From ba2cb7d14fa7001670a876968d10444e6d3afc75 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Thu, 1 Apr 2021 18:13:21 +0200
Subject: [PATCH] #974: Update the lesson text

---
 .../lessonPlans/en/SqlInjection_introduction_content4.adoc   | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content4.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content4.adoc
index 455797597..552965523 100644
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content4.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content4.adoc
@@ -9,10 +9,9 @@ If an attacker successfully "injects" DCL type SQL commands into a database, he
 * GRANT -  give a user access privileges on database objects
 * REVOKE - withdraw user privileges that were previously given using GRANT
 * Example:
-** GRANT CREATE TABLE +
-   TO operator;
+** GRANT CREATE TABLE TO operator;
 ** This statement gives all users of the operator-role the privilege to create new tables in the database.
 
 
-Try to grant the user group "UnauthorizedUser" the right to alter tables:
+Try to grant rights to the table `grant_rights` to user `unauthorized_user`: