* Hints added

* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk@301 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/WebContent/lesson_solutions/UncheckedEmail.html

@@ -551,7 +551,7 @@ should be able to send an obnoxious email message.<o:p></o:p></span></p>
 style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
 
 <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Type a
-malicious script like &lt;script&gt;alert(<EFBFBD>XSS<EFBFBD>)&lt;/script&gt; and click Send!<o:p></o:p></span></p>
+malicious script like &lt;script&gt;alert("XSS")&lt;/script&gt; and click Send!<o:p></o:p></span></p>
 
 <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
 
@@ -613,7 +613,7 @@ field-end'></span><![endif]--> Part 1 completed<span style='font-family:"Arial",
 <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The second
 part of this lesson is to send a mail to a friend from OWASP. This can be
 accomplished by intercepting the request with WebScarab and changing the hidden
-field <EFBFBD>to<EFBFBD> from <a href="mailto:webgoat.admin@owasp.org">webgoat.admin@owasp.org</a>
+field "to" from <a href="mailto:webgoat.admin@owasp.org">webgoat.admin@owasp.org</a>
 to <a href="mailto:bill.gates@microsoft.com">bill.gates@microsoft.com</a><o:p></o:p></span></p>
 
 <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>