Add two more assignments for SQL injection where only filtering is applied.

webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionMitigations.html

@@ -66,14 +66,60 @@
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:SqlInjection_content12.adoc"></div>
 </div>
-
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:SqlInjection_content12a.adoc"></div>
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <form class="attack-form" accept-charset="UNKNOWN"
+              method="POST" name="form"
+              action="/WebGoat/SqlOnlyInputValidation/attack"
+              enctype="application/json;charset=UTF-8">
+            <table>
+                <tr>
+                    <td>Name:</td>
+                    <td><input name="userid_sql_only_input_validation" value="" type="TEXT"/></td>
+                    <td><input
+                            name="Get Account Info" value="Get Account Info" type="SUBMIT"/></td>
+                    <td></td>
+                </tr>
+            </table>
+        </form>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+    </div>
+</div>
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:SqlInjection_content12b.adoc"></div>
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <form class="attack-form" accept-charset="UNKNOWN"
+              method="POST" name="form"
+              action="/WebGoat/SqlOnlyInputValidationOnKeywords/attack"
+              enctype="application/json;charset=UTF-8">
+            <table>
+                <tr>
+                    <td>Name:</td>
+                    <td><input name="userid_sql_only_input_validation_on_keywords" value="" type="TEXT"/></td>
+                    <td><input
+                            name="Get Account Info" value="Get Account Info" type="SUBMIT"/></td>
+                    <td></td>
+                </tr>
+            </table>
+        </form>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+    </div>
+</div>
+
+
+<div class="lesson-page-wrapper">
+    <div class="adoc-content" th:replace="doc:SqlInjection_content13.adoc"></div>
 </div>
 
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:SqlInjection_order_by.adoc"></div>
-    <script th:src="@{/lesson_js/assignment12.js}" language="JavaScript"></script>
+    <script th:src="@{/lesson_js/assignment13.js}" language="JavaScript"></script>
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
         <form class="attack-form" accept-charset="UNKNOWN"
@@ -145,7 +191,7 @@
 </div>
 
 <div class="lesson-page-wrapper">
-    <div class="adoc-content" th:replace="doc:SqlInjection_content13.adoc"></div>
+    <div class="adoc-content" th:replace="doc:SqlInjection_content14.adoc"></div>
 </div>
 
 </html>