# Copyright (c) 2002 - 2017 Bruce Mayhew #
# This program is free software; you can redistribute it and/or modify it under the terms of the # GNU General Public License as published by the Free Software Foundation; either version 2 of the # License, or (at your option) any later version. #
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. #
# You should have received a copy of the GNU General Public License along with this program; if # not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA. #
# Getting Source ============== #
# Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software # projects. #
# path-traversal-title=Path traversal path-traversal-profile-updated=Profile has been updated, your image is available at: {0}" path-traversal-profile-empty-file=File appears to be empty please upload a non empty file path-traversal-profile-attempt=Nice try, but the directory({0}) is incorrect, please write the file to the correct directory path-traversal-profile-empty-name=Name is empty path-traversal-profile.hint1=Try updating the profile WebGoat will display the location path-traversal-profile.hint2=Look at the displayed location how is the file name on the server constructed? path-traversal-profile.hint3=Does the server validate any input given in the full name field? path-traversal-profile-fix.hint1=Take a look what happens compared to the previous assignment path-traversal-profile-fix.hint2=The new and improved version removes `../` from the input, can you bypass this? path-traversal-profile-fix.hint3=Try to construct a full name which after cleaning still has `../` in the full name path-traversal-profile-remove-user-input.hint1=Take a look what happened to the file name path-traversal-profile-remove-user-input.hint2=Can we still manipulate the request? path-traversal-profile-remove-user-input.hint3=You can try to use a proxy to intercept the POST request path-traversal-profile-retrieve.hint1=Can you specify the image to be fetched? path-traversal-profile-retrieve.hint2=Look at the location header... path-traversal-profile-retrieve.hint3=Use /random?id=1 for example to fetch a specific image path-traversal-profile-retrieve.hint4=Use /random/?id=../../1.jpg to navigate to a different directory path-traversal-profile-retrieve.hint5='..' and '/' are no longer allowed, can you bypass this restriction path-traversal-profile-retrieve.hint6=Use url encoding for ../ to bypass the restriction path-traversal-zip-slip.hint1=Try uploading a picture in a zip file path-traversal-zip-slip.hint2=Upload a zip file which traverses to the right directory path-traversal-zip-slip.hint3=Did you create a zip file with the right image name? path-traversal-zip-slip.hint4=Check the http request to find out which image name should be used path-traversal-zip-slip.no-zip=Please upload a zip file path-traversal-zip-slip.extracted=Zip file extracted successfully failed to copy the image. Please get in touch with our helpdesk.