From b24d805e93225406318b2dd9ddc3178d29a9af7c Mon Sep 17 00:00:00 2001
From: "wirth.marcel" <wirth.marcel@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Sun, 13 Apr 2008 22:16:35 +0000
Subject: [PATCH] Minor changes

git-svn-id: http://webgoat.googlecode.com/svn/trunk@326 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../org/owasp/webgoat/lessons/MultiLevelLogin1.java    |  2 +-
 .../org/owasp/webgoat/lessons/MultiLevelLogin2.java    |  2 +-
 .../org/owasp/webgoat/lessons/SessionFixation.java     | 10 +++++-----
 .../JavaSource/org/owasp/webgoat/session/CreateDB.java |  2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java
index 7d7d28870..688904a96 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java
@@ -821,7 +821,7 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
 		if (getLessonTracker(s).getStage() == 1)
 		{
 			instructions = "STAGE 1:\t This stage is just to show how a classic multi login works. "
-					+ "Your goal is to do a regular login as Jane with password tarzan. "
+					+ "Your goal is to do a regular login as <b>Jane</b> with password <b>tarzan</b>. "
 					+ "You have following TAN: <br>" + "Tan #1 = 15648<br>" + "Tan #2 = 92156<br>"
 					+ "Tan #3 = 4879<br>" + "Tan #4 = 9458<br>" + "Tan #5 = 4879<br>";
 
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
index ac11b0cf7..138a65ffb 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java
@@ -798,7 +798,7 @@ public class MultiLevelLogin2 extends LessonAdapter
 		String instructions = "";
 
 		instructions = "You are an attacker called Joe. You have a valid account by webgoat financial. Your goal is to log in as "
-				+ "Jane. Your username is Joe and your password is banana. This are your TANS: <br>"
+				+ "Jane. Your username is <b>Joe</b> and your password is <b>banana</b>. This are your TANS: <br>"
 				+ "Tan #1 = 15161<br>"
 				+ "Tan #2 = 4894<br>"
 				+ "Tan #3 = 18794<br>"
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
index 75ab86aff..3e8ec5929 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
@@ -148,7 +148,7 @@ public class SessionFixation extends SequentialLessonAdapter
 		{
 			s.add(MAILCONTENTNAME, mailContent);
 		}
-		if (mailContent.contains(getLink()+"&SID=") && getLessonTracker(s).getStage() == 1)
+		if ((mailContent.contains("&SID=") || mailContent.contains("?SID=")) && getLessonTracker(s).getStage() == 1)
 		{
 			getLessonTracker(s).setStage(2);
 			s.setMessage("You completed stage 1!");
@@ -234,7 +234,7 @@ public class SessionFixation extends SequentialLessonAdapter
 		ElementContainer ec = new ElementContainer();
 		ec.addElement("<h2>Jane has logged into her account. Go and grab her session!" +
 				" Use Following link to reach the login screen of the bank:</h2><br><br>" +
-				"<a href=" + super.getLink() +"&SID=NOVALIDSESSION><center> WebGoat Financial </center></a><br><br><br><br>");
+				"<a href=" + super.getLink() +"&SID=NOVALIDSESSION><center> Goat Hills Financial </center></a><br><br><br><br>");
 		return ec;
 		//return createMainLoginContent(s);
 	}
@@ -744,12 +744,12 @@ public class SessionFixation extends SequentialLessonAdapter
 		else if (stage == 3)
 		{
 			instructions += "As the bank kindly asked to verfy your data you have to log in to see if your details are "  +
-					"correct ;). Your user name is Jane and your password is tarzan. <br><br><b>You are: Victim Jane</b> ";
+					"correct ;). Your user name is <b>Jane</b> and your password is <b>tarzan</b>. <br><br><b>You are: Victim Jane</b> ";
 		}
 		else if (stage == 4)
 		{
-			instructions += "It is time to steal the session now. Just use the link you sent to " +
-					"Jane.<br><br><b>You are: Hacker Joe</b> ";
+			instructions += "It is time to steal the session now. Use following link to reach Goat Hills " +
+					"Financial.<br><br><b>You are: Hacker Joe</b> ";
 		}
 
 
diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
index 8bb3b00fa..852f2859c 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
@@ -352,7 +352,7 @@ public class CreateDB
 		// Populate it
 		String insertData1 = "INSERT INTO user_data_tan VALUES (101,'Joe','Snow','987654321','VISA',' ',0, 'banana')";
 		String insertData2 = "INSERT INTO user_data_tan VALUES (102,'Jane','Plane','74589864','MC',' ',0, 'tarzan')";
-		String insertData3 = "INSERT INTO user_data_tan VALUES (103,'Jack','Sparrow','68659365','MC',' ',0, 'sniffable')";
+		String insertData3 = "INSERT INTO user_data_tan VALUES (103,'Jack','Sparrow','68659365','MC',' ',0, 'sniffy')";
 
 		statement.executeUpdate(insertData1);
 		statement.executeUpdate(insertData2);