renamed JavaSource -> java, WebContent -> webapp regarding to Maven convention

git-svn-id: http://webgoat.googlecode.com/svn/trunk@392 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/webapp/lesson_solutions/Lab SQL Injection/Lab String SQL Injection.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Solution Lab SQL Injection Stage1</title>
+<link rel="stylesheet" type="text/css"
+	href="lesson_solutions/formate.css">
+</head>
+<body>
+<p><b>Lesson Plan Title:</b> How to Perform a SQLInjection</p>
+
+<p><b>Concept / Topic To Teach:</b><br />
+SQL injection attacks represent a serious threat to any database-driven
+site. The methods behind an attack are easy to learn and the damage
+caused can range from considerable to complete system compromise.
+Despite these risks, an incredible number of systems on the internet are
+susceptible to this form of attack.</p>
+
+<p>Not only is it a threat easily instigated, it is also a threat
+that, with a little common-sense and forethought, can easily be
+prevented.</p>
+
+<p>It is always good practice to sanitize all input data, especially
+data that will used in OS command, scripts, and database queiries, even
+if the threat of SQL injection has been prevented in some other manner.
+</p>
+
+<p><b>General Goal(s):</b><br />
+For this exercise, you will perform SQLInjection attacks. You will also
+implement code changes in the web application to defeat these attacks.</p>
+
+<p><b>Solution:</b><br />
+Select Neville as user to log in. Make sure WebScarab will intercept the next request.
+Hit the Login Button and Change the password parameter in WebScarab to smith' OR '1' = '1. 
+Et voila you are logged in as Neville without knowing the password as the query
+will lookup if the password is smith and if not it controls if 1=1 what
+return true.</p>
+</body>
+</html>