Added XMLInjection lesson

Modified DOM Injection lesson
Added gratification to http splitting

git-svn-id: http://webgoat.googlecode.com/svn/trunk@37 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/WebContent/lesson_plans/XMLInjection.html

@@ -0,0 +1,18 @@
+<div align="Center"> 
+<p><b>Lesson Plan Title:</b> XML Injection Attacks. </p>
+ </div>
+ 
+<p><b>Concept / Topic To Teach:</b> </p>
+ This lesson teaches how to perform XML Injection attacks.
+ <br> 
+<div align="Left"> 
+<p>
+<b>How the attacks works:</b>
+</p>
+AJAX applications use XML to exchange information with the server. This XML can be easily intercepted and altered by a malacious attacker.
+
+</div>
+<p><b>General Goal(s):</b> </p>
+<!-- Start Instructions -->
+The form below takes your WebGoat Rewards Mile account and returns back the kind of rewards you can afford. Your goal is to try to add more rewards to your allowed set of rewards. Your account ID is 836239.
+<!-- Stop Instructions -->