From fffbb3c8040b72cb5b000eaf85fed1a85dd87705 Mon Sep 17 00:00:00 2001 From: Benedikt - Desktop Date: Sun, 18 Nov 2018 14:54:58 +0100 Subject: [PATCH] Added missing messages. --- .../src/main/resources/i18n/WebGoatLabels.properties | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties index 3a19a9cbd..f2f9b70dc 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties +++ b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties @@ -47,22 +47,25 @@ SqlStringInjectionHint-advanced-6a-3=Your new SQL Query should start, with a " ; sql-injection.6b.success=You have succeeded: {0} sql-injection.6b.no.results=No results matched. Try Again. -sql-injection.8.success=You have succeeded! You successfully compromised the confidentiality of data by viewing internal information that you should not have access to. Well done! {0} -sql-injection.8.no.results=No employee found with matching lastname. Or maybe your authentication TAN is incorrect? +sql-injection.8.success=You have succeeded! You successfully compromised the confidentiality of data by viewing internal information that you should not have access to. Well done! +sql-injection.8.no.results=No employee found with matching lastname. Or maybe your authentication TAN is incorrect? +sql-injection.8.one=That's only one account. You want them all! Try again. SqlStringInjectionHint.8.1=The application is taking your input and inserting the values into the variables 'name' and 'auth_tan' of the pre-formed SQL command. SqlStringInjectionHint.8.2=Compound SQL statements can be made by expanding the WHERE clause of the statement with keywords like AND and OR. SqlStringInjectionHint.8.3=Try appending a SQL statement that always resolves to true. SqlStringInjectionHint.8.4=Make sure all quotes (" ' ") are opened and closed properly so the resulting SQL query is syntactically correct. SqlStringInjectionHint.8.5=Try extending the WHERE clause of the statement by adding something like: ' OR '1' = '1. -sql-injection.9.success=Well done! Now you're earning the most money. And at the same time you successfully compromised the integrity of data by changing the salary! {0} +sql-injection.9.success=Well done! Now you're earning the most money. And at the same time you successfully compromised the integrity of data by changing the salary! +sql-injection.9.one=Still not earning enough! Better try again and change that. SqlStringInjectionHint.9.1=Try to find a way, to chain another query to the end of the existing one. SqlStringInjectionHint.9.2=Use the ; metacharacter to do so. SqlStringInjectionHint.9.3=Make use of DML to change your salary. SqlStringInjectionHint.9.4=Make sure that the resulting query is syntactically correct. SqlStringInjectionHint.9.5=How about something like '; UPDATE employees.... -sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data. +sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data. +sql-injection.10.entries=There's still evidence of what you did. Better remove the whole table. SqlStringInjectionHint.10.1=Use the techniques that you have learned before. SqlStringInjectionHint.10.2=The application takes your input and filters for entries that are LIKE it. SqlStringInjectionHint.10.3=Try query chaining to reach the goal.