From 3ae171c303ffaf5056978c14bfba63d2bcb7fd00 Mon Sep 17 00:00:00 2001
From: esheri3 <esheri3@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Mon, 22 Jan 2007 17:42:32 +0000
Subject: [PATCH] Fixed a few spelling mistakes

git-svn-id: http://webgoat.googlecode.com/svn/trunk@63 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../WebContent/lesson_plans/HttpSplitting.html        | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html b/ webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html
index 7d00ff74d..191d1aba4 100644
--- a/ webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html	
+++ b/ webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html	
@@ -3,19 +3,19 @@
  </div>
  
 <p><b>Concept / Topic To Teach:</b> </p>
- This lesson teaches how to perform HTPP Splitting attacks.
+ This lesson teaches how to perform HTTP Splitting attacks.
  <br> 
 <div align="Left"> 
 <p>
 <b>How the attacks works:</b>
 </p>
-The attacker passes malacious code to the web server together with normal input. 
+The attacker passes malicious code to the web server together with normal input. 
 A victim application will not be checking for CR (carriage return, also given by %0d or \r) 
 and LF (line feed, also given by %0a or \n)characters. These characters not only give attackers control 
 of the remaining headers and body of the response the application intends to send, 
 but also allows them to create additional responses entirely under their control.<br>
-The effect of an HTTP Splitting attack is maximized when accompanied with a Cache Poisining. The goal of
-Cache Poisining attack is to poison the cache of the victim by fooling the cache to believe that the page
+The effect of an HTTP Splitting attack is maximized when accompanied with a Cache Poisoning. The goal of
+Cache Poisoning attack is to poison the cache of the victim by fooling the cache to believe that the page
 hijacked using the HTTP splitting is a good one and it is indeed the server's copy.<br>
 The attack happens using the HTTP Splitting attack plus adding the <b>Last-Modified:</b> header and setting it
 to a future date. This will force the browser to send <b>If-Modified-Since</b> request header, which gives the attacker
@@ -27,5 +27,6 @@ Date: Fri, 30 Dec 2005 17:32:47 GMT
 <p><b>General Goal(s):</b> </p>
 <!-- Start Instructions -->
 This lesson has two stages. Stage 1 teaches you how to do HTTP Splitting attacks while stage 2 builds on that to teach you how to elevate HTTP Splitting to Cache Poisoning.<br>
-Enter a language for the system to search by. You will notice that the application is redirecting your request to another resource on the server. You should be able to use the CR (%0d) and LF (%0a) to exploit the attack. Your excercise should be to force the server to send a 200 OK. If the screen changed as an effect to your attack, just go back to the homepage and after stage 2 is exploited successfully you will find the green check in the left menu.
+Enter a language for the system to search by. You will notice that the application is redirecting your request to another resource on the server. You should be able to use the CR (%0d) and LF (%0a) to exploit the attack. Your exercise should be to force the server to send a 200 OK. If the screen changed as an effect to your attack, just go back to the homepage and after stage 2 is exploited successfully you will find the green check in the left menu.
 <!-- Stop Instructions -->
+