diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java
index 7d7d28870..688904a96 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java
@@ -821,7 +821,7 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
if (getLessonTracker(s).getStage() == 1)
{
instructions = "STAGE 1:\t This stage is just to show how a classic multi login works. "
- + "Your goal is to do a regular login as Jane with password tarzan. "
+ + "Your goal is to do a regular login as Jane with password tarzan. "
+ "You have following TAN:
" + "Tan #1 = 15648
" + "Tan #2 = 92156
"
+ "Tan #3 = 4879
" + "Tan #4 = 9458
" + "Tan #5 = 4879
";
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
index ac11b0cf7..138a65ffb 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
@@ -798,7 +798,7 @@ public class MultiLevelLogin2 extends LessonAdapter
String instructions = "";
instructions = "You are an attacker called Joe. You have a valid account by webgoat financial. Your goal is to log in as "
- + "Jane. Your username is Joe and your password is banana. This are your TANS:
"
+ + "Jane. Your username is Joe and your password is banana. This are your TANS:
"
+ "Tan #1 = 15161
"
+ "Tan #2 = 4894
"
+ "Tan #3 = 18794
"
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
index 75ab86aff..3e8ec5929 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
@@ -148,7 +148,7 @@ public class SessionFixation extends SequentialLessonAdapter
{
s.add(MAILCONTENTNAME, mailContent);
}
- if (mailContent.contains(getLink()+"&SID=") && getLessonTracker(s).getStage() == 1)
+ if ((mailContent.contains("&SID=") || mailContent.contains("?SID=")) && getLessonTracker(s).getStage() == 1)
{
getLessonTracker(s).setStage(2);
s.setMessage("You completed stage 1!");
@@ -234,7 +234,7 @@ public class SessionFixation extends SequentialLessonAdapter
ElementContainer ec = new ElementContainer();
ec.addElement("Jane has logged into her account. Go and grab her session!" +
" Use Following link to reach the login screen of the bank:
" +
- " WebGoat Financial
");
+ " Goat Hills Financial
");
return ec;
//return createMainLoginContent(s);
}
@@ -744,12 +744,12 @@ public class SessionFixation extends SequentialLessonAdapter
else if (stage == 3)
{
instructions += "As the bank kindly asked to verfy your data you have to log in to see if your details are " +
- "correct ;). Your user name is Jane and your password is tarzan.
You are: Victim Jane ";
+ "correct ;). Your user name is Jane and your password is tarzan.
You are: Victim Jane ";
}
else if (stage == 4)
{
- instructions += "It is time to steal the session now. Just use the link you sent to " +
- "Jane.
You are: Hacker Joe ";
+ instructions += "It is time to steal the session now. Use following link to reach Goat Hills " +
+ "Financial.
You are: Hacker Joe ";
}
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
index 8bb3b00fa..852f2859c 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
@@ -352,7 +352,7 @@ public class CreateDB
// Populate it
String insertData1 = "INSERT INTO user_data_tan VALUES (101,'Joe','Snow','987654321','VISA',' ',0, 'banana')";
String insertData2 = "INSERT INTO user_data_tan VALUES (102,'Jane','Plane','74589864','MC',' ',0, 'tarzan')";
- String insertData3 = "INSERT INTO user_data_tan VALUES (103,'Jack','Sparrow','68659365','MC',' ',0, 'sniffable')";
+ String insertData3 = "INSERT INTO user_data_tan VALUES (103,'Jack','Sparrow','68659365','MC',' ',0, 'sniffy')";
statement.executeUpdate(insertData1);
statement.executeUpdate(insertData2);