diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson6a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson6a.java index 5d852d439..9e0950c12 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson6a.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson6a.java @@ -78,9 +78,9 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint { results.last(); // If they get back more than one user they succeeded - if (results.getRow() >= 6) + if (results.getRow() >= 5) { - return trackProgress(success().feedback("sql-injection.6b.success").feedbackArgs(output.toString()).build()); + return trackProgress(success().feedback("sql-injection.6a.success").feedbackArgs(output.toString()).build()); } else { return trackProgress(failed().output(output.toString()).build()); } @@ -88,7 +88,7 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint { } else { - return trackProgress(failed().feedback("sql-injection.6b.no.results").build()); + return trackProgress(failed().feedback("sql-injection.6a.no.results").build()); } } catch (SQLException sqle) diff --git a/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html b/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html index b0c68efbc..85d55aadb 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html +++ b/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html @@ -210,4 +210,4 @@
- \ No newline at end of file + diff --git a/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/lessonPlans/en/SqlInjection_content6a.adoc b/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/lessonPlans/en/SqlInjection_content6a.adoc index 8819dc211..17e5a279d 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/lessonPlans/en/SqlInjection_content6a.adoc +++ b/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/lessonPlans/en/SqlInjection_content6a.adoc @@ -9,6 +9,7 @@ CREATE TABLE user_system_data (userid varchar(5) not null primary key, cookie varchar(30)); ------------------------------------------------------- -Execute a query to union or join these tables. When you have figured it out.... What is Dave's password? +*6.a)* Execute a query to union or join these tables. + +*6.b)* When you have figured it out.... What is Dave's password? diff --git a/webgoat-lessons/sql-injection/src/main/resources/plugin/i18n/WebGoatLabels.properties b/webgoat-lessons/sql-injection/src/main/resources/plugin/i18n/WebGoatLabels.properties index 26d7d4112..407f5367a 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/plugin/i18n/WebGoatLabels.properties +++ b/webgoat-lessons/sql-injection/src/main/resources/plugin/i18n/WebGoatLabels.properties @@ -14,5 +14,8 @@ sql-injection.5a.no.results=No results matched. Try Again. sql-injection.5b.success=You have succeed: {0} sql-injection.5b.no.results=No results matched. Try Again. +sql-injection.6a.success=You have succeed: {0} +sql-injection.6a.no.results=No results matched. Try Again. + sql-injection.6b.success=You have succeed: {0} -sql-injection.6b.no.results=No results matched. Try Again. \ No newline at end of file +sql-injection.6b.no.results=No results matched. Try Again.