\u043C \u0447\u0435\u0442\u044B\u0440\u044C\u043C\u044F \u0442\u0438\u0440\u0435
USPhoneNumber=\u041F\u043E\u043B\u0435 7: \u041D\u043E\u043C\u0435\u0440 \u0442\u0435\u043B\u0435\u0444\u043E\u043D\u0430 \u0432 US \u0441 \u0438\u043B\u0438 \u0431\u0435\u0437 \u0442\u0438\u0440\u0435
ServerSideValidationViolation=\u041D\u0430\u0440\u0443\u0448\u0435\u043D\u0438\u0435 \u043F\u0440\u043E\u0432\u0435\u0440\u043A\u0438 \u043D\u0430 \u0441\u0442\u043E\u0440\u043E\u043D\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430: \u0412\u044B \u0443\u0441\u043F\u0435\u0448\u043D\u043E
JavaScriptValidationHint1=\u0412\u0430\u043B\u0438\u0434\u0430\u0446\u0438\u044F \u0443\u0441\u043F\u0435\u0448\u043D\u043E \u043F\u0440\u043E\u0448\u043B\u0430 \u0432 \u0432\u0430\u0448\u0435\u043C \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435.
JavaScriptValidationHint2=\u041F\u043E\u043F\u0440\u043E\u0431\u0443\u0439\u0442\u0435 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u044F \u0441 \u043F\u043E\u043C\u043E\u0449\u044C\u044E \u043F\u0440\u043E\u043A\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u043E\u043D\u0438 \u0443\u0439\u0434\u0443\u0442 \u043A \u0441\u0435\u0440\u0432\u0435\u0440\u0443.
JavaScriptValidationHint3=\u0415\u0449\u0451 \u043E\u0434\u0438\u043D \u0432\u0430\u0440\u0438\u0430\u043D\u0442 - \u0443\u0434\u0430\u043B\u0435\u043D\u0438\u0435 \u043C\u0435\u0448\u0430\u044E\u0449\u0435\u0433\u043E\u0441\u044F JavaScript-\u043A\u043E\u0434\u0430 \u0438\u0437 \u0442\u0435\u043B\u0430 \u0441\u0442\u0440\u0430\u043D\u0438\u0446\u044B \u043F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u043E\u043D\u0430 \u043E\u0442\u043E\u0431\u0440\u0430\u0437\u0438\u0442\u0441\u044F \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435.
#HiddenFieldTampering.java
TotalPriceIs=\u041E\u0431\u0449\u0430\u044F \u0441\u0443\u043C\u043C\u0430
ThisAmountCharged=\u0414\u0430\u043D\u043D\u0430\u044F \u0441\u0443\u043C\u043C\u0430 \u0431\u0443\u0434\u0435\u0442 \u0441\u043F\u0438\u0441\u0430\u043D\u0430 \u0441 \u0432\u0430\u0448\u0435\u0439 \u043A\u0440\u0435\u0434\u0438\u0442\u043D\u043E\u0439 \u043A\u0430\u0440\u0442\u044B \u043D\u0435\u043C\u0435\u0434\u043B\u0435\u043D\u043D\u043E.
HiddenFieldTamperingHint1=\u0414\u0430\u043D\u043D\u043E\u0435 \u043F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 \u0441\u043A\u0440\u044B\u0442\u044B\u0435 \u043F\u043E\u043B\u044F \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0438\u043D\u0444\u043E\u0440\u043C\u0430\u0446\u0438\u0438 \u043E \u0446\u0435\u043D\u0435 \u043D\u0430 \u0441\u0442\u043E\u0440\u043E\u043D\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.
HiddenFieldTamperingHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u0433\u0440\u0430\u043C\u043C\u044B \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043F\u0440\u043E\u0441\u043E\u0432 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 \u0441\u043A\u0440\u044B\u0442\u044B\u0445 \u043F\u043E\u043B\u0435\u0439.
HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 "
HiddenFieldTamperingHint32= \u043D\u0430
# Modify data with SQL Injection
EnterUserid=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0432\u0430\u0448 \u0438\u0434\u0435\u043D\u0442\u0438\u0444\u0438\u043A\u0430\u0446\u0438\u043E\u043D\u043D\u044B\u0439 \u043D\u043E\u043C\u0435\u0440:
SqlModifyDataHint1=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C SQL-\u0438\u043D\u044A\u0435\u043A\u0446\u0438\u044E \u0434\u043B\u044F \u0432\u044B\u043F\u043E\u043B\u043D\u0435\u043D\u0438\u044F \u043D\u0435\u0441\u043A\u043E\u043B\u044C\u043A\u0438\u0445 SQL-\u0437\u0430\u043F\u0440\u043E\u0441\u043E\u0432 \u0441\u0440\u0430\u0437\u0443.
SqlModifyDataHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u0442\u043E\u0447\u043A\u0443 \u0441 \u0437\u0430\u043F\u044F\u0442\u043E\u0439(;) \u0434\u043B\u044F \u0440\u0430\u0437\u0434\u0435\u043B\u0435\u043D\u0438\u044F SQL-\u0432\u044B\u0440\u0430\u0436\u0435\u043D\u0438\u0439.
SqlModifyDataHint3=\u0418\u0437\u043C\u0435\u043D\u044F\u0439\u0442\u0435 \u0434\u0430\u043D\u043D\u044B\u0435 \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C SQL-\u0432\u044B\u0440\u0430\u0436\u0435\u043D\u0438\u044F UPDATE.
SqlModifyDataHint4=\u0414\u043B\u044F \u0431\u043E\u043B\u0435\u0435 \u0434\u0435\u0442\u0430\u043B\u044C\u043D\u043E\u0433\u043E \u043E\u0437\u043D\u0430\u043A\u043E\u043C\u043B\u0435\u043D\u0438\u044F \u0441 \u0432\u044B\u0440\u0430\u0436\u0435\u043D\u0438\u0435\u043C UPDATE \u0441\u043C\u043E\u0442\u0440\u0438\u0442\u0435 <A href=\"http://www.w3schools.com/SQl/sql_update.asp\">http://www.w3schools.com/SQl/sql_update.asp</A>
SqlModifyDataHint5=\u0420\u0415\u0428\u0415\u041D\u0418\u0415:<br/>foo'; UPDATE salaries SET salary=9999999 WHERE userid='jsmith
# Modify data with SQL Injection
SqlAddDataHint1=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C SQL-\u0438\u043D\u044A\u0435\u043A\u0446\u0438\u044E \u0434\u043B\u044F \u0432\u044B\u043F\u043E\u043B\u043D\u0435\u043D\u0438\u044F \u043D\u0435\u0441\u043A\u043E\u043B\u044C\u043A\u0438\u0445 SQL-\u0437\u0430\u043F\u0440\u043E\u0441\u043E\u0432 \u0441\u0440\u0430\u0437\u0443.
SqlAddDataHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u0442\u043E\u0447\u043A\u0443 \u0441 \u0437\u0430\u043F\u044F\u0442\u043E\u0439(;) \u0434\u043B\u044F \u0440\u0430\u0437\u0434\u0435\u043B\u0435\u043D\u0438\u044F SQL-\u0432\u044B\u0440\u0430\u0436\u0435\u043D\u0438\u0439. \u0412\u0430\u043C \u0442\u0430\u043A\u0436\u0435 \u043D\u0435\u043E\u0431\u0445\u043E\u0434\u0438\u043C\u043E \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u043A\u043E\u043C\u043C\u0435\u043D\u0442\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u043E\u0441\u0442\u0430\u0432\u0448\u0438\u0435\u0441\u044F \u043E\u0442 \u0438\u043D\u044A\u0435\u043A\u0446\u0438\u0438 \u0441\u0438\u043C\u0432\u043E\u043B\u044B \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C \u0434\u0432\u043E\u0439\u043D\u043E\u0433\u043E \u0442\u0438\u0440\u0435 (--).
SqlAddDataHint3=\u0418\u0437\u043C\u0435\u043D\u044F\u0439\u0442\u0435 \u0434\u0430\u043D\u043D\u044B\u0435 \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C SQL-\u0432\u044B\u0440\u0430\u0436\u0435\u043D\u0438\u044F INSERT.
SqlAddDataHint4=\u0414\u043B\u044F \u0431\u043E\u043B\u0435\u0435 \u0434\u0435\u0442\u0430\u043B\u044C\u043D\u043E\u0433\u043E \u043E\u0437\u043D\u0430\u043A\u043E\u043C\u043B\u0435\u043D\u0438\u044F \u0441 \u0432\u044B\u0440\u0430\u0436\u0435\u043D\u0438\u0435\u043C INSERT \u0441\u043C\u043E\u0442\u0440\u0438\u0442\u0435 <A href=\"http://www.w3schools.com/SQl/sql_insert.asp\">http://www.w3schools.com/SQl/sql_insert.asp</A>
SqlAddDataHint5=\u0420\u0415\u0428\u0415\u041D\u0418\u0415:<br/>bar'; INSERT INTO salaries VALUES ('cwillis', 999999); --
# Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=\u0412\u044B \u0434\u043E\u043B\u0436\u043D\u044B \u0440\u0430\u0437\u0431\u043B\u043E\u043A\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u043D\u044B\u0435 \u043F\u043E\u043B\u044F \u0444\u043E\u0440\u043C\u044B \u0438\u043B\u0438 \u0432\u0440\u0443\u0447\u043D\u0443\u044E \u0434\u043E\u0431\u0430\u0432\u0438\u0442\u044C \u0441\u043E\u043E\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044E\u0449\u0438\u0435 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u044B \u0432 \u0437\u0430\u043F\u0440\u043E\u0441.
BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445.
BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> \u0438/\u0438\u043B\u0438 <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a>.