" + MessageUtils.getMsg((String) req.getAttribute("login.page.note"), locale) + "
"); - } String queryString = req.getQueryString(); if (queryString != null) { bodyHtml.append("" + MessageUtils.getMsg((String)session.getAttribute("authNMsg"), locale) + "
"); + bodyHtml.append(MessageUtils.getErrMsg((String)session.getAttribute("authNMsg"), locale)); session.setAttribute("authNMsg", null); } + if (req.getAttribute("login.page.note") != null) { + bodyHtml.append(MessageUtils.getInfoMsg((String) req.getAttribute("login.page.note"), locale)); + } bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.login.page", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java b/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java index 5f7004b1..483448c2 100644 --- a/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java +++ b/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java @@ -18,7 +18,7 @@ public final class MessageUtils { private MessageUtils() { throw new IllegalAccessError("Utility class"); } - + /** * Return a message for a given property key. * @@ -28,6 +28,15 @@ public static String getMsg(String propertyKey, Locale locale) { return getMsg(propertyKey, (Object[]) null, locale); } + /** + * Return an information message for a given property key. + * + * @return An information message for a given property key + */ + public static String getInfoMsg(String propertyKey, Locale locale) { + return getInfoMsg(propertyKey, (Object[]) null, locale); + } + /** * Return an error message for a given property key. * @@ -49,23 +58,29 @@ public static String getMsg(String propertyKey, Object[] placeholders, Locale lo if (placeholders != null) { propertyValue = MessageFormat.format(propertyValue, placeholders); } - if (propertyValue.indexOf("(i) ") >= 0) { - propertyValue = propertyValue.replace("(i) ", - " "); - } - } catch (Exception e) { + } catch (Exception e) { log.error("Exception occurs: ", e); } return propertyValue; } + /** + * Return an information message for a given property key, replaced with placeholders. + * + * @return An information message for a given property key, replaced with placeholders + */ + public static String getInfoMsg(String propertyKey, Object[] placeholders, Locale locale) { + return "" + MessageUtils.getMsg("msg.download.file", locale) + "
"); bodyHtml.append("" + MessageUtils.getMsg("msg.note.null.byte.injection", locale) + "
"); + bodyHtml.append("" + MessageUtils.getInfoMsg("msg.note.null.byte.injection", locale) + "
"); try { String fileName = req.getParameter("fileName"); if (fileName == null || "".equals(fileName)) { diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java index 9bc2d852..2a97f706 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java @@ -63,7 +63,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append("");
bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
bodyHtml.append(ESAPI.encoder().encodeForHTML("");
@@ -99,8 +98,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
bodyHtml.append("");
} else {
- bodyHtml.append(MessageUtils.getMsg("msg.note.xxe.step1", locale));
- bodyHtml.append("");
bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
bodyHtml.append(
@@ -108,8 +106,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
bodyHtml.append(ESAPI.encoder().encodeForHTML("%p2;"));
bodyHtml.append("");
bodyHtml.append("");
bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
bodyHtml.append(
@@ -200,10 +197,10 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res) throws Se
StringBuilder bodyHtml = new StringBuilder();
if (isRegistered && customHandler.isRegistered()) {
bodyHtml.append(MessageUtils.getMsg("msg.batch.registration.complete", locale));
+ bodyHtml.append("
");
} else {
- bodyHtml.append(MessageUtils.getMsg("msg.batch.registration.fail", locale));
+ bodyHtml.append(MessageUtils.getErrMsg("msg.batch.registration.fail", locale));
}
- bodyHtml.append("
");
bodyHtml.append(customHandler.getResult());
bodyHtml.append("
");
bodyHtml.append("
");
- bodyHtml.append(MessageUtils.getMsg("msg.note.xss", locale));
+ bodyHtml.append(MessageUtils.getInfoMsg("msg.note.xss", locale));
bodyHtml.append("");
HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.xss.page", locale),
diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties
index f306e6cc..9cb84b71 100644
--- a/src/main/resources/messages_en.properties
+++ b/src/main/resources/messages_en.properties
@@ -45,8 +45,7 @@ msg.answer.is.correct=Your answer is correct!
msg.authentication.fail=Authentication failed. Please login again.
msg.batch.registration.complete=Batch registration of users has completed.
msg.batch.registration.fail=Batch registration of users fails.
-msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page.
\
-(i) If keeping on loading this page, OutOfMemoryError is finally thrown.
+msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page.
msg.cant.create.batch=Can't create a batch file.
msg.db.connection.leak.occur=DB connection leak occurs every time you load this page.
msg.dead.lock.not.occur=Dead Lock does not occur.
@@ -64,48 +63,48 @@ msg.enter.decimal.value=Please enter a decimal number less than 1.
msg.enter.id.and.password=Please enter your user ID and password.
msg.enter.word=Please enter a string.
msg.error.user.not.exist=User does not exist or password does not match.
-msg.example.name.and.passwd=For example, Mark and password
+msg.example.name.and.passwd=For example, Mark and password
msg.executed.batch=Created and executed the batch:
msg.file.descriptor.leak.occur=File descriptor leak occurs every time you load this page.
msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7.
msg.invalid.json=Invalid JSON : {0}
-msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page.
\
-(i) If keeping on loading this page, OutOfMemoryError is finally thrown.
+msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page.
msg.low.alphnum8=Password is 8 lowercase alphanumeric characters.
msg.need.admin.privilege=You need admin privileges to go ahead from here.
-msg.note.brute.force=(i) The number of login attempts is not limited on this page, so the brute force attack is possible.
-msg.note.clickjacking=(i) This page receives a request that a user does not intend and changes the user's mail address.
-msg.note.code.injection=(i) If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection.
-msg.note.csrf=(i) This page receives a request that a user does not intend and changes the user's password.
-msg.note.dangerous.file.inclusion=(i) Change the query string to template=[URL where malicious JSP file is deployed], then a malicious code is executed.
-msg.note.directory.traversal=(i) Change the query string to template=../WEB-INF/web.xml?, then you can see the content of web.xml in the source code of this page.
-msg.note.enter.count=(i) If you enter a large character count, then an endless waiting process occurs.
-msg.note.enter.one=(i) Round off error occurs if you enter 1.
-msg.note.enter.specific.nembers=(i) Truncation error occurs if you enter 3 or 7 or 9.
-msg.note.enter.decimal.value=(i) Loss of trailing digits occurs if you enter 0.0000000000000001.
-msg.note.enter.runtime.exec=(i) If you enter @java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server.
-msg.note.not.use.ext.db=(i) Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS.
-msg.note.positive.number=(i) Integer overflow occurs if you enter a number greater than or equal to 63.
-msg.note.slow.regular.expression=(i) If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\
+msg.note.brute.force=The number of login attempts is not limited on this page, so the brute force attack is possible.
+msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address.
+msg.note.code.injection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection.
+msg.note.csrf=This page receives a request that a user does not intend and changes the user's password.
+msg.note.dangerous.file.inclusion=Change the query string to template=[URL where malicious JSP file is deployed], then a malicious code is executed.
+msg.note.directory.traversal=Change the query string to template=../WEB-INF/web.xml?, then you can see the content of web.xml in the source code of this page.
+msg.note.enter.count=If you enter a large character count, then an endless waiting process occurs.
+msg.note.enter.one=Round off error occurs if you enter 1.
+msg.note.enter.specific.nembers=Truncation error occurs if you enter 3 or 7 or 9.
+msg.note.enter.decimal.value=Loss of trailing digits occurs if you enter 0.0000000000000001.
+msg.note.enter.runtime.exec=If you enter @java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server.
+msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS.
+msg.note.positive.number=Integer overflow occurs if you enter a number greater than or equal to 63.
+msg.note.slow.regular.expression=If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
\
If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then ...
-msg.note.slow.string.plus.operation=(i) If you set a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator.
-msg.note.sql.deadlock=(i) If you open two windows (or tabs) and select "asc" and click the "update" button on one windows immediately after you select "desc" \
+msg.note.slow.string.plus.operation=If you set a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator.
+msg.note.sql.deadlock=If you open two windows (or tabs) and select "asc" and click the "update" button on one windows immediately after you select "desc" \
and click the "update" button on the other, then dead lock occurs in database.
-msg.note.sql.injection=(i) You can see other users information if you set password to ' OR '1'='1
-msg.note.ldap.injection=(i) You can see other users information if you set name to *)(|(objectClass=*" and password to "aaaaaaa)
-msg.note.mail.header.injection=(i) If you change the subject field to textarea tag by browser's developer mode and set it to [subject][line break]Bcc: [a mail address], then you can send a mail to the address.
-msg.note.mojibake=(i) Mojibake occurs if you set name in a multibyte language
-msg.note.null.byte.injection=(i) If using Java earlier than version 1.7.0_40 and you add fileName=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml.
-msg.note.open.redirect=(i) If you add goto=[an URL of a malicious site] to the query string, you can redirect to the malicious site.
-msg.note.unrestricted.ext.upload=(i) If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http://localhost:8080/uploadFiles/exit.jsp, \
+msg.note.sql.injection=You can see other users information if you set password to ' OR '1'='1
+msg.note.ldap.injection=You can see other users information if you set name to *)(|(objectClass=*" and password to "aaaaaaa)
+msg.note.mail.header.injection=If you change the subject field to textarea tag by browser's developer mode and set it to [subject][line break]Bcc: [a mail address], then you can send a mail to the address.
+msg.note.mojibake=Mojibake occurs if you set name in a multibyte language
+msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add fileName=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml.
+msg.note.open.redirect=If you add goto=[an URL of a malicious site] to the query string, you can redirect to the malicious site.
+msg.note.oome.finally.thrown=If keeping on loading this page, OutOfMemoryError is finally thrown.
+msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http://localhost:8080/uploadFiles/exit.jsp, \
then JavaVM is forcibly finished.
-msg.note.unintended.file.disclosure=(i) If the directory listing feature works and you access to http://localhost:8080/uid/, then you can see the file list in the uid directory. \
+msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http://localhost:8080/uid/, then you can see the file list in the uid directory. \
If you login as an acount written in http://localhost:8080/uid/adminpassword.txtm you can access to /uid/serverinfo.jsp.
-msg.note.unrestricted.size.upload=(i) This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size.
-msg.note.verbose.errror.message=(i) It is easy to guess an account who can logs in since authentication error messages on this page is too detailed.
-msg.note.xee=(i) If you upload the following file, it will waste server resource.
-msg.note.xss=(i) Session ID is shown if you set name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs<
-msg.note.xxe.step1=(i) If you create the following DTD file on a web server that can be accessed by this server. For example, http://attacker.site/vulnerable.dtd
+msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size.
+msg.note.verbose.errror.message=It is easy to guess an account who can logs in since authentication error messages on this page is too detailed.
+msg.note.xee=If you upload the following file, it will waste server resource.
+msg.note.xss=Session ID is shown if you set name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs<
+msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed by this server. For example, http://attacker.site/vulnerable.dtd
msg.note.xxe.step2=and upload the following file, you can display password file (/etc/passwd) on the server.
msg.not.exist=The user does not exist.
msg.not.image.file=The chosen file is not an image file.
@@ -121,8 +120,7 @@ msg.passwd.changed=Your password is successfully changed.
msg.passwd.change.failed=Password change failed.
msg.passwd.is.too.short=The password must be at least 8 characters.
msg.password.not.match=The password does not match.
-msg.permgen.space.leak.occur=Memory leak occurs in PermGen space every time you load this page.
\
-(i) If keeping on loading this page, OutOfMemoryError is finally thrown.
+msg.permgen.space.leak.occur=Memory leak occurs in PermGen space every time you load this page.
msg.question.reach.the.moon=How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)?
msg.reverse.color=You can reverse the color of an image file.
msg.reverse.color.complete=The color reversal of the image file has completed.
diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties
index 6bb77502..3d80dc65 100644
--- a/src/main/resources/messages_ja.properties
+++ b/src/main/resources/messages_ja.properties
@@ -45,8 +45,7 @@ msg.answer.is.correct=\u6b63\u89e3\u3067\u3059\u3002
msg.authentication.fail=\u8a8d\u8a3c\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002\u518d\u5ea6\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u4e0b\u3055\u3044\u3002
msg.batch.registration.complete=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002
msg.batch.registration.fail=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332\u304c\u5931\u6557\u3057\u307e\u3057\u305f\u3002
-msg.c.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001C\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
\
-(i) \u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002
+msg.c.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001C\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
msg.cant.create.batch=\u30d0\u30c3\u30c1\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002
msg.db.connection.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
msg.dead.lock.not.occur=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306f\u767a\u751f\u3057\u307e\u305b\u3093\u3067\u3057\u305f\u3002
@@ -64,48 +63,48 @@ msg.enter.decimal.value=1\u672a\u6e80\u306e\u5c0f\u6570\u3092\u5165\u529b\u3057\
msg.enter.id.and.password=\u30e6\u30fc\u30b6\u30fcID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002
msg.enter.word=\u6587\u5b57\u5217\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002
msg.error.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u306a\u3044\u304b\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002
-msg.example.name.and.passwd=\u4f8b\u3048\u3070\u3001Mark \u3068 password
+msg.example.name.and.passwd=\u4f8b\u3048\u3070\u3001Mark \u3068 password
msg.executed.batch=\u30d0\u30c3\u30c1\u3092\u4f5c\u6210\u3001\u5b9f\u884c\u3057\u307e\u3057\u305f:
msg.file.descriptor.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
msg.info.jvm.not.crash=JVM\u30af\u30e9\u30c3\u30b7\u30e5\u306f\u3001Oracle JDK 6\u307e\u305f\u306f7\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002
msg.invalid.json=\u4e0d\u6b63\u306aJSON\u6587\u5b57\u5217\u3067\u3059 : {0}
-msg.java.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
\
-(i) \u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002
+msg.java.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
msg.low.alphnum8=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u306e\u82f1\u6570\u5b57\u3067\u3059\u3002
msg.need.admin.privilege=\u3053\u3053\u304b\u3089\u5148\u306f\u7ba1\u7406\u8005\u6a29\u9650\u304c\u5fc5\u8981\u3067\u3059\u3002
-msg.note.brute.force=(i) \u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30ed\u30b0\u30a4\u30f3\u8a66\u884c\u56de\u6570\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u304c\u53ef\u80fd\u3067\u3059\u3002
-msg.note.clickjacking=(i) \u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002
-msg.note.code.injection=(i) {}');java.lang.System.exit(0);// \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002
-msg.note.csrf=(i) \u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002
-msg.note.dangerous.file.inclusion=(i) \u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL] \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002
-msg.note.directory.traversal=(i) \u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=../WEB-INF/web.xml? \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306bweb.xml\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
-msg.note.enter.count=(i) \u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.enter.one=(i) 1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.enter.specific.nembers=(i) 3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.enter.decimal.value=(i) 0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.enter.runtime.exec=(i) @java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002
-msg.note.not.use.ext.db=(i) \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002
-msg.note.positive.number=(i) 63\u4ee5\u4e0a\u306e\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.sql.deadlock=(i) 2\u3064\u306e\u30a6\u30a4\u30f3\u30c9\u30a6\u307e\u305f\u306f\u30bf\u30d6\u3092\u958b\u304d\u3001\u4e00\u65b9\u3067\u300c\u964d\u9806\u300d\u3092\u9078\u629e\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u3001\u3082\u3046\u4e00\u65b9\u3067\u300c\u6607\u9806\u300d\u3092\u9078\u629e\u3057\u3066\
+msg.note.brute.force=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30ed\u30b0\u30a4\u30f3\u8a66\u884c\u56de\u6570\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u304c\u53ef\u80fd\u3067\u3059\u3002
+msg.note.clickjacking=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002
+msg.note.code.injection={}');java.lang.System.exit(0);// \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002
+msg.note.csrf=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002
+msg.note.dangerous.file.inclusion=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL] \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002
+msg.note.directory.traversal=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=../WEB-INF/web.xml? \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306bweb.xml\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
+msg.note.enter.count=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.enter.one=1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.enter.specific.nembers=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.enter.decimal.value=0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.enter.runtime.exec=@java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002
+msg.note.not.use.ext.db=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002
+msg.note.positive.number=63\u4ee5\u4e0a\u306e\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.sql.deadlock=2\u3064\u306e\u30a6\u30a4\u30f3\u30c9\u30a6\u307e\u305f\u306f\u30bf\u30d6\u3092\u958b\u304d\u3001\u4e00\u65b9\u3067\u300c\u964d\u9806\u300d\u3092\u9078\u629e\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u3001\u3082\u3046\u4e00\u65b9\u3067\u300c\u6607\u9806\u300d\u3092\u9078\u629e\u3057\u3066\
\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3067\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.sql.injection=(i) \u30d1\u30b9\u30ef\u30fc\u30c9\u306b ' OR '1'='1 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
-msg.note.ldap.injection=(i) \u540d\u524d\u306b *)(|(objectClass=*\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306b aaaaaaa) \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
-msg.note.mail.header.injection=(i) \u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u3092textarea\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002
-msg.note.mojibake=(i) \u540d\u524d\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.null.byte.injection=(i) \u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b fileName=../WEB-INF/web.xml%00 \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002
-msg.note.slow.regular.expression=(i) \u6587\u5b57\u5217\u306b aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u69cb\u6587\u89e3\u6790\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
\
+msg.note.sql.injection=\u30d1\u30b9\u30ef\u30fc\u30c9\u306b ' OR '1'='1 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
+msg.note.ldap.injection=\u540d\u524d\u306b *)(|(objectClass=*\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306b aaaaaaa) \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
+msg.note.mail.header.injection=\u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u3092textarea\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002
+msg.note.mojibake=\u540d\u524d\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.null.byte.injection=\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b fileName=../WEB-INF/web.xml%00 \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002
+msg.note.slow.regular.expression=\u6587\u5b57\u5217\u306b aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u69cb\u6587\u89e3\u6790\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
\
\u6587\u5b57\u5217\u306b aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529b\u3059\u308b\u3068...
-msg.note.slow.string.plus.operation=(i) +(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
-msg.note.open.redirect=(i) \u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b goto=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL] \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002
-msg.note.unintended.file.disclosure=(i) \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u304c\u6a5f\u80fd\u3057\u3066\u3044\u308b\u5834\u5408\u3001http://localhost:8080/uid/\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\
+msg.note.slow.string.plus.operation=+(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
+msg.note.open.redirect=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b goto=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL] \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002
+msg.note.oome.finally.thrown=\u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002
+msg.note.unintended.file.disclosure=\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u304c\u6a5f\u80fd\u3057\u3066\u3044\u308b\u5834\u5408\u3001http://localhost:8080/uid/\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\
\u3055\u3089\u306bhttp://localhost:8080/uid/adminpassword.txt\u306b\u8a18\u8f09\u3055\u308c\u305f\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3068\u3001http://localhost:8080/uid/serverinfo.jsp\u3078\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002
-msg.note.unrestricted.ext.upload=(i) <% System.exit(0); %> \u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http://localhost:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\
+msg.note.unrestricted.ext.upload=<% System.exit(0); %> \u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http://localhost:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\
JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002
-msg.note.unrestricted.size.upload=(i) \u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002
-msg.note.verbose.errror.message=(i) \u3053\u306e\u753b\u9762\u3067\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u8a73\u7d30\u904e\u304e\u308b\u305f\u3081\u3001\u30ed\u30b0\u30a4\u30f3\u53ef\u80fd\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u63a8\u6e2c\u3057\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002
-msg.note.xee=(i) \u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002
-msg.note.xss=(i) \u540d\u524d\u306b >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
-msg.note.xxe.step1=(i) \u3053\u306e\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306b\u6b21\u306eDTD\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f8b) http://attacker.site/vulnerable.dtd
+msg.note.unrestricted.size.upload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002
+msg.note.verbose.errror.message=\u3053\u306e\u753b\u9762\u3067\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u8a73\u7d30\u904e\u304e\u308b\u305f\u3081\u3001\u30ed\u30b0\u30a4\u30f3\u53ef\u80fd\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u63a8\u6e2c\u3057\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002
+msg.note.xee=\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002
+msg.note.xss=\u540d\u524d\u306b >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
+msg.note.xxe.step1=\u3053\u306e\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306b\u6b21\u306eDTD\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f8b) http://attacker.site/vulnerable.dtd
msg.note.xxe.step2=\u6b21\u306b\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30d5\u30a1\u30a4\u30eb(/etc/passwd)\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
msg.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u305b\u3093\u3002
msg.not.image.file=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002
@@ -121,8 +120,7 @@ msg.passwd.changed=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u6b63\u5e38\u306b\u5909\
msg.passwd.change.failed=\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u5909\u66f4\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002
msg.passwd.is.too.short=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u4ee5\u4e0a\u306b\u3057\u3066\u4e0b\u3055\u3044\u3002
msg.password.not.match=\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002
-msg.permgen.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Permanent\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
\
-(i) \u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002
+msg.permgen.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Permanent\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
msg.question.reach.the.moon=0.1mm\u306e\u539a\u3055\u306e\u7d19\u3092\u4f55\u56de\u6298\u308a\u305f\u305f\u3080\u3068\u3001\u5730\u7403\u304b\u3089\u6708\u306e\u8ddd\u96e2(384,400 km)\u306b\u5230\u9054\u3059\u308b\u3067\u3057\u3087\u3046\u304b\uff1f
msg.reverse.color=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002
msg.reverse.color.complete=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002
diff --git a/src/main/webapp/dfi/includable.jsp b/src/main/webapp/dfi/includable.jsp
index f21e9334..f9185c6f 100644
--- a/src/main/webapp/dfi/includable.jsp
+++ b/src/main/webapp/dfi/includable.jsp
@@ -55,9 +55,10 @@
+
+