Added an assignment for compromising availability to the sql injections (introduction).

WIP

webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html

@@ -86,7 +86,8 @@
         <form class="attack-form" accept-charset="UNKNOWN"
               method="POST" name="form"
               action="/WebGoat/SqlInjection/attack9"
-              enctype="application/json;charset=UTF-8">
+              enctype="application/json;charset=UTF-8"
+              autocomplete="off">
             <table>
                 <tr>
                     <td><label>Employee Name:</label></td>
@@ -109,19 +110,20 @@
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:SqlInjection_introduction_content10.adoc"></div>
 
-    <div class="adoc-content" th:replace="doc:SqlInjection_introduction_content8.adoc"></div>
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
         <form class="attack-form" accept-charset="UNKNOWN"
               method="POST" name="form"
-              action="/WebGoat/SqlInjection/attack5a"
-              enctype="application/json;charset=UTF-8">
+              action="/WebGoat/SqlInjection/attack10"
+              enctype="application/json;charset=UTF-8"
+              autocomplete="off">
             <table>
                 <tr>
-                    <td>Account Name:</td>
-                    <td><input name="account" value="" type="TEXT"/></td>
-                    <td><input
-                            name="Get Account Info" value="Get Account Info" type="SUBMIT"/></td>
+                    <td><label>Action contains:</label></td>
+                    <td><input name="action" value="" type="TEXT"/></td>
+                </tr>
+                <tr>
+                    <td><button type="SUBMIT">Search logs</button></td>
                 </tr>
             </table>
         </form>

webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties

@@ -52,3 +52,5 @@ SqlStringInjectionHint9-2=Use the ; metacharacter to do so.
 SqlStringInjectionHint9-3=Make use of DML to change your salary.
 SqlStringInjectionHint9-4=Make sure that the resulting query is syntactically correct.
 SqlStringInjectionHint9-5=How about something like '; UPDATE employees....
+
+sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data.

webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content10.adoc

@@ -1 +1,8 @@
-Availiability
+== Compromising Availability
+After successfully compromising confidentiality and integrity in the previous lessons, we now are going to compromise the third element of the CIA-Triad: *availability*.
+
+=== It's your turn!
+Now you're the top earner in your company.
+But do you see that?
+There seems to be a table, where all your actions have been logged to! +
+Better go and delete it quickly before anyone notices.