implemented assignment 4, some other changes

webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html

@@ -65,13 +65,13 @@
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
         <form class="attack-form" accept-charset="UNKNOWN"
               method="POST" name="form"
-              action="/WebGoat/SqlInjection/attack"
+              action="/WebGoat/SqlInjection/attack4"
               enctype="application/json;charset=UTF-8"
               autocomplete="off">
             <table>
                 <tr>
                     <td><label>SQL query</label></td>
-                    <td><input name="name" value="" type="TEXT" placeholder="SQL query"/></td>
+                    <td><input name="query" value="" type="TEXT" placeholder="SQL query"/></td>
                 </tr>
                 <tr>
                     <td><button type="SUBMIT">Submit</button></td>
@@ -90,13 +90,13 @@
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
         <form class="attack-form" accept-charset="UNKNOWN"
               method="POST" name="form"
-              action="/WebGoat/SqlInjection/attack"
+              action="/WebGoat/SqlInjection/attack5"
               enctype="application/json;charset=UTF-8"
               autocomplete="off">
             <table>
                 <tr>
                     <td><label>SQL query</label></td>
-                    <td><input name="name" value="" type="TEXT" placeholder="SQL query"/></td>
+                    <td><input name="query" value="" type="TEXT" placeholder="SQL query"/></td>
                 </tr>
                 <tr>
                     <td><button type="SUBMIT">Submit</button></td>

webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content3.adoc

@@ -11,15 +11,14 @@ If an attacker uses a SQL injection of the DDL type to manipulate your database,
 * DROP - delete objects from the database
 * Example:
 ** CREATE TABLE Employees( +
-       IdNum INT NOT NULL, +
-       LName VARCHAR (20) NOT NULL, +
-       FName VARCHAR (20) NOT NULL, +
-       JobCode VARCHAR (3) NOT NULL, +
-       Salary DECIMAL (18, 2), +
-       Phone VARCHAR (20), +
-       PRIMARY KEY (IdNum) +
+       userid varchar(6) not null primary key, +
+       first_name varchar(20), +
+       last_name varchar(20), +
+       department varchar(20), +
+       salary varchar(10), +
+       auth_tan varchar(6) +
 );
 ** This statement creates the employees example table given on page 2.
 
-Now try to modify the schneme by removing the column "Phone" from the table "Employees":
+Now try to modify the scheme by adding the column "phone" to the table "employees":