59 lines
3.3 KiB
Properties
59 lines
3.3 KiB
Properties
#
|
|
# This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
|
# please see http://www.owasp.org/
|
|
# <p>
|
|
# Copyright (c) 2002 - 2017 Bruce Mayhew
|
|
# <p>
|
|
# This program is free software; you can redistribute it and/or modify it under the terms of the
|
|
# GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
|
# License, or (at your option) any later version.
|
|
# <p>
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
|
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
# <p>
|
|
# You should have received a copy of the GNU General Public License along with this program; if
|
|
# not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
# 02111-1307, USA.
|
|
# <p>
|
|
# Getting Source ==============
|
|
# <p>
|
|
# Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
|
|
# projects.
|
|
# <p>
|
|
#
|
|
path-traversal-title=Path traversal
|
|
path-traversal-profile-updated=Profile has been updated, your image is available at: {0}"
|
|
path-traversal-profile-empty-file=File appears to be empty please upload a non empty file
|
|
path-traversal-profile-attempt=Nice try, but the directory({0}) is incorrect, please write the file to the correct directory
|
|
path-traversal-profile-empty-name=Name is empty
|
|
path-traversal-profile.hint1=Try updating the profile WebGoat will display the location
|
|
path-traversal-profile.hint2=Look at the displayed location how is the file name on the server constructed?
|
|
path-traversal-profile.hint3=Does the server validate any input given in the full name field?
|
|
|
|
path-traversal-profile-fix.hint1=Take a look what happens compared to the previous assignment
|
|
path-traversal-profile-fix.hint2=The new and improved version removes `../` from the input, can you bypass this?
|
|
path-traversal-profile-fix.hint3=Try to construct a full name which after cleaning still has `../` in the full name
|
|
|
|
path-traversal-profile-remove-user-input.hint1=Take a look what happened to the file name
|
|
path-traversal-profile-remove-user-input.hint2=Can we still manipulate the request?
|
|
path-traversal-profile-remove-user-input.hint3=You can try to use a proxy to intercept the POST request
|
|
|
|
|
|
path-traversal-profile-retrieve.hint1=Can you specify the image to be fetched?
|
|
path-traversal-profile-retrieve.hint2=Look at the location header...
|
|
path-traversal-profile-retrieve.hint3=Use /random?id=1 for example to fetch a specific image
|
|
path-traversal-profile-retrieve.hint4=Use /random/?id=../../1.jpg to navigate to a different directory
|
|
path-traversal-profile-retrieve.hint5='..' and '/' are no longer allowed, can you bypass this restriction
|
|
path-traversal-profile-retrieve.hint6=Use url encoding for ../ to bypass the restriction
|
|
|
|
path-traversal-zip-slip.hint1=Try uploading a picture in a zip file
|
|
path-traversal-zip-slip.hint2=Upload a zip file which traverses to the right directory
|
|
path-traversal-zip-slip.hint3=Did you create a zip file with the right image name?
|
|
path-traversal-zip-slip.hint4=Check the http request to find out which image name should be used
|
|
|
|
|
|
path-traversal-zip-slip.no-zip=Please upload a zip file
|
|
path-traversal-zip-slip.extracted=Zip file extracted successfully failed to copy the image. Please get in touch with our helpdesk.
|
|
|