data/static/i18n/da_DK.json
{
"Find the carefully hidden 'Score Board' page.": "Find den omhyggeligt skjulte 'Pointtavle'-side.",
"Try to find a reference or clue behind the scenes. Or simply guess what URL the Score Board might have.": "Prøv at finde en reference eller ledetråd bag kulisserne, eller prøv blot at gætte pointtavlens URL.",
"Perform a <i>persisted</i> XSS attack with <code><iframe src=\"javascript:alert(`xss`)\"></code> without using the frontend application at all.": "Udfør et <i>vedvarende</i> XSS-angreb med <code><iframe src=\"javascript:alert(`xss`)\"></code> uden brug af frontend-applikationen overhovedet.",
"You need to work with the server-side API directly. Try different HTTP verbs on different entities exposed through the API.": "Det er nødvendigt at anvende server-API'en direkte. Prøv forskellige HTTP-verber på forskellige entiteter, som API'en udstiller.",
"Gain access to any access log file of the server.": "Opnå adgang til en hvilken som helst adgangslogfil på serveren.",
"Who would want a server access log to be accessible through a web application?": "Hvem kunne ønske en serveradgangslog tilgængeliggjort via en web-applikation?",
"Register as a user with administrator privileges.": "Registrér dig som bruger med administratorrettigheder.",
"You have to assign the unassignable.": "Du skal tildele det utildelelige.",
"Access the administration section of the store.": "Tilgå butikkens administrationsafsnit.",
"It is just slightly harder to find than the score board link.": "Den er kun lidt sværere at finde end linket til pointtavlen.",
"Overwrite the <a href=\"/ftp/legal.md\">Legal Information</a> file.": "Overskriv filen <a href=\"/ftp/legal.md\">Juridiske oplysninger</a>.",
"Look out for a tweet praising new functionality of the web shop. Then find a third party vulnerability associated with it.": "Kig efter et tweet som roser en ny funktionalitet i webshoppen. Find derefter en tredjepartssårbarhed relateret til den.",
"Reset the password of Bjoern's OWASP account via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.": "Nulstil adgangskoden til Björns OWASP konto via <a href=\"/#/forgot-password\">Glemt Adgangskode</a>-funktionen ved brug af det <i>originale svar</i> på hans sikkerhedsspørgsmål.",
"Learn about the Token Sale before its official announcement.": "Find ud af mere om Token-udsalget før dets officielle annoncering.",
"The developers truly believe in \"Security through Obscurity\" over actual access restrictions.": "Udviklerne tror virkelig på \"Security through Obscurity\" fremfor faktiske adgangsrestriktioner.",
"Perform a Remote Code Execution that would keep a less hardened application busy <em>forever</em>.": "Udfør en Remote Code Execution, der ville holde en mindre hærdet applikation beskæftiget <em>for evigt</em>.",
"The feature you need to exploit for this challenge is not directly advertised anywhere.": "Funktionen, der behøves for at udnytte til denne udfordring, er ikke direkte annonceret nogetsteds.",
"Submit 10 or more customer feedbacks within 20 seconds.": "Submit 10 or more customer feedbacks within 20 seconds.",
"After finding a CAPTCHA bypass, write a script that automates feedback submission. Or open many browser tabs and be really quick.": "Skriv, efter at have fundet en CAPTCHA-omgåelse, et script, der automatiserer feedbackindsendelse, eller åbn mange browserfaner og vær virkelig hurtig.",
"Change Bender's password into <i>slurmCl4ssic</i> without using SQL Injection or Forgot Password.": "Skift Benders adgangskode til <i>slurmCl4ssic</i> uden brug af SQL Injection eller Glemt Adgangskode.",
"In previous releases this challenge was wrongly accused of being based on CSRF.": "I tidligere udgivelser blev denne udfordring fejlagtigt beskyldt for at være CSRF-baseret.",
"Order the Christmas special offer of 2014.": "Bestil 2014-julesærtilbuddet.",
"Find out how the application handles unavailable products and try to find a loophole.": "Find ud af, hvordan applikationen håndterer utilgængelige produkter og forsøg at finde et smuthul.",
"Bypass the Content Security Policy and perform an XSS attack with <code><script>alert(`xss`)</script></code> on a legacy page within the application.": "Omgå Content Security Politikken og udfør et XSS-angreb med <code><script>alert(`xss`)</script></code> på en legacy-side i applikationen.",
"What is even \"better\" than a legacy page with a homegrown RegEx sanitizer? Having CSP injection issues on the exact same page as well!": "Hvad er endnu \"bedre\" end en legacy-side med en hjemmedyrket RegEx sanitizer? At have CSP-injektionsproblemer på nøjagtig samme side!",
"Perform a <i>persisted</i> XSS attack with <code><iframe src=\"javascript:alert(`xss`)\"></code> bypassing a <i>client-side</i> security mechanism.": "Udfør et <i>vedvarende</i> XSS-angreb med<code><iframe src=\"javascript:alert(`xss`)\"></code> under omgåelse af en <i>klientbaseret</i> sikkerhedsmekanisme.",
"Only some input fields validate their input. Even less of these are persisted in a way where their content is shown on another screen.": "Kun nogle inputfelter validerer angivet indhold. Endnu færre af disse er vedholdende på en måde, hvor deres indhold vises på en anden skærm.",
"Access a confidential document.": "Tilgå et fortroligt dokument.",
"Analyze and tamper with links in the application that deliver a file directly.": "Analysér og manipulér med links i applikationen, der leverer filer direkte.",
"Perform a <i>DOM</i> XSS attack with <code><iframe src=\"javascript:alert(`xss`)\"></code>.": "Udfør et <i>DOM</i> XSS-angreb med <code><iframe src=\"javascript:alert(`xss`)\"></code>.",
"Look for an input field where its content appears in the HTML when its form is submitted.": "Led efter efter et inputfelt, hvis indhold vises i HTML, når formularen indsendes.",
"Exfiltrate the entire DB schema definition via SQL Injection.": "Exfiltrér hele DB-strukturdefinitionen via SQL Injection.",
"Find out where this information could come from. Then craft a UNION SELECT attack string against an endpoint that offers an unnecessary way to filter data.": "Find ud af, hvor disse oplysninger kan komme fra. Udform derefter en UNION SELECT-angrebsstreng mod et endepunkt, der tilbyder en unødvendig datafiltreringsmåde.",
"Use a deprecated B2B interface that was not properly shut down.": "Brug en forældet B2B-grænseflade, der ikke blev korrekt lukket.",
"The developers who disabled the interface think they could go invisible by just closing their eyes.": "De udviklere, som deaktiverede grænsefladen, tror, at de kunne blive usynlige ved blot at lukke deres øjne.",
"If you solved one of the three file access challenges, you already know where to find the easter egg.": "Har du løst en af de tre fil adgangsudfordringer, ved du allerede, hvor du finder påskeægget.",
"Perform an unwanted information disclosure by accessing data cross-domain.": "Udfør en uønsket informationsafsløring ved at tilgå datakrydsdomæne.",
"Try to find and attack an endpoint that responds with user information. SQL Injection is not the solution here.": "Forsøg at finde og angribe et endepunkt, der reagerer med brugeroplysninger. SQL Injection er ikke løsningen hér.",
"Log in with the (non-existing) accountant <i>acc0unt4nt@juice-sh.op</i> without ever registering that user.": "Log ind med den (ikke-eksisterende) revisor <i>acc0unt4nt@juice-sh.op</i> uden nogensinde at registrere den pågældende bruger.",
"Try to create the needed user \"out of thin air\".": "Prøv at oprette den krævede bruger \"ud af tynd luft\".",
"Provoke an error that is neither very gracefully nor consistently handled.": "Fremprovokér en fejl, der hverken kan håndteres særligt yndefuldt eller konsekvent.",
"Try to submit bad input to forms. Alternatively tamper with URL paths or parameters.": "Forsøg at indsende dårligt input til formularer. Manipulér alternativt med URL-stier eller parametre.",
"Successfully redeem an expired campaign coupon code.": "Udfør vellykket indløsning af en udløbet kampagnekuponkode.",
"Try to identify past special event or holiday campaigns of the shop first.": "Forsøg først at identificere tidligere specialbegivenheder eller feriekampagner i butikken.",
"Retrieve the language file that never made it into production.": "Hent den sprogfil, der aldrig nåede med ud i produktionen.",
"Brute force is not the only option for this challenge, but a perfectly viable one.": "Brute force er ikke den eneste mulighed i denne udfordring, men dog en fuldt levedygtig én.",
"Get rid of all 5-star customer feedback.": "Slip af med alle 5-stjernede kundefeedbacks.",
"Once you found admin section of the application, this challenge is almost trivial.": "Når først du har fundet applikationens adminsektion, er denne udfordring nærmest kedelig.",
"Forge a coupon code that gives you a discount of at least 80%.": "Forfalsk en kuponkode, der giver dig en rabat på mindst 80%.",
"Post some feedback in another user's name.": "Post some feedback in another user's name.",
"You can solve this by tampering with the user interface or by intercepting the communication with the RESTful backend.": "Du kan løse dette ved at manipulere med brugergrænsefladen eller ved at opsnappe kommunikationen med RESTful backend'en.",
"Post a product review as another user or edit any user's existing review.": "Indsend en produktanmeldelse som en anden bruger eller redigér en brugers eksisterende anmeldelse.",
"Observe the flow of product review posting and editing and see if you can exploit it.": "Observér strømmen af indsendte produktbedømmelser samt rettelser og se om du kan udnytte dette.",
"Forge an almost properly RSA-signed JWT token that impersonates the (non-existing) user <i>rsa_lord@juice-sh.op</i>.": "Forfalsk en næsten korrekt RSA-signeret JWT-token, der udgiver sig for at være den (ikke-eksisterende) bruger <i>rsa_lord@juice-sh.op</i>.",
"This challenge is explicitly not about acquiring the RSA private key used for JWT signing.": "Denne udfordring handler specifikt ikke om at få fat i den private RSA-nøgle, som bruges til JWT-signering.",
"Access a developer's forgotten backup file.": "Tilgå en udviklers glemte sikkerhedskopi.",
"You need to trick a security mechanism into thinking that the file you want has a valid file type.": "En sikkerhedsmekanisme skal narres til at tro, at den fil, du ønsker, har en gyldig filtype.",
"Access a salesman's forgotten backup file.": "Tilgå en sælgers glemte sikkerhedskopi.",
"<a href=\"/#/contact\">Inform the shop</a> about a <i>typosquatting</i> imposter that dug itself deep into the frontend. (Mention the exact name of the culprit)": "<a href=\"/#/contact\">Informér butikken</a> om en <i>typosquatting</i>-bedrager, som har gravet sig dybt ned i frontend'en. (Nævn synderens eksakte navn)",
"This challenge has nothing to do with mistyping web domains. There is no conveniently misplaced file helping you with this one either. Or is there?": "Denne udfordring har intet at gøre med at skrive web-domæner forkert. Der er heller ikke nogen belejligt fejlplaceret fil til at hjælpe dig her. Eller er der?",
"Log in with Chris' erased user account.": "Log ind med Chris' slettede brugerkonto.",
"Turns out that something is technically and legally wrong with the implementation of the \"right to be forgotten\" for users.": "Det viser sig, at noget er teknisk og juridisk galt med implementeringen af \"retten til at blive glemt\" for brugerne.",
"Steal someone else's personal data without using Injection.": "Stjæl nogens personlige data uden brug af Injection.",
"Trick the regular Data Export to give you more than actually belongs to you.": "Snyd den almindelige dataeksport til at give dig mere, end hvad der faktisk tilhører dig.",
"Perform a <i>persisted</i> XSS attack with <code><iframe src=\"javascript:alert(`xss`)\"></code> through an HTTP header.": "Udfør et <i>vedvarende</i> XSS-angreb med <code><iframe src=\"javascript:alert(`xss`)\"></code> gennem en HTTP-header.",
"Finding a piece of displayed information that could originate from an HTTP header is part of this challenge.": "At finde et stykke synlig information, som kunne stamme fra en HTTP-header, er en del af denne udfordring.",
"Solve challenge #999. Unfortunately, this challenge does not exist.": "Løs udfordring #999. Desværre eksisterer denne udfordring ikke.",
"You need to trick the hacking progress persistence feature into thinking you solved challenge #999.": "Du er nødt til at narre hackingforløbsvedvarenhedsfunktionen til at tro, at du har løst udfordring #999.",
"Dumpster dive the Internet for a leaked password and log in to the original user account it belongs to. (Creating a new account with the same password does not qualify as a solution.)": "Gennemsøg internettet efter en lækket adgangskode og log ind på den brugerkonto som den tilhører. (At oprette en ny konto med samme adgangskode tæller ikke som en løsning.)",
"Once you have it, a technique called \"Password Spraying\" might prove useful.": "Når du har den, kan en teknik kaldet \"Password Spraying\" vise sig nyttig.",
"Identify an unsafe product that was removed from the shop and <a href=\"/#/contact\">inform the shop</a> which ingredients are dangerous.": "Identificer et usikkert produkt, som er blevet fjernet fra butikken og <a href=\"/#/contact\">informér butikken</a> om, hvilke ingredienser, der er farlige.",
"Your own SQLi and someone else's Ctrl-V will be your accomplices in this challenge!": "Din egen SQLi og en andens Ctrl-V vil være dine medskyldige i denne udfordring!",
"<a href=\"/#/contact\">Inform the shop</a> about a <i>typosquatting</i> trick it has been a victim of at least in <code>v6.2.0-SNAPSHOT</code>. (Mention the exact name of the culprit)": "<a href=\"/#/contact\">Informér butikken</a> om et <i>typosquatting</i>-trick, som den har været offer for som minimum i <code>v6.2.0-SNAPSHOT</code> (Nævn det eksakte navn på synderen).",
"This challenge has nothing to do with mistyping web domains. Investigate the forgotten developer's backup file instead.": "Denne udfordring har intet med fejlindtastning af web-domæner at gøre. Undersøg i stedet udviklerens glemte backup-fil.",
"Log in with the administrator's user account.": "Log ind med administratorens brugerkonto.",
"Try different SQL Injection attack patterns depending whether you know the admin's email address or not.": "Prøv forskellige SQL Injection-angrebsmønstre afhængigt af om du kender administratorens e-mailadresse eller ej.",
"Log in with Amy's original user credentials. (This could take 93.83 billion trillion trillion centuries to brute force, but luckily she did not read the \"One Important Final Note\")": "Log ind med Amys originale loginoplysninger (dette kan tage 93,83 mia. billioner billioner århundreder at brute force, men heldigvis læste hun ikke \"En Vigtig Afsluttende Bemærkning\").",
"This challenge will make you go after a needle in a haystack.": "Denne udfordring vil få dig til at lede efter en nål i en høstak.",
"Log in with Bender's user account.": "Log ind med Benders brugerkonto.",
"If you know Bender's email address, try SQL Injection. Bender's password hash might not help you very much.": "Kendes Benders e-mailadresse, så prøv SQL Injection. Benders adgangskode-hash hjælper dig muligvis ikke ret meget.",
"Log in with Bjoern's Gmail account <i>without</i> previously changing his password, applying SQL Injection, or hacking his Google account.": "Log ind med Bjoerns Gmail-konto <i>uden</i> at ændre hans adgangskode, anvend SQL Injection, eller hacke hans Google-konto.",
"The security flaw behind this challenge is 100% OWASP Juice Shop's fault and 0% Google's.": "Sikkerhedsfejlen bag denne udfordring er 100% OWASP Juice Shoppens fejl og 0% Googles.",
"Exploit OAuth 2.0 to log in with the Chief Information Security Officer's user account.": "Udnyt OAuth 2.0 til at logge ind med Chief Information Security Officerens brugerkonto.",
"Don't try to beat Google's OAuth 2.0 service. Rather investigate implementation flaws on OWASP Juice Shop's end.": "Forsøg ikke at slå Googles OAuth 2.0-tjeneste. Prøv i stedet at undersøge implementeringsfejl i OWASP Juice Shops ende.",
"Log in with Jim's user account.": "Log ind med Jims brugerkonto.",
"Try cracking Jim's password hash if you harvested it already. Alternatively, if you know Jim's email address, try SQL Injection.": "Forsøg at bryde Jims adgangskode-hash, hvis du allerede har opsnappet det. Kender du Jims e-mailadresse, så kan du eventuelt prøve med SQL Injection i stedet for.",
"Log in with MC SafeSearch's original user credentials without applying SQL Injection or any other bypass.": "Log ind med MC SafeSearchs originale loginoplysninger uden at anvende SQL Injection eller andre omgåelser.",
"You should listen to MC's hit song \"Protect Ya Passwordz\".": "Du burde lytte til MCs hitnummer, \"Protect Ya Passwordz\".",
"Log in with the support team's original user credentials without applying SQL Injection or any other bypass.": "Log ind med supportteamets originale loginoplysninger uden brug af SQL Injection eller andre omgåelser.",
"The underlying flaw of this challenge is a lot more human error than technical weakness.": "Den underliggende fejl i denne udfordring er i højere grad en menneskelig fejl end en teknisk svaghed.",
"Put an additional product into another user's shopping basket.": "Placér et ekstra produkt i en anden brugers indkøbskurv.",
"Have an eye on the HTTP traffic while placing products in the shopping basket. Changing the quantity of products already in the basket doesn't count.": "Har øje på HTTP-trafikken, mens produkter placeres i indkøbskurven. Ændring af det allerede eksisterende produktantal i kurven, tæller ikke.",
"Access a misplaced <a href=\"https://github.com/Neo23x0/sigma\">SIEM signature</a> file.": "Få adgang til en fejlplaceret <a href=\"https://github.com/Neo23x0/sigma\">SIEM-signaturfil</a>.",
"Like any review at least three times as the same user.": "Giv en hvilken som helst anmeldelse en Like mindst tre som den samme bruger.",
"Punctuality is the politeness of kings.": "Rettelighed er kongers høflighed.",
"Apply some advanced cryptanalysis to find <i>the real</i> easter egg.": "Anvend nogle avancerede kryptoanalyser for at finde <i>det virkelige</i> påskeæg.",
"You might have to peel through several layers of tough-as-nails encryption for this challenge.": "Du kan være nødt til at skrælle flere lag hård-soms-armeringsstål kryptering af i denne udfordring.",
"Let the server sleep for some time. (It has done more than enough hard work for you)": "Lad serveren sove i et stykke tid (det har udført mere end nok hårdt arbejde for dig).",
"This challenge is essentially a stripped-down Denial of Service (DoS) attack.": "Denne udfordring er grundlæggende et afstrippet Denial of Service (DoS) angreb.",
"All your orders are belong to us! Even the ones which don't.": "Alle dine bestillinger tilhører os! Selv dem, som ikke gør.",
"Take a close look on how the $where query operator works in MongoDB.": "Tag et nøje kig på, hvordan $where -forespørgselsoperatøren fungerer i MongoDB.",
"Update multiple product reviews at the same time.": "Opdatér flere produktanmeldelser på samme tid.",
"Take a close look on how the equivalent of UPDATE-statements in MongoDB work.": "Se nærmere på, hvordan det svarer til fuktionen af UPDATE-udsagn i MongoDB.",
"Let us redirect you to one of our crypto currency addresses which are not promoted any longer.": "Lad os omdirigere dig til en af vores kryptovalutaadresser, som ikke længere promoveres.",
"We might have failed to take this out of our code properly.": "Måske lykkedes det os ikke at dette ordentligt fra vores kode.",
"Log in with the administrator's user credentials without previously changing them or applying SQL Injection.": "Log ind med administratorens akkreditiver uden forudgående ændring af dem eller brug af SQL Injection.",
"This one should be equally easy to a) brute force, b) crack the password hash or c) simply guess.": "Denne bør være lige så let at a) brute force, b) knække adgangskode-hash'en eller c) simpelthen gætte.",
"Place an order that makes you rich.": "Afgiv en bestilling, der gør dig rig.",
"You literally need to make the shop owe you any amount of money.": "Du har bogstaveligt sørge for, at gøre butikken skylder dig en sum penge.",
"<i class=\"far fa-gem\"></i><i class=\"far fa-gem\"></i><i class=\"far fa-gem\"></i><i class=\"far fa-gem\"></i><i class=\"far fa-gem\"></i><!--IvLuRfBJYlmStf9XfL6ckJFngyd9LfV1JaaN/KRTPQPidTuJ7FR+D/nkWJUF+0xUF07CeCeqYfxq+OJVVa0gNbqgYkUNvn//UbE7e95C+6e+7GtdpqJ8mqm4WcPvUGIUxmGLTTAC2+G9UuFCD1DUjg==--> <a href=\"https://blockchain.info/address/1AbKfgvw9psQ41NbLi8kufDQTezwG8DRZm\" target=\"_blank\"><i class=\"fab fa-btc fa-sm\"></i> Unlock Premium Challenge</a> to access exclusive content.": "<i class=\"far fa-gem\"></i><i class=\"far fa-gem\"></i><i class=\"far fa-gem\"></i><i class=\"far fa-gem\"></i><i class=\"far fa-gem\"></i><!--IvLuRfBJYlmStf9XfL6ckJFngyd9LfV1JaaN/KRTPQPidTuJ7FR+D/nkWJUF+0xUF07CeCeqYfxq+OJVVa0gNbqgYkUNvn//UbE7e95C+6e+7GtdpqJ8mqm4WcPvUGIUxmGLTTAC2+G9UuFCD1DUjg==--> <a href=\"https://blockchain.info/address/1AbKfgvw9psQ41NbLi8kufDQTezwG8DRZm\" target=\"_blank\"><i class=\"fab fa-btc fa-sm\"></i> Oplås Premium-udfordring</a> for adgang til eksklusivt indhold.",
"You do not have to pay anything to unlock this challenge! Nonetheless, donations are very much appreciated.": "Intet behøver at blive betale for at oplåse denne udfordring! Ikke desto mindre er donationer meget værdsat.",
"Read our privacy policy.": "Læs gældende Fortrolighedspolitik",
"We won't even ask you to confirm that you did. Just read it. Please. Pretty please.": "Vi vil ikke engang bede dig bekræfte, at du gjorde det. Læs den blot.",
"Prove that you actually read our privacy policy.": "Bevis, at du rent faktisk har læst fortrolighedspolitikken.",
"Only by visiting a special URL you can confirm that you read it carefully.": "Kun ved at besøge en speciel URL kan du bekræfte, at du har læst den grundigt.",
"Change the <code>href</code> of the link within the <a href=\"/#/search?q=OWASP SSL Advanced Forensic Tool (O-Saft)\">OWASP SSL Advanced Forensic Tool (O-Saft)</a> product description into <i>https://owasp.slack.com</i>.": "Ændr <code>href</code> for produktbeskrivelseslinket i <a href=\"/#/search?q=OWASP SSL Advanced Forensic Tool (O-Saft)\">OWASP SSL Advanced Forensic Tool (O-Saft)</a> til <i>https://owasp.slack.com</i>.",
"Look for one of the following: a) broken admin functionality, b) holes in RESTful API or c) possibility for SQL Injection.": "Kig efter en af flg. forekomster: a) defekt admin-funktionalitet b) huller i RESTful API eller c) mulighed for SQL Injektion.",
"Perform a <i>reflected</i> XSS attack with <code><iframe src=\"javascript:alert(`xss`)\"></code>.": "Udfør et <i>DOM</i> XSS-angreb vha. <code><iframe src=\"javascript:alert(`xss`)\"></code>.",
"Look for an input field where its content appears in the response HTML when its form is submitted.": "Kig efter efter et inputfelt, hvis indhold vises i HTML-svaret, når formularen indsendes.",
"Follow the DRY principle while registering a user.": "Følg DRY-princippet under registreringen af en bruger.",
"You can solve this by cleverly interacting with the UI or bypassing it altogether.": "Dette kan løses vha. smart interageren med UI'en eller ved helt at omgå denne.",
"Reset Bender's password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.": "Nulstil, ved brug af <i>det originale svar</i> på hans sikkerhedsspørgsmål, Benders adgangskode via <a href=\"/#/forgot-password\">Glemt Adgangskode</a>-funktionen.",
"Not as trivial as Jim's but still not too difficult with some \"Futurama\" background knowledge.": "Ikke så trivielt som Jims, men stadig ikke alt for svært med noget \"Futurama\"-baggrundsviden.",
"Reset the password of Bjoern's internal account via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.": "Nulstil, ved brug af <i>det originale svar</i> på hans sikkerhedsspørgsmål, Bjørns adgangskode via <a href=\"/#/forgot-password\">Glemt Adgangskode</a>-funktionen.",
"Nothing a little bit of Facebook stalking couldn't reveal. Might involve a historical twist.": "Intet, som en lille smule Facebook-stalking ikke kunne afsløre. Kan involvere et historisk twist.",
"Reset Jim's password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.": "Nulstil, ved brug af <i>det originale svar</i> på hans sikkerhedsspørgsmål, Jims adgangskode via <a href=\"/#/forgot-password\">Glemt Adgangskode</a>-funktionen.",
"It's hard for celebrities to pick a security question from a hard-coded list where the answer is not publicly exposed.": "Det er svært for berømtheder at vælge et sikkerhedsspørgsmål fra en fast liste, hvor svaret ikke er offentligt afsløret.",
"Reset Morty's password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>his obfuscated answer</i> to his security question.": "Nulstil, ved brug af <i>det slørede svar</i> på hans sikkerhedsspørgsmål, Mortys adgangskode via <a href=\"/#/forgot-password\">Glemt Adgangskode</a>-funktionen.",
"Find a way to bypass the rate limiting and brute force the obfuscated answer to Morty's security question.": "Find en måde at omgå bedømmelsesbegrænsningen på og brute force det slørede svar på Mortys sikkerhedsspørgsmål.",
"Deprive the shop of earnings by downloading the blueprint for one of its products.": "Berøv butikken indtjeninger ved at downloade et af dens produktblueprints.",
"The product you might want to give a closer look is the OWASP Juice Shop Logo (3D-printed).": "Produktet, du måske ønsker at tjekke nærmere ud, er OWASP Juice Shop Logo (3D-printet).",
"Request a hidden resource on server through server.": "Anmod om en skjult serverressource via serveren.",
"Reverse engineering something bad can make good things happen.": "Reverse engineering af noget dårligt kan få gode ting til at ske.",
"Infect the server with juicy malware by abusing arbitrary command execution.": "Inficér serveren med saftig malware ved at misbruge vilkårlig kommandoeksekvering.",
"\"SSTi\" is a clear indicator that this has nothing to do with anything Angular. Also, make sure to use only our non-malicious malware.": "\"SSTi\" er en klar indikator på, at dette intet har at gøre med noget Angular-relateret. Sørg også for kun at bruge vores ikke-ondsindet malware.",
"Behave like any \"white-hat\" should before getting into the action.": "Agér som enhver anden \"white-hat\" bør gøre, inden der skrides til handling.",
"Perform a <i>persisted</i> XSS attack with <code><iframe src=\"javascript:alert(`xss`)\"></code> bypassing a <i>server-side</i> security mechanism.": "Udfør et <i>vedvarende</i> XSS-angreb med<code><iframe src=\"javascript:alert(`xss`)\"></code>, der omgår en <i>serverbaseret</i> sikkerhedsfunktion.",
"The \"Comment\" field in the \"Customer Feedback\" screen is where you want to put your focus on.": "\"Kommentar\"-feltet på \"Kundefeedback\"-skærmen er stedet, der ønskes fokuseret på.",
"<a href=\"/#/contact\">Rat out</a> a notorious character hiding in plain sight in the shop. (Mention the exact name of the character)": "<a href=\"/#/contact\">Sladr</a> om en berygtet tegnskjulning i al åbenlyshed i butikken (nævn det nøjagtige navn på tegnet).",
"No matter how good your eyes are, you will need tool assistance for this challenge.": "Uanset, hvor gode øjnene er, kræver denne udfordring værktøjsassistance.",
"Perform a Remote Code Execution that occupies the server for a while without using infinite loops.": "Udfør, uden brug af uendelige sløjfer, en Remote Code Execution, der optager serveren i et stykke tid.",
"Your attack payload must not trigger the protection against too many iterations.": "Angrebsnyttelasten må ikke udløse beskyttelsen mod for mange gentagelser.",
"This vulnerability will not affect any customer of the shop. It is aimed exclusively at its developers.": "Denne sårbarhed vil ikke påvirke nogen butikskunde. Den er alene rettet mod butikkens udviklere.",
"Solve the 2FA challenge for user \"wurstbrot\". (Disabling, bypassing or overwriting his 2FA settings does not count as a solution)": "Løs 2FA-udfordringen for brugeren \"wurstbrot\" (deaktiverer/omgåelse/overskrivning af hans 2FA-indstillinger tæller ikke som en løsning).",
"The 2FA implementation requires to store a secret for every user. You will need to find a way to access this secret in order to solve this challenge.": "2FA-implementeringen kræver lagring af en hemmelighed for hver bruger. Det vil være nødvendigt at finde en måde at tilgå denne hemmelighed på for at løse udfordringen.",
"Forge an essentially unsigned JWT token that impersonates the (non-existing) user <i>jwtn3d@juice-sh.op</i>.": "Forfalsk en i al væsenlighed usigneret JWT-token, der udgiver sig for at være (den ikke-eksisterende) bruger <i>rsa_lord@juice-sh.op</i>.",
"This challenge exploits a weird option that is supported when signing tokens with JWT.": "Denne udfordring udnytter en underlig, understøttet mulighed ifm. tokensignering med JWT.",
"Upload a file larger than 100 kB.": "Upload en fil større end 100 kB.",
"You can attach a small file to the \"Complaint\" form. Investigate how this upload actually works.": "En lille fil kan vedhæftes \"Klage\"-formularen. Undersøg, hvordan denne upload rent faktisk fungerer.",
"Upload a file that has no .pdf or .zip extension.": "Upload en fil uden et .pdf- eller .zip-filtypenavn.",
"You can attach a PDF or ZIP file to the \"Complaint\" form. Investigate how this upload actually works.": "En PDF- eller ZIP-fil kan vedhæftes \"Klage\"- formularen. Undersøg, hvordan denne upload faktisk fungerer.",
"Retrieve a list of all user credentials via SQL Injection.": "Hent en liste over alle brugerakkreditiver via SQL Injection.",
"Gather information on where user data is stored and how it is addressed. Then craft a corresponding UNION SELECT attack.": "Indsaml oplysninger om, hvor brugerdata gemmes, og hvordan de adresseres. \nUdform dernæst et korresponderende UNION SELECT-angreb.",
"Embed an XSS payload <code></script><script>alert(`xss`)</script></code> into our promo video.": "Indlejr en XSS-nyttelast <code></script><script>advarsel(`xss`)</script></code> i vores promo video.",
"You have to reuse the vulnerability behind one other 6-star challenge to be able to solve this one.": "Genbrug af sårbarheden bag en anden 6-stjernet udfordring er nødvendig for at kunne løse denne.",
"View another user's shopping basket.": "Kig i en anden brugers indkøbskurv.",
"Have an eye on the HTTP traffic while shopping. Alternatively try to find a client-side association of users to their basket.": "Hav et øje på HTTP-trafikken under shoppingen. Forsøg alternativt at finde en klientbaseret tilknytning af brugere til deres kurv.",
"<a href=\"/#/contact\">Inform the shop</a> about a vulnerable library it is using. (Mention the exact library name and version in your comment)": "<a href=\"/#/contact\">Informér butikken</a> om et sårbart bibliotek, den bruger (nævn det eksakte biblioteksnavn og -version i kommentaren)",
"Report one of two possible answers via the \"Customer Feedback\" form. Do not forget to submit the library's version as well.": "Anmeld et af to mulige svar via \"Kundefeedback\"-formularen. Glem ikke at indsende biblioteksversionen også.",
"<a href=\"/#/contact\">Inform the shop</a> about an algorithm or library it should definitely not use the way it does.": "<a href=\"/#/contact\">Informér butikken</a> om en algoritme eller bibliotek, den absolut ikke bør bruge på den måde, den gør.",
"Report one of four possible answers via the \"Customer Feedback\" form.": "Anmeld et af fire mulige svar via \"Kundefeedback\"-formularen.",
"Enforce a redirect to a page you are not supposed to redirect to.": "Gennemtving en omdirigering til en side, der ikke må omdirigeres til.",
"You have to find a way to beat the allowlist of allowed redirect URLs.": "En måde at slå hvidlisten over tilladte omdirigering URL'er på.",
"Retrieve the content of <code>C:\\Windows\\system.ini</code> or <code>/etc/passwd</code> from the server.": "Hent indholdet af <code>C:\\Windows\\system.ini</code> eller <code>/etc/passwd</code> fra serveren.",
"The leverage point for this challenge is the deprecated B2B interface.": "Udnyttelsespunktet for denne udfordring er den forældede B2B-grænseflade.",
"Give the server something to chew on for quite a while.": "Giv serveren noget at tygge på i et pænt stykke tid.",
"It is not as easy as sending a large amount of data directly to the deprecated B2B interface.": "Det er ikke så nemt som at sende en stor mængde data direkte til den forældede B2B-brugerflade.",
"Give a devastating zero-star feedback to the store.": "Giv en ødelæggende nul-stjerne feedback til butikken.",
"Before you invest time bypassing the API, you might want to play around with the UI a bit.": "Før der investeres tid i at omgå API'en, kunne der måske leges lidt med UI'en først.",
"Your eldest siblings middle name?": "Dine ældste søskendes mellemnavn?",
"Mother's maiden name?": "Mors pigenavn?",
"Mother's birth date? (MM/DD/YY)": "Mors fødselsdato? (MM/DD/ÅÅ)",
"Father's birth date? (MM/DD/YY)": "Fars fødselsdato? (MM/DD/ÅÅ)",
"Maternal grandmother's first name?": "Mormors fornavn?",
"Paternal grandmother's first name?": "Fatfars fornavn?",
"Name of your favorite pet?": "Dit yndlingskæledyrs navn?",
"Last name of dentist when you were a teenager? (Do not include 'Dr.')": "Tandlæges efternavn fra teenageårene (uden 'Dr.').",
"Your ZIP/postal code when you were a teenager?": "Postnummer fra teenageårene?",
"Company you first work for as an adult?": "Virksomheden, hvor førsts voksenansættelse skete?",
"Your favorite book?": "Yndlingsbog?",
"Your favorite movie?": "Yndlingsfilm?",
"Number of one of your customer or ID cards?": "Nummer på en af ens kunder eller ID-kort?",
"Apple Juice (1000ml)": "Æblejuice (1.000 ml)",
"The all-time classic.": "Den evige klassiker.",
"Orange Juice (1000ml)": "Appelsinjuice (1.000 ml)",
"Made from oranges hand-picked by Uncle Dittmeyer.": "Fremstillet af appelsiner håndplukket af onkel Dittmeyer.",
"Eggfruit Juice (500ml)": "Canisteljuice (500 ml)",
"Now with even more exotic flavour.": "Nu med endnu mere eksotisk smag.",
"Raspberry Juice (1000ml)": "Hindbærjuice (1.000 ml)",
"Made from blended Raspberry Pi, water and sugar.": "Fremstillet af blendede Raspberry Pi, vand og sukker.",
"Lemon Juice (500ml)": "Citronjuice (500 ml)",
"Sour but full of vitamins.": "Syrlig, men fuld af vitaminer.",
"Banana Juice (1000ml)": "Bananjuice (1.000 ml)",
"Monkeys love it the most.": "Aber elsker det mest.",
"OWASP Juice Shop T-Shirt": "OWASP Juice Shop CTF T-Shirt",
"Real fans wear it 24/7!": "Rigtige fans bære den 24/7!",
"OWASP Juice Shop CTF Girlie-Shirt": "OWASP Juice Shop CTF Pigeskjorte",
"For serious Capture-the-Flag heroines only!": "Kun for seriøse Capture-the-Flag heltinder!",
"OWASP SSL Advanced Forensic Tool (O-Saft)": "OWASP SSL Avanceret Retsmedicinsk Værktøj (O-Saft)",
"O-Saft is an easy to use tool to show information about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. <a href=\"https://www.owasp.org/index.php/O-Saft\" target=\"_blank\">More...</a>": "O-Saft er et let anvendeligt værktøj til visning af SSL-certifikat oplysninger og SSL-forbindelsesaftestning jf. en given liste over ciphers og forskellige SSL-opsætninger. <a href=\"https://www.owasp.org/index.php/O-Saft\" target=\"_blank\">Mere...</a>",
"Christmas Super-Surprise-Box (2014 Edition)": "Superoverraskelses Julekasse (2014-udgave)",
"Contains a random selection of 10 bottles (each 500ml) of our tastiest juices and an extra fan shirt for an unbeatable price! (Seasonal special offer! Limited availability!)": "Indeholder et tilfældigt udvalg på 10 flasker (á 500 ml) af vores bedst smagende juice og en ekstra fanskjorte til en uovertruffen pris! (Sæsonbestemt særtilbud! Begrænset tilgængelighed!)",
"Rippertuer Special Juice": "Rippertuer Specialjuice",
"Contains a magical collection of the rarest fruits gathered from all around the world, like Cherymoya Annona cherimola, Jabuticaba Myrciaria cauliflora, Bael Aegle marmelos... and others, at an unbelievable price! <br/><span style=\"color:red;\">This item has been made unavailable because of lack of safety standards.</span> (This product is unsafe! We plan to remove it from the stock!)": "Indeholder en magisk samling af de sjældneste frugter indsamlet verden over, såsom Cherymoya Annona cherimola, Jabuticaba Myrciaria cauliflora, Bael Aegle marmelos... og andre, til en utrolig pris! <br/><span style=\"color:red;\">Denne vare er blevet gjort utilgængelig grundet manglende sikkerhedsstandarder.</span> (Dette produkt er usikkert og er planlægt fjernet fra lageret!)",
"OWASP Juice Shop Sticker (2015/2016 design)": "OWASP Juice Shop-klistermærke (2015/2016-design)",
"Die-cut sticker with the official 2015/2016 logo. By now this is a rare collectors item. <em>Out of stock!</em>": "Udstandset klistermærke med det officielle 2015/2016 logo. Dette er allerede et sjældent samlerobjekt. <em>Ikke på lager!</em>",
"OWASP Juice Shop Iron-Ons (16pcs)": "OWASP Juice Shop til påstrygning (16 stk.)",
"Upgrade your clothes with washer safe <a href=\"https://www.stickeryou.com/products/owasp-juice-shop/794\" target=\"_blank\">iron-ons</a> of the OWASP Juice Shop or CTF Extension logo!": "Opgradér dit tøj med en vaskbare <a href=\"https://www.stickeryou.com/products/owasp-juice-shop/794\" target=\"_blank\">påstrygningsudgave</a> af OWASP Juice Shop- eller CTF Extension-logo!",
"OWASP Juice Shop Magnets (16pcs)": "OWASP Juice Shop Magneter (16 stk.)",
"Your fridge will be even cooler with these OWASP Juice Shop or CTF Extension logo <a href=\"https://www.stickeryou.com/products/owasp-juice-shop/794\" target=\"_blank\">magnets</a>!": "Dit køleskab vil være endnu mere cool med disse OWASP Juice Shop- eller CTF Extension-logo<a href=\"https://www.stickeryou.com/products/owasp-juice-shop/794\" target=\"_blank\">magneter</a>!",
"OWASP Juice Shop Sticker Page": "OWASP Juice Shop- mærkateside",
"Massive decoration opportunities with these OWASP Juice Shop or CTF Extension <a href=\"https://www.stickeryou.com/products/owasp-juice-shop/794\" target=\"_blank\">sticker pages</a>! Each page has 16 stickers on it.": "Massive dekorationsmuligheder med disse OWASP Juice Shop- eller CTF Extension-<a href=\"https://www.stickeryou.com/products/owasp-juice-shop/794\" target=\"_blank\">mærkatsider</a>! Hver side indeholder 16 mærkater.",
"OWASP Juice Shop Sticker Single": "OWASP Juice Shop-enkeltmærkat",
"Super high-quality vinyl <a href=\"https://www.stickeryou.com/products/owasp-juice-shop/794\" target=\"_blank\">sticker single</a> with the OWASP Juice Shop or CTF Extension logo! The ultimate laptop decal!": "Super højkvalitets vinyl <a href=\"https://www.stickeryou.com/products/wasp-juice-shop/794\" target=\"_blank\">enkeltmærkat</a> med OWASP Juice Shop eller CTF Extension logo! Den ultimative laptopmærkat!",
"OWASP Juice Shop Temporary Tattoos (16pcs)": "OWASP Juice Shop-overføringstatoveringer (16 stk.)",
"Get one of these <a href=\"https://www.stickeryou.com/products/owasp-juice-shop/794\" target=\"_blank\">temporary tattoos</a> to proudly wear the OWASP Juice Shop or CTF Extension logo on your skin! If you tweet a photo of yourself with the tattoo, you get a couple of our stickers for free! Please mention <a href=\"https://twitter.com/owasp_juiceshop\" target=\"_blank\"><code>@owasp_juiceshop</code></a> in your tweet!": "Få en af disse <a href=\"https://www.stickeryou.com/products/owasp-juice-shop/794\" target=\"_blank\">overføringstatoveringer</a> for stolt at bære OWASP Juice Shop eller CTF Extension logoet på din hud! Tweeter du et foto af dig selv med tatoveringen, får du et par af vores mærkater gratis! Angiv <a href=\"https://twitter.com/owasp_juiceshop\" target=\"_blank\"><code>@owasp_juiceshop</code></a> i dit tweet!",
"OWASP Juice Shop Mug": "OWASP Juice Shop CTF-krus",
"Black mug with regular logo on one side and CTF logo on the other! Your colleagues will envy you!": "Sort krus med almindeligt logo på den ene side og CTF-logo på den anden! Dine kolleger vil misunde dig!",
"OWASP Juice Shop Hoodie": "OWASP Juice Shop CTF-hættetrøje",
"Mr. Robot-style apparel. But in black. And with logo.": "Mr. Robot-stil beklædning, men i sort, og med logo.",
"OWASP Juice Shop-CTF Velcro Patch": "OWASP Juice Shop-CTF Velcro Patch",
"4x3.5\" embroidered patch with velcro backside. The ultimate decal for every tactical bag or backpack!": "10,15x8,9 cm. broderet patch med velcrobagside. Den ultimative stofmærkat til enhver taktisk taske eller rygsæk!",
"Woodruff Syrup \"Forest Master X-Treme\"": "Woodruff-sirup \"Forest Master X-Treme\"",
"Harvested and manufactured in the Black Forest, Germany. Can cause hyperactive behavior in children. Can cause permanent green tongue when consumed undiluted.": "Høstet og fremstillet i Schwarzwald, Tyskland. Kan forårsage hyperaktiv adfærd hos børn. Kan forårsage permanent grøn tunge ved indtagelse ufortyndet.",
"Green Smoothie": "Grøn Smoothie",
"Looks poisonous but is actually very good for your health! Made from green cabbage, spinach, kiwi and grass.": "Ser giftig ud, men er faktisk ganske god for dit helbred! Fremstillet af grønkål, spinat, kiwier og græs.",
"Quince Juice (1000ml)": "Kvædejuice (1.000 ml)",
"Juice of the <em>Cydonia oblonga</em> fruit. Not exactly sweet but rich in Vitamin C.": "Juice af <em>Cydonia oblonga</em>-frugten. Ikke just sød, men rig på C-vitamin.",
"Apple Pomace": "Æblepulp",
"Finest pressings of apples. Allergy disclaimer: Might contain traces of worms. Can be <a href=\"/#recycle\">sent back to us</a> for recycling.": "Fineste æblepulp. Allergi ansvarsfraskrivelse: Kan indeholde spor af orme. Kan <a href=\"/#recycle\">returneres til os</a> til genbrug.",
"Fruit Press": "Frugtpresse",
"Fruits go in. Juice comes out. Pomace you can send back to us for recycling purposes.": "Frugt lægges i, juice kommer ud. Pulp, du kan returnere til os til genbrugsformål.",
"OWASP Juice Shop Logo (3D-printed)": "OWASP Juice Shop-logo (3D-printet)",
"This rare item was designed and handcrafted in Sweden. This is why it is so incredibly expensive despite its complete lack of purpose.": "Denne sjældne genstand er designet og håndlavet i Sverige. Derfor er den så utrolig dyr, trods dens totale mangel på formål.",
"Juice Shop Artwork": "Juice Shop-kunst",
"Unique masterpiece painted with different kinds of juice on 90g/m² lined paper.": "Unikt mesterværk malet med forskellige slags juice på 90 g/m2 linjeret papir.",
"Global OWASP WASPY Award 2017 Nomination": "Global OWASP WASPY PRIS 2017-nominering",
"Your chance to nominate up to three quiet pillars of the OWASP community ends 2017-06-30! <a href=\"https://www.owasp.org/index.php/WASPY_Awards_2017\">Nominate now!</a>": "Din chance for at nominere op til tre upåagtede støtter i OWASP-fællesskabet slutter 2017-06-30! <a href=\"https://www.owasp.org/index.php/WASPY_Awards_2017\">Nominér nu!</a>",
"Strawberry Juice (500ml)": "Hindbærjuice (500 ml)",
"Sweet & tasty!": "Sød og velsmagende!",
"Carrot Juice (1000ml)": "Gulerodsjuice (1.000 ml)",
"As the old German saying goes: \"Carrots are good for the eyes. Or has anyone ever seen a rabbit with glasses?\"": "Som det gamle tyske ordsprog lyder: \"Gulerødder er gode for øjnene. Har nogen måske nogensinde set en kanin med briller?\"",
"OWASP Juice Shop Sweden Tour 2017 Sticker Sheet (Special Edition)": "OWASP Juice Shop Sverige Tour 2017-mærkatark (særudgave)",
"10 sheets of Sweden-themed stickers with 15 stickers on each.": "10 ark á 15 mærkater med Sverige-temaer.",
"Pwning OWASP Juice Shop": "Pwning OWASP Juice Shop",
"Melon Bike (Comeback-Product 2018 Edition)": "Melon Bike (Comeback-Product 2018-udgave)",
"The wheels of this bicycle are made from real water melons. You might not want to ride it up/down the curb too hard.": "Hjulene på denne cykel er lavet af ægte vandmeloner. Du ønsker måske ikke at køre den for hårdt op/ned af kantsten.",
"OWASP Juice Shop Coaster (10pcs)": "OWASP Juice Shop-bordskånere (16 stk.)",
"Our 95mm circle coasters are printed in full color and made from thick, premium coaster board.": "Vores 95 mm. runde bordskåner er trykt i fuld farve og lavet af tyk, luksus bordskånerpap.",
"Retrieve the photo of Bjoern's cat in \"melee combat-mode\".": "Hent billedet af Bjørns kat i \"nærkamptilstand\".",
"Check the Photo Wall for an image that could not be loaded correctly.": "Tjek fotovæggen for et billede, der ikke kunne indlæses korrekt.",
"Stick <a href=\"http://placekitten.com/\" target=\"_blank\">cute cross-domain kittens</a> all over our delivery boxes.": "Sæt <a href=\"http://placekitten.com/\" target=\"_blank\">søde krydsdomæne-killinger</a> overalt på vores forsendelseskasser.",
"This challenge would formally have to be in several categories as the developers made multiple gaffes for this to be possible.": "Denne udfordring skulle formelt være i flere kategorier, da udviklerne gjorde flere tankeløse fejl for at muliggøre dette.",
"ea.": "stk.",
"Delivery Price": "Leveringspris",
"Total Price": "Pris i alt",
"Bonus Points Earned": "Bonuspoint optjent",
"The bonus points from this order will be added 1:1 to your wallet ¤-fund for future purchases!": "Bonuspoints fra denne bestilling krediteres 1:1 i din wallet ¤-beholdning til fremtidige køb!",
"Thank you for your order!": "Tak for bestillingen.",
"Order Confirmation": "Ordrebekræftelse",
"Customer": "Kunde",
"Order": "Bestilling",
"Date": "Dato",
"OWASP Juice Shop Holographic Sticker": "OWASP Juice Shop Holografisk Mærkat",
"Die-cut holographic sticker. Stand out from those 08/15-sticker-covered laptops with this shiny beacon of 80's coolness!": "Udstandset holografisk rmærkat. Skild dig ud fra de 08/15-mærkatdækkede laptops med dette skinnende fyr af 80'er coolness!",
"OWASP Snakes and Ladders - Mobile Apps": "OWASP Snakes and Ladders - Mobil-apps",
"This amazing mobile app security awareness board game is <a href=\"https://steamcommunity.com/sharedfiles/filedetails/?id=1970691216\">available for Tabletop Simulator on Steam Workshop</a> now!": "Dette fantastiske sikkerhedsbevågenhedsspil er <a href=\"https://steamcommunity.com/sharedfiles/filedetails/?id=1970691216\">tilgængeligt for Tabletop Simulator i Steam Workshop</a> nu!",
"OWASP Snakes and Ladders - Web Applications": "OWASP Snakes and Ladders - Web-applikationer",
"This amazing web application security awareness board game is <a href=\"https://steamcommunity.com/sharedfiles/filedetails/?id=1969196030\">available for Tabletop Simulator on Steam Workshop</a> now!": "Dette fantastiske webapplikations sikkerhedsbevågenhedsbrætspil er <a href=\"https://steamcommunity.com/sharedfiles/filedetails/?id=1969196030\">tilgængelig for Tabletop Simulator på Steam Workshop</a> nu!",
"<em>The official Companion Guide</em> by Björn Kimminich available <a href=\"https://leanpub.com/juice-shop\">for free on LeanPub</a> and also <a href=\"https://pwning.owasp-juice.shop\">readable online</a>!": "<em>Den officielle Ledsager Guide</em> af Bjørn Kimminich er tilgængelig <a href=\"https://leanpub.com/juice-shop\">gratis i LeanPub</a> og kan også <a href=\"https://pwning.owasp-juice.shop\">læses online</a>!",
"We are out of stock! Sorry for the inconvenience.": "Vi har udsolgt! Beklager ulejligheden.",
"Wrong answer to CAPTCHA. Please try again.": "Forkert svar på CAPTCHA. Forsøg igen.",
"Invalid email or password.": "Ugyldig e-mail/adgangskode.",
"Current password is not correct.": "Nuværende adgangskode er forkert.",
"Password cannot be empty.": "Adgangskode er obligatorisk.",
"New and repeated password do not match.": "Ny og gentaget adgangskode matcher ikke.",
"Wrong answer to security question.": "Forkert svar på sikkerhedsspørgsmål.",
"<a href=\"/#/contact\">Inform the development team</a> about a danger to some of <em>their</em> credentials. (Send them the URL of the <em>original report</em> or an assigned CVE or another identifier of this vulnerability)": "<a href=\"/#/contact\">Informér udviklingsteamet</a> om en fare for nogle af <em>deres</em> legitimationsoplysninger. (Send dem URL'en for den <em>oprindelige rapport</em> eller en tildelt CVE eller en anden identifikator for denne sårbarhed)",
"You can order only up to {{quantity}} items of this product.": "Der kan kun bestilles op til {{quantity}} stk. af dette produkt.",
" <em>(This challenge is <strong>not available</strong> on Docker!)</em>": " <em>(Denne udfordring er <strong>ikke tilgængelig</strong> på Docker!)</em>",
" <em>(This challenge is <strong>not available</strong> on Heroku!)</em>": " <em>(Denne udfordring er <strong>ikke tilgængelig</strong> på Heroku!)</em>",
" <em>(This challenge is <strong>not available</strong> on Gitpod!)</em>": " <em>(This challenge is <strong>not available</strong> on Gitpod!)</em>",
" <em>(This challenge is <strong>potentially harmful</strong> on Docker!)</em>": " <em>(Denne udfordring er <strong>potentielt skadelig</strong> på Docker!)</em>",
" <em>(This challenge is <strong>potentially harmful</strong> on Gitpod!)</em>": " <em>(This challenge is <strong>potentially harmful</strong> on Gitpod!)</em>",
" <em>(This challenge is <strong>potentially harmful</strong> on Heroku!)</em>": " <em>(Denne udfordring er <strong>potentielt skadelig</strong> på Heroku!)</em>",
"Find the endpoint that serves usage data to be scraped by a <a href=\"https://github.com/prometheus/prometheus\">popular monitoring system</a>.": "Find endepunktet, der leverer brugsdata til et <a href=\"https://github.com/prometheus/prometheus\">populært overvågningssystem</a>.",
"Try to guess what URL the endpoint might have.": "Prøv at gætte, hvilken URL endepunktet kan have.",
"Look for a url parameter where its value appears in the page it is leading to.": "Kig efter en URL-parameter, hvis værdi vises på den side, den fører til.",
"Change the name of a user by performing Cross-Site Request Forgery from <a href=\"http://htmledit.squarefree.com\">another origin</a>.": "Skift navnet på en bruger ved at udføre Cross-Site Request Forgery fra en <a href=\"http://htmledit.squarefree.com\">anden side</a>.",
"Use the bonus payload <code><iframe width="100%" height="166" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"></iframe></code> in the <i>DOM XSS</i> challenge.": "Brug bonusdataen <code><iframe width="100%" height="166" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"></iframe></code> i <i>DOM XSS</i> -udfordringen.",
"Copy + Paste = Solved!": "Kopiér + Indsæt = Løst!",
"Obtain a Deluxe Membership without paying for it.": "Få et Deluxe medlemskab uden at betale for det.",
"Look closely at what happens when you attempt to upgrade your account.": "Se nøje på, hvad der sker, når du forsøger at opgradere din konto.",
" <em>(This challenge is <strong>not available</strong> on Windows!)</em>": " <em>(Denne udfordring er <strong>ikke tilgængelig</strong> på Windows!)</em>",
"Reset Uvogin's password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.": "Nulstil, ved brug af <i>det originale svar</i> på hans sikkerhedsspørgsmål, Uvogins adgangskode via <a href=\"/#/forgot-password\">Glemt Adgangskode</a>-funktionen.",
"You might have to do some OSINT on his social media personas to find out his honest answer to the security question.": "Du skal måske udføre noget OSINT på hans personaer på sociale medier for at finde hans ærlige svar på sikkerhedsspørgsmålet.",
"Juice Shop Adversary Trading Card (Common)": "Juice Shop Handelskort (Almindeligt)",
"Common rarity \"Juice Shop\" card for the <a href=\"https://docs.google.com/forms/d/e/1FAIpQLSecLEakawSQ56lBe2JOSbFwFYrKDCIN7Yd3iHFdQc5z8ApwdQ/viewform\">Adversary Trading Cards</a> CCG.": "Almindeligt \"Juice Shop\" kort til samlekortspillet <a href=\"https://docs.google.com/forms/d/e/1FAIpQLSecLEakawSQ56lBe2JOSbFwFYrKDCIN7Yd3iHFdQc5z8ApwdQ/viewform\">Adversary Trading Cards</a>.",
"Juice Shop Adversary Trading Card (Super Rare)": "Juice Shop Handelskort (Super Sjældent)",
"Super rare \"Juice Shop\" card with holographic foil-coating for the <a href=\"https://docs.google.com/forms/d/e/1FAIpQLSecLEakawSQ56lBe2JOSbFwFYrKDCIN7Yd3iHFdQc5z8ApwdQ/viewform\">Adversary Trading Cards</a> CCG.": "Super sjældent \"Juice Shop\" kort med holografisk folielag til samlekortspillet <a href=\"https://docs.google.com/forms/d/e/1FAIpQLSecLEakawSQ56lBe2JOSbFwFYrKDCIN7Yd3iHFdQc5z8ApwdQ/viewform\">Adversary Trading Cards</a>.",
"OWASP Juice Shop \"King of the Hill\" Facemask": "OWASP Juice Shop \"King of the Hill\" Mundbind",
"Facemask with compartment for filter from 50% cotton and 50% polyester.": "Mundbind med filterlomme af 50% bomuld og 50% polyester.",
"Determine the answer to John's security question by looking at an upload of him to the Photo Wall and use it to reset his password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism.": "Fastslå svaret på Johns sikkerhedsspørgsmål ved at se på en upload af ham til Photo Wall og bruge denne til at nulstille hans adgangskode via <a href=\"/#/forgot-password\">Glemt adgangskode</a>-funktionen.",
"Take a look at the meta data of the corresponding photo.": "Tag et kig på det tilsvarende fotos metadata.",
"Determine the answer to Emma's security question by looking at an upload of her to the Photo Wall and use it to reset her password via the <a href=\"/#/forgot-password\">Forgot Password</a> mechanism.": "Fastslå svaret på Emmas sikkerhedsspørgsmål ved at se på en upload af hende til Photo Wall og bruge denne til at nulstille hendes adgangskode via <a href=\"/#/forgot-password\">Glemt adgangskode</a>-funktionen.",
"Take a look at the details in the photo to determine the location of where it was taken.": "Tag et kig på detaljerne i billedet for at afgøre, hvor det blev taget.",
"Juice Shop \"Permafrost\" 2020 Edition": "Juice Shop \"Permafrost\" 2020 Udgave",
"Best Juice Shop Salesman Artwork": "Kunstværk: Juice Shops Bedste Sælger",
"Unique digital painting depicting Stan, our most qualified and almost profitable salesman. He made a succesful carreer in selling used ships, coffins, krypts, crosses, real estate, life insurance, restaurant supplies, voodoo enhanced asbestos and courtroom souvenirs before <em>finally</em> adding his expertise to the Juice Shop marketing team.": "Unikt digitalt maleri, der afbilder Stan, vores mest kvalificerede og næsten rentable sælger. Han opnåede en succesfuld karriere gennem salg af brugte skibe, kister, krypter, kors, ejendomme, livsforsikring, restaurantforsyninger, asbest forbedret med voodoo og souvenirs fra retssale, før han <em>endelig</em> føjede sin ekspertise til Juice Shops marketing team.",
"20th Anniversary Celebration Ticket": "20th Anniversary Celebration Ticket",
"Get your <a href=\"https://20thanniversary.owasp.org/\" target=\"_blank\">free 🎫 for OWASP 20th Anniversary Celebration</a> online conference! Hear from world renowned keynotes and special speakers, network with your peers and interact with our event sponsors. With an anticipated 10k+ attendees from around the world, you will not want to miss this live on-line event!": "Get your <a href=\"https://20thanniversary.owasp.org/\" target=\"_blank\">free 🎫 for OWASP 20th Anniversary Celebration</a> online conference! Hear from world renowned keynotes and special speakers, network with your peers and interact with our event sponsors. With an anticipated 10k+ attendees from around the world, you will not want to miss this live on-line event!",
"OWASP Juice Shop Card (non-foil)": "OWASP Juice Shop Card (non-foil)",
"Mythic rare <small><em>(obviously...)</em></small> card \"OWASP Juice Shop\" with three distinctly useful abilities. Alpha printing, mint condition. A true collectors piece to own!": "Mythic rare <small><em>(obviously...)</em></small> card \"OWASP Juice Shop\" with three distinctly useful abilities. Alpha printing, mint condition. A true collectors piece to own!",
"Line {{vulnLine}} is responsible for this vulnerability or security flaw. Select it and submit to proceed.": "Line {{vulnLine}} is responsible for this vulnerability or security flaw. Select it and submit to proceed.",
"Lines {{vulnLines}} are responsible for this vulnerability or security flaw. Select them and submit to proceed.": "Lines {{vulnLines}} are responsible for this vulnerability or security flaw. Select them and submit to proceed.",
"Receive a coupon code from the support chatbot.": "Receive a coupon code from the support chatbot.",
"Just keep asking.": "Just keep asking.",
"Permanently disable the support chatbot so that it can no longer answer customer queries.": "Deaktiver supportchatbot permanent, så det ikke længere kan besvare kundeforespørgsler.",
"Think of a way to get a hold of the internal workings on the chatbot API.": "Think of a way to get a hold of the internal workings on the chatbot API.",
"Gain read access to an arbitrary local file on the web server.": "Få læseadgang til en vilkårlig lokal fil på webserveren.",
"You should read up on vulnerabilities in popular NodeJs template engines.": "You should read up on vulnerabilities in popular NodeJs template engines.",
"Try to identify where (potentially malicious) user input is coming into the code.": "Try to identify where (potentially malicious) user input is coming into the code.",
"What is the code doing with the user input other than using it to filter the data source?": "What is the code doing with the user input other than using it to filter the data source?",
"Look for a line where the developers fiddled with Angular's built-in security model.": "Look for a line where the developers fiddled with Angular's built-in security model.",
"Using bypassSecurityTrustStyle() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. If at all, this switch might only accidentally keep XSS prevention intact. The context where the parameter is used is not CSS, making this switch totally pointless.": "Using bypassSecurityTrustStyle() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. If at all, this switch might only accidentally keep XSS prevention intact. The context where the parameter is used is not CSS, making this switch totally pointless.",
"Using bypassSecurityTrustResourceUrl() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. This switch might only accidentally keep XSS prevention intact, but the new URL context does not make any sense here.": "Using bypassSecurityTrustResourceUrl() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. This switch might only accidentally keep XSS prevention intact, but the new URL context does not make any sense here.",
"Using bypassSecurityTrustScript() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. If at all, this switch might only accidentally keep XSS prevention intact. The context where the parameter is used is not a script either, so this switch would be nonsensical.": "Using bypassSecurityTrustScript() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. If at all, this switch might only accidentally keep XSS prevention intact. The context where the parameter is used is not a script either, so this switch would be nonsensical.",
"Removing the bypass of sanitization entirely is the best way to fix this vulnerability. Fiddling with Angular's built-in sanitization was entirely unnecessary as the user input for a text search should not be expected to contain HTML that needs to be rendered but merely plain text.": "Removing the bypass of sanitization entirely is the best way to fix this vulnerability. Fiddling with Angular's built-in sanitization was entirely unnecessary as the user input for a text search should not be expected to contain HTML that needs to be rendered but merely plain text.",
"Can you identify one or more routes which have something to do with log files?": "Can you identify one or more routes which have something to do with log files?",
"Did you spot the directory listing clearly linked to log files?": "Did you spot the directory listing clearly linked to log files?",
"Did you notice that there is a seperate route for retrieving individual log files?": "Did you notice that there is a seperate route for retrieving individual log files?",
"Make sure to select both lines responsible for the log file data leakage.": "Make sure to select both lines responsible for the log file data leakage.",
"Switching off the detailed view option is a cosmetic change on the directory listing but still allows the logs to be browsed and accessed.": "Switching off the detailed view option is a cosmetic change on the directory listing but still allows the logs to be browsed and accessed.",
"Removing the route that serves individual log files is likely to plumb the data leak but still provides information to the attacker unnecessarily.": "Removing the route that serves individual log files is likely to plumb the data leak but still provides information to the attacker unnecessarily.",
"Removing only the directory listing will still allow attackers to download individual log files if they can come up with a valid file name.": "Removing only the directory listing will still allow attackers to download individual log files if they can come up with a valid file name.",
"There should generally be no good reason to expose server logs through a web URL of the server itself, epecially not when that server is Internet-facing.": "There should generally be no good reason to expose server logs through a web URL of the server itself, epecially not when that server is Internet-facing.",
"Among the long list of route mappings, can you spot any that seem responsible for admin-related functionality?": "Among the long list of route mappings, can you spot any that seem responsible for admin-related functionality?",
"Luckily the route mappings were originally in alphabetical order before the developers forgot about that rule at some point.": "Luckily the route mappings were originally in alphabetical order before the developers forgot about that rule at some point.",
"Assuming that the original \"AdminGuard\" provided access control only to admin users, switching to \"LoginGuard\" seems like a downgrade that would give access to any authenticated user.": "Assuming that the original \"AdminGuard\" provided access control only to admin users, switching to \"LoginGuard\" seems like a downgrade that would give access to any authenticated user.",
"Obfuscating the path to the administration section does not add any security, even if it wasn't just a trivial Base64 encoding.": "Obfuscating the path to the administration section does not add any security, even if it wasn't just a trivial Base64 encoding.",
"This obfuscation attempt is hard to undo by hand but trivial when executed in a JavaScript console. Regardless, obfuscating the route does not add any level of security.": "This obfuscation attempt is hard to undo by hand but trivial when executed in a JavaScript console. Regardless, obfuscating the route does not add any level of security.",
"While attempts could be made to limit access to administrative functions of a web shop through access control, it is definitely safer to apply the \"separation of concerns\" pattern more strictly by internally hosting a distinct admin backend application with no Internet exposure.": "While attempts could be made to limit access to administrative functions of a web shop through access control, it is definitely safer to apply the \"separation of concerns\" pattern more strictly by internally hosting a distinct admin backend application with no Internet exposure.",
"Can you identify one or more routes which have something to do with file serving?": "Can you identify one or more routes which have something to do with file serving?",
"Did you notice that there are seperate routes the directory listing and retrieving individual files?": "Did you notice that there are seperate routes the directory listing and retrieving individual files?",
"Make sure to select both lines responsible for the data leakage.": "Make sure to select both lines responsible for the data leakage.",
"Removing only the directory listing will still allow attackers to download individual files if they can come up with a valid file name.": "Removing only the directory listing will still allow attackers to download individual files if they can come up with a valid file name.",
"Removing the routes that serve individual files is likely to plumb the data leak but still provides information to the attacker unnecessarily.": "Removing the routes that serve individual files is likely to plumb the data leak but still provides information to the attacker unnecessarily.",
"Switching off the icons is a cosmetic change on the directory listing but still allows the files to be browsed and accessed.": "Switching off the icons is a cosmetic change on the directory listing but still allows the files to be browsed and accessed.",
"Getting rid of the /ftp folder entirely is the only way to plumb this data leakage for good. Valid static content in it needs to be moved to a more suitable location and order confirmation PDFs had no business to be placed there publicly accessible in the first place. Everything else in that folder was just accidentally put & forgotten there anyway.": "Getting rid of the /ftp folder entirely is the only way to plumb this data leakage for good. Valid static content in it needs to be moved to a more suitable location and order confirmation PDFs had no business to be placed there publicly accessible in the first place. Everything else in that folder was just accidentally put & forgotten there anyway.",
"In the long list of API-handling middleware, try to find the ones dealing with products offered in the shop first.": "In the long list of API-handling middleware, try to find the ones dealing with products offered in the shop first.",
"API routes need to specifically define a handler for a HTTP verb if they wish to override the \"allow everything to everyone\" default behavior.": "API routes need to specifically define a handler for a HTTP verb if they wish to override the \"allow everything to everyone\" default behavior.",
"There is one line that is commented out for no good reason among the product-related middleware.": "There is one line that is commented out for no good reason among the product-related middleware.",
"While removing the commented-out line made the code cleaner, it did not change the functionality in any way and thus cannot have improved security either.": "While removing the commented-out line made the code cleaner, it did not change the functionality in any way and thus cannot have improved security either.",
"Removing all dedicated handling of the products API made things worse, as now the default permissions of the underlying API generator will be used: Allowing GET, POST, PUT and DELETE - without any restrictions.": "Removing all dedicated handling of the products API made things worse, as now the default permissions of the underlying API generator will be used: Allowing GET, POST, PUT and DELETE - without any restrictions.",
"You improved security slightly by no longer accepting PUT requests from anonymous API callers. But does the shop even want to allow its authenticated customers to change products themselves?": "You improved security slightly by no longer accepting PUT requests from anonymous API callers. But does the shop even want to allow its authenticated customers to change products themselves?",
"Disabling all HTTP verbs other than GET for the products API is indeed the only safe way to implement secure access control. Shop administrators should not use the customer facing web UI to manage the store's inventory anyway.": "Disabling all HTTP verbs other than GET for the products API is indeed the only safe way to implement secure access control. Shop administrators should not use the customer facing web UI to manage the store's inventory anyway.",
"Try to identify any variables in the code that might contain arbitrary user input.": "Try to identify any variables in the code that might contain arbitrary user input.",
"Follow the user input through the function call and try to spot places where it might be abused for malicious purposes.": "Follow the user input through the function call and try to spot places where it might be abused for malicious purposes.",
"Can you spot a place where a SQL query is being cobbled together in an unsafe way?": "Can you spot a place where a SQL query is being cobbled together in an unsafe way?",
"Trying to prevent any injection attacks with a custom-built blocklist mechanism is doomed to fail. It might work for some simpler attack payloads but an attacker with time and skills can likely bypass it at some point.": "Trying to prevent any injection attacks with a custom-built blocklist mechanism is doomed to fail. It might work for some simpler attack payloads but an attacker with time and skills can likely bypass it at some point.",
"Replacing the template string (`...`) notation with plain string concatenation (\"...\"+\"...\") does not change the behavior of the code in any way. It only makes the code less readable.": "Replacing the template string (`...`) notation with plain string concatenation (\"...\"+\"...\") does not change the behavior of the code in any way. It only makes the code less readable.",
"Using the built-in replacement (or binding) mechanism of Sequelize is equivalent to creating a Prepared Statement. This prevents tampering with the query syntax through malicious user input as it is \"set in stone\" before the criteria parameter is inserted.": "Using the built-in replacement (or binding) mechanism of Sequelize is equivalent to creating a Prepared Statement. This prevents tampering with the query syntax through malicious user input as it is \"set in stone\" before the criteria parameter is inserted.",
"Can you find a HTTP route mapping that deals with metrics?": "Can you find a HTTP route mapping that deals with metrics?",
"Remember: The default behavior of route mappings is to allow access to everyone.": "Remember: The default behavior of route mappings is to allow access to everyone.",
"The metrics route remains publicly accessible. This change only messes with functional settings of the measurement framework unnecessarily.": "The metrics route remains publicly accessible. This change only messes with functional settings of the measurement framework unnecessarily.",
"This fix prevents unauthorized access to the metrics route but overshoots the goal by locking out everyone - including administrators.": "This fix prevents unauthorized access to the metrics route but overshoots the goal by locking out everyone - including administrators.",
"Access will now be restricted only to users with administrator permissions, which seems reasonable protection, assuming that it is not possible for a regular user to escalate admin priviliges. If that were a risk, the metrics should better be stored behind the scenes not be made accessible via the shop application at all.": "Access will now be restricted only to users with administrator permissions, which seems reasonable protection, assuming that it is not possible for a regular user to escalate admin priviliges. If that were a risk, the metrics should better be stored behind the scenes not be made accessible via the shop application at all.",
"Do you remember the security question that Bender used for his account?": "Do you remember the security question that Bender used for his account?",
"This question is the source of the security risk in this challenge.": "This question is the source of the security risk in this challenge.",
"While not necessarily as trivial to research via a user's LinkedIn profile, the question is still easy to research or brute force when answered truthfully.": "While not necessarily as trivial to research via a user's LinkedIn profile, the question is still easy to research or brute force when answered truthfully.",
"Exchanging \"company\" with \"organization\" is only a vocabulary change and has no effect on security.": "Exchanging \"company\" with \"organization\" is only a vocabulary change and has no effect on security.",
"When answered truthfully, all security questions are susceptible to online research (on Facebook, LinkedIn etc.) and often even brute force. If at all, they should not be used as the only factor for a security-relevant function.": "When answered truthfully, all security questions are susceptible to online research (on Facebook, LinkedIn etc.) and often even brute force. If at all, they should not be used as the only factor for a security-relevant function.",
"Can you identify the lines which have something to do with crypto currency addresses?": "Can you identify the lines which have something to do with crypto currency addresses?",
"Did you notice there is a constant containing allowed redirect web addresses?": "Did you notice there is a constant containing allowed redirect web addresses?",
"Make sure to select all three lines responsible for crypto currency addresses which are not promoted any longer.": "Make sure to select all three lines responsible for crypto currency addresses which are not promoted any longer.",
"This fix removes one deprecated crypto currency address from the allow list but forgets to deal with two other ones.": "This fix removes one deprecated crypto currency address from the allow list but forgets to deal with two other ones.",
"When cleaning up any allow list of deprecated entries, it is crucial to be thorough and re-check the list regularly. Otherwise allow lists tend to become weaker over time.": "When cleaning up any allow list of deprecated entries, it is crucial to be thorough and re-check the list regularly. Otherwise allow lists tend to become weaker over time.",
"This fix uses the binding mechanism of Sequelize to create the equivalent of a Prepared Statement, which is great. Unfortunately this fix also introduces a critical functional bug into the authentication process.": "This fix uses the binding mechanism of Sequelize to create the equivalent of a Prepared Statement, which is great. Unfortunately this fix also introduces a critical functional bug into the authentication process.",
"This fix unfortunately goes only half the way to using the binding mechanism of Sequelize. Such a Prepared Statement still concatenated from user input, is still wide open for SQL Injection attacks.": "This fix unfortunately goes only half the way to using the binding mechanism of Sequelize. Such a Prepared Statement still concatenated from user input, is still wide open for SQL Injection attacks.",
"This fix unfortunately goes only half the way to using the replacement mechanism of Sequelize. Such a Prepared Statement still concatenated from user input, is still wide open for SQL Injection attacks.": "This fix unfortunately goes only half the way to using the replacement mechanism of Sequelize. Such a Prepared Statement still concatenated from user input, is still wide open for SQL Injection attacks.",
"Turning off the \"plain\" flag will let Sequelize return all matching rows instead of just the first one. This neither makes sense from a functional point of view in a login function, not could it prevent SQL Injection attacks.": "Turning off the \"plain\" flag will let Sequelize return all matching rows instead of just the first one. This neither makes sense from a functional point of view in a login function, not could it prevent SQL Injection attacks.",
"Using the built-in binding (or replacement) mechanism of Sequelize is equivalent to creating a Prepared Statement. This prevents tampering with the query syntax through malicious user input as it is \"set in stone\" before the criteria parameter is inserted.": "Using the built-in binding (or replacement) mechanism of Sequelize is equivalent to creating a Prepared Statement. This prevents tampering with the query syntax through malicious user input as it is \"set in stone\" before the criteria parameter is inserted.",
"Using bypassSecurityTrustSoundCloud() instead of bypassSecurityTrustHtml() supposedly bypasses sanitization to allow only content from that service provider. Not surprisingly, there is no such vendor-specific function bypassSecurityTrustSoundCloud() offered by the Angular DomSanitizer.": "Using bypassSecurityTrustSoundCloud() instead of bypassSecurityTrustHtml() supposedly bypasses sanitization to allow only content from that service provider. Not surprisingly, there is no such vendor-specific function bypassSecurityTrustSoundCloud() offered by the Angular DomSanitizer.",
"Using bypassSecurityTrustIframe() instead of bypassSecurityTrustHtml() supposedly bypasses sanitization to allow only <iframe> tags. But, the Angular DomSanitizer does not offer tag-specific bypass functions.": "Using bypassSecurityTrustIframe() instead of bypassSecurityTrustHtml() supposedly bypasses sanitization to allow only <iframe> tags. But, the Angular DomSanitizer does not offer tag-specific bypass functions.",
"Do you remember the security question that Jim used for his account?": "Do you remember the security question that Jim used for his account?",
"Widening the scope from an \"eldest sibling\" to \"any family member\" still allows the question to be easily researched online (on Facebook etc.) or brute forced when answered truthfully.": "Widening the scope from an \"eldest sibling\" to \"any family member\" still allows the question to be easily researched online (on Facebook etc.) or brute forced when answered truthfully.",
"Tightening the scope from an \"eldest sibling\" to \"eldest brother\" reduces any brute force effort to only male forenames, assuming the question is answered truthfully.": "Tightening the scope from an \"eldest sibling\" to \"eldest brother\" reduces any brute force effort to only male forenames, assuming the question is answered truthfully.",
"Do you remember the security question that Bjoern used for his account?": "Do you remember the security question that Bjoern used for his account?",
"Researching someone's current place of residence is probably even easier than a past one.": "Researching someone's current place of residence is probably even easier than a past one.",
"When changing the scope of this question from \"teenager\" to \"toddler\", researching a past place of residence still is the only (low) hurdle for the attacker.": "When changing the scope of this question from \"teenager\" to \"toddler\", researching a past place of residence still is the only (low) hurdle for the attacker.",
"Do you remember the security question that Bjoern used for his OWASP account?": "Do you remember the security question that Bjoern used for his OWASP account?",
"There are even less car brands in the world than potential pet names. Therefore, changing the security questions has even a negative effect on overall security as it makes guessing and brute forcing much easier.": "There are even less car brands in the world than potential pet names. Therefore, changing the security questions has even a negative effect on overall security as it makes guessing and brute forcing much easier.",
"This fix option is obviously (?) a joke. But it should still illustrate that narrowing the scope of a question reduces the solution space accordingly, thus making \"social stalking\" and brute force much easier.": "This fix option is obviously (?) a joke. But it should still illustrate that narrowing the scope of a question reduces the solution space accordingly, thus making \"social stalking\" and brute force much easier.",
"Do you remember the security question that Uvogin used for his account?": "Do you remember the security question that Uvogin used for his account?",
"When changing the scope of this question from \"movie\" to \"actor/actress\", researching and brute forcing is probably just as easy for the attacker.": "When changing the scope of this question from \"movie\" to \"actor/actress\", researching and brute forcing is probably just as easy for the attacker.",
"Narrowing the scope of the question from \"movie\" to \"animé\" dramatically reduces the solution space, thus making guessing and brute force attacks a lot easier.": "Narrowing the scope of the question from \"movie\" to \"animé\" dramatically reduces the solution space, thus making guessing and brute force attacks a lot easier.",
"Among the long list of route mappings, can you spot any that seem responsible for the Score Board screen?": "Among the long list of route mappings, can you spot any that seem responsible for the Score Board screen?",
"If you accidentally scrolled over the relevant line, try using the text search in your browser.": "If you accidentally scrolled over the relevant line, try using the text search in your browser.",
"Searching for \"score\" should bring you to the right route mapping.": "Searching for \"score\" should bring you to the right route mapping.",
"Obfuscating the path to the Score Board does not add any security, even if it wasn't just a trivial Base64 encoding. It would, on the other hand, make finding it a bit more difficulty. This is probably not intended as the Score Board screen is the hub for all other challenges.": "Obfuscating the path to the Score Board does not add any security, even if it wasn't just a trivial Base64 encoding. It would, on the other hand, make finding it a bit more difficulty. This is probably not intended as the Score Board screen is the hub for all other challenges.",
"Removing the entire route mapping would improve security but also break functionality by making the Score Board entirely inaccessible. Keep in mind that the Score Board is hidden only to be found and used to track all the other challenges.": "Removing the entire route mapping would improve security but also break functionality by making the Score Board entirely inaccessible. Keep in mind that the Score Board is hidden only to be found and used to track all the other challenges.",
"In this one-of-a-kind scenario it is really best to just leave the code unchanged. Fiddling with it might either break accessibility of the crucial Score Board screen or make it unnecessarily harder to find it.": "In this one-of-a-kind scenario it is really best to just leave the code unchanged. Fiddling with it might either break accessibility of the crucial Score Board screen or make it unnecessarily harder to find it.",
"Limiting the allowed search values via startsWith() would still allow SQL Injection via \"orange')) UNION SELECT ... --\" or similarly prefixed payloads. Even worse, this fix also breaks the free text search capability.": "Limiting the allowed search values via startsWith() would still allow SQL Injection via \"orange')) UNION SELECT ... --\" or similarly prefixed payloads. Even worse, this fix also breaks the free text search capability.",
"Which entity is this challenge most likely about? Try to find all code places where that entity is somehow processed.": "Which entity is this challenge most likely about? Try to find all code places where that entity is somehow processed.",
"In this snippet you must look for a place where something is missing that, if present, would negate an arbitrary role assignment.": "In this snippet you must look for a place where something is missing that, if present, would negate an arbitrary role assignment.",
"Make sure that you do not select any lines that are contained in the vulnerable function but themselves have nothing to do with the vulberability.": "Make sure that you do not select any lines that are contained in the vulnerable function but themselves have nothing to do with the vulberability.",
"This change results in the \"role\" property not being returned in any User-API responses. This will not prevent setting an arbitrary role during user creation but probably also break some functionality in the client that relies on the role being present.": "This change results in the \"role\" property not being returned in any User-API responses. This will not prevent setting an arbitrary role during user creation but probably also break some functionality in the client that relies on the role being present.",
"This code change will check if a role is already defined on the user entity. If so, it will keep it. If not, it will set \"customer\" as a fallback role. This still allows anyone to pick their own prefered role, though.": "This code change will check if a role is already defined on the user entity. If so, it will keep it. If not, it will set \"customer\" as a fallback role. This still allows anyone to pick their own prefered role, though.",
"Removing the interceptor function completely not only keeps the role assignment possible, it also breaks functionality by no longer creating digital wallets for new users.": "Removing the interceptor function completely not only keeps the role assignment possible, it also breaks functionality by no longer creating digital wallets for new users.",
"This actually fixes the role assignment issue, by overriding any value pre-set via the POST request with a static \"customer\" default role.": "This actually fixes the role assignment issue, by overriding any value pre-set via the POST request with a static \"customer\" default role.",
"Where is the Token Sale page actually being handled?": "Where is the Token Sale page actually being handled?",
"What is weird about how the Token Sale route is being declared?": "What is weird about how the Token Sale route is being declared?",
"If the Token Sale page is still considered a secret, why is it mapped to a route at all?": "If the Token Sale page is still considered a secret, why is it mapped to a route at all?",
"Restricting access to the Token Sale page to administrators might sound good in theory. Unfortunately this all only happens in client-side code, so such check couldn't be fully trusted.": "Restricting access to the Token Sale page to administrators might sound good in theory. Unfortunately this all only happens in client-side code, so such check couldn't be fully trusted.",
"Obfuscating the path to the Token Sale page with Base64 instead of the original obfuscation function does not add any security. It actually makes the route even more easily identifiable.": "Obfuscating the path to the Token Sale page with Base64 instead of the original obfuscation function does not add any security. It actually makes the route even more easily identifiable.",
"The only viable way to prevent access to a soon-to-be-released Token Sale page is to not have it in the client-side code before its actual release. It then makes sense to not have any premature route mapping declarations either. This then makes the whole obfuscation code-madness unnecessary as well.": "The only viable way to prevent access to a soon-to-be-released Token Sale page is to not have it in the client-side code before its actual release. It then makes sense to not have any premature route mapping declarations either. This then makes the whole obfuscation code-madness unnecessary as well.",
"You should take a close look at how this code checks for allowed vs. forbidded URLs to redirect to.": "You should take a close look at how this code checks for allowed vs. forbidded URLs to redirect to.",
"Try to play through how the logical operators and used standard functions work in this situation.": "Try to play through how the logical operators and used standard functions work in this situation.",
"Could you somehow make the code believe that it is dealing with an allow-listed URL while it actually isn't?": "Could you somehow make the code believe that it is dealing with an allow-listed URL while it actually isn't?",
"The open redirect flaw in this code cannot be fixed by applying URL encoding to the target URL. In fact, it would break the entire redirect mechanism for allow-listed URLs as they are not URL-encoded and would therefore never match.": "The open redirect flaw in this code cannot be fixed by applying URL encoding to the target URL. In fact, it would break the entire redirect mechanism for allow-listed URLs as they are not URL-encoded and would therefore never match.",
"Changing from logical \"or\" to logical \"and\" here does not do anything for security but entirely breaks the redirect mechanism as \"allowed\" can never be true after the loop.": "Changing from logical \"or\" to logical \"and\" here does not do anything for security but entirely breaks the redirect mechanism as \"allowed\" can never be true after the loop.",
"HTML-escaping is completely wrong in this situation because the code is dealing with URLs and not HTML input.": "HTML-escaping is completely wrong in this situation because the code is dealing with URLs and not HTML input.",
"Using indexOf allowed any URLs as long as they contained any allow-listed URL, even if it just would be as a parameter. Replacing this with an actual equality check mitigates this lapse and makes the redirect only work for allow-listed URLs.": "Using indexOf allowed any URLs as long as they contained any allow-listed URL, even if it just would be as a parameter. Replacing this with an actual equality check mitigates this lapse and makes the redirect only work for allow-listed URLs.",
"The security flaw has something to do with the rate limiting configuration.": "The security flaw has something to do with the rate limiting configuration.",
"Do you think the time window or number of requests is the actual problem here? Maybe there is something else going wrong...": "Do you think the time window or number of requests is the actual problem here? Maybe there is something else going wrong...",
"Take a close look at the HTTP header being used here and ask yourself: \"Could an attacker do anything with it to bypass rate limiting?\"": "Take a close look at the HTTP header being used here and ask yourself: \"Could an attacker do anything with it to bypass rate limiting?\"",
"Removing the setting to trust proxies does not improve security of the rate limiting. It might have some unforseen or unintended functional side-effects, though.": "Removing the setting to trust proxies does not improve security of the rate limiting. It might have some unforseen or unintended functional side-effects, though.",
"Replacing the \"X-Forwarded-For\" header with its standardized alternative \"Forwarded\" does not close the security flaw of how this header is actually being used and can be abused by attackers.": "Replacing the \"X-Forwarded-For\" header with its standardized alternative \"Forwarded\" does not close the security flaw of how this header is actually being used and can be abused by attackers.",
"Reducing the rate limit from 100 requests in 5min to 10 reqests in 3min could be seen as a security improvement, if there wasn't an entirely unrelated misconfiguration at play here.": "Reducing the rate limit from 100 requests in 5min to 10 reqests in 3min could be seen as a security improvement, if there wasn't an entirely unrelated misconfiguration at play here.",
"Removing the custom key generator that lets an arbitrary HTTP header take precedence over the client IP is the best option here. Now an attacker at least needs to fake their actual IP to bypass the rate limiting, as this is the default key for the RateLimit module used here. There is a functional downside though, as now users behin e.g. corporate proxies might be rate limited as a group and not individually. But with 100 allowed password resets in 5min this should not occur too frequently.": "Removing the custom key generator that lets an arbitrary HTTP header take precedence over the client IP is the best option here. Now an attacker at least needs to fake their actual IP to bypass the rate limiting, as this is the default key for the RateLimit module used here. There is a functional downside though, as now users behin e.g. corporate proxies might be rate limited as a group and not individually. But with 100 allowed password resets in 5min this should not occur too frequently.",
"Find all places in the code which are handling the product descriptions.": "Find all places in the code which are handling the product descriptions.",
"Manually encoding the angular brackets of the HTML tags does not add any security. It is likely to break descriptions with legitimate HTML tags for styling or links, though.": "Manually encoding the angular brackets of the HTML tags does not add any security. It is likely to break descriptions with legitimate HTML tags for styling or links, though.",
"The removed code block deals with handling of different screen sizes and is entirely unrelated to the given XSS vulnerability.": "The removed code block deals with handling of different screen sizes and is entirely unrelated to the given XSS vulnerability.",
"Using bypassSecurityTrustScript() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. If at all, this switch might only accidentally keep XSS prevention intact.": "Using bypassSecurityTrustScript() instead of bypassSecurityTrustHtml() changes the context for which input sanitization is bypassed. If at all, this switch might only accidentally keep XSS prevention intact.",
"Removing the bypass of sanitization entirely is the best way to fix the XSS vulnerability here. It should be noted, that XSS is only a consequence of broken authorization in this case, as users should not be allowed to change product descriptions in the first place.": "Removing the bypass of sanitization entirely is the best way to fix the XSS vulnerability here. It should be noted, that XSS is only a consequence of broken authorization in this case, as users should not be allowed to change product descriptions in the first place.",
"To find the culprit lines, you need to understand how MongoDB handles updating records.": "To find the culprit lines, you need to understand how MongoDB handles updating records.",
"Did you notice that the developers retrieved a reference to the user but never actually use it for anything? This might be part of the problem.": "Did you notice that the developers retrieved a reference to the user but never actually use it for anything? This might be part of the problem.",
"Another problematic line you need to select, is actually missing something that ties the user to the review.": "Another problematic line you need to select, is actually missing something that ties the user to the review.",
"This solution would reassign an updated review to the last editor, but it would not prevent to change other user's reviews in the first place.": "This solution would reassign an updated review to the last editor, but it would not prevent to change other user's reviews in the first place.",
"Removing the option to update multiple documents at once is a good idea and might actually help against another flaw in this code. But it does not fix the problem of allowing users to update other user's reviews.": "Removing the option to update multiple documents at once is a good idea and might actually help against another flaw in this code. But it does not fix the problem of allowing users to update other user's reviews.",
"Setting the author on server-side based on the user retrieved from the authentication token in the HTTP request is the right call. It prevents users from just passing any author email they like along with the request.": "Setting the author on server-side based on the user retrieved from the authentication token in the HTTP request is the right call. It prevents users from just passing any author email they like along with the request.",
"Does this query really need to allow updating more than one review at once?": "Does this query really need to allow updating more than one review at once?",
"Consider the query parameters under control of the attacker and try to find the one where they might inject some query-altering command.": "Consider the query parameters under control of the attacker and try to find the one where they might inject some query-altering command.",
"Removing the option to update multiple documents at once combined with avoiding a \"not-equal\"-based injection is insufficient against any attacker with at least moderate MongoDB query knowledge.": "Removing the option to update multiple documents at once combined with avoiding a \"not-equal\"-based injection is insufficient against any attacker with at least moderate MongoDB query knowledge.",
"Removing the option to update multiple documents at once is definitely necessary. But it is unfortunately not a sufficient fix, as an attacker might still be able to \"add back\" the multi-update behavior.": "Removing the option to update multiple documents at once is definitely necessary. But it is unfortunately not a sufficient fix, as an attacker might still be able to \"add back\" the multi-update behavior.",
"Removing the option to update multiple documents at once combined with only allowing plain strings in the ID parameter is the right call. This will prevent any attacker from injecting their own JSON payload to manipulate the query in their favor.": "Removing the option to update multiple documents at once combined with only allowing plain strings in the ID parameter is the right call. This will prevent any attacker from injecting their own JSON payload to manipulate the query in their favor.",
"Exact version of <a href=\"https://github.com/juice-shop/juice-shop/releases/tag/v9.3.1-PERMAFROST\">OWASP Juice Shop that was archived on 02/02/2020</a> by the GitHub Archive Program and ultimately went into the <a href=\"https://github.blog/2020-07-16-github-archive-program-the-journey-of-the-worlds-open-source-code-to-the-arctic\">Arctic Code Vault</a> on July 8. 2020 where it will be safely stored for at least 1000 years.": "Exact version of <a href=\"https://github.com/juice-shop/juice-shop/releases/tag/v9.3.1-PERMAFROST\">OWASP Juice Shop that was archived on 02/02/2020</a> by the GitHub Archive Program and ultimately went into the <a href=\"https://github.blog/2020-07-16-github-archive-program-the-journey-of-the-worlds-open-source-code-to-the-arctic\">Arctic Code Vault</a> on July 8. 2020 where it will be safely stored for at least 1000 years.",
"Close multiple \"Challenge solved\"-notifications in one go.": "Close multiple \"Challenge solved\"-notifications in one go.",
"Either check the official documentation or inspect a notification UI element directly.": "Either check the official documentation or inspect a notification UI element directly.",
"Find a form which updates the username and then construct a malicious page in the online HTML editor. You probably need an older browser version for this.": "Find a form which updates the username and then construct a malicious page in the online HTML editor. You probably need an older browser version for this.",
"Register a user with an empty email and password.": "Register a user with an empty email and password.",
"Consider intercepting and playing with the request payload.": "Consider intercepting and playing with the request payload.",
"Mint the Honey Pot NFT by gathering BEEs from the bee haven.": "Mint the Honey Pot NFT by gathering BEEs from the bee haven.",
"Discover NFT wonders among the captivating visual memories.": "Discover NFT wonders among the captivating visual memories.",
"Take over the wallet containing our official Soul Bound Token (NFT).": "Take over the wallet containing our official Soul Bound Token (NFT).",
"Find the seed phrase posted accidentally.": "Find the seed phrase posted accidentally.",
"Withdraw more ETH from the new wallet than you deposited.": "Withdraw more ETH from the new wallet than you deposited.",
"Try to exploit the contract of the wallet.": "Try to exploit the contract of the wallet.",
"Find an accidentally deployed code sandbox for writing smart contracts on the fly.": "Find an accidentally deployed code sandbox for writing smart contracts on the fly.",
"It is just as easy as finding the Score Board.": "It is just as easy as finding the Score Board.",
"He might have trumpeted it on at least one occasion where a camera was running. Maybe elsewhere as well.": "He might have trumpeted it on at least one occasion where a camera was running. Maybe elsewhere as well.",
"Find the hidden <a href=\"https://en.wikipedia.org/wiki/Easter_egg_(media)\" target=\"_blank\">easter egg</a>.": "Find the hidden <a href=\"https://en.wikipedia.org/wiki/Easter_egg_(media)\" target=\"_blank\">easter egg</a>.",
"Try either a) a knowledgeable brute force attack or b) reverse engineering or c) some research in the cloud.": "Try either a) a knowledgeable brute force attack or b) reverse engineering or c) some research in the cloud.",
"Bypass a security control with a <a href=\"https://hakipedia.com/index.php/Poison_Null_Byte\">Poison Null Byte</a> to access a file not meant for your eyes.": "Bypass a security control with a <a href=\"https://hakipedia.com/index.php/Poison_Null_Byte\">Poison Null Byte</a> to access a file not meant for your eyes.",
"Undoubtedly you want to read our security policy before conducting any research on our application.": "Undoubtedly you want to read our security policy before conducting any research on our application."
}