Minor Bugfixes

git-svn-id: http://webgoat.googlecode.com/svn/trunk@338 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java

@@ -265,7 +265,6 @@ public class SQLInjection extends GoatHillsFinancial
 	}
 	
 	public String getLessonSolutionFileName(WebSession s) {
-		System.out.println("SOLUTION!!!");
 		String solutionFileName = null;
 		String stage = getStage(s);
 		solutionFileName = "/lesson_solutions/Lab SQL Injection/Lab " + stage + ".html";

webgoat/main/project/WebContent/lesson_solutions/ClientSideFiltering.html

@@ -35,10 +35,10 @@ First use any person from the list and see what you get. After doing this you
 can search for a specific person in Firebug. Make sure you find the hidden table with
 the information, including the salary and so on. In the same table you will find
 Neville.
-<center>
-<img src="/WebGoat/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg" alt="Clientside Filtering" />
+
+<img src="/WebGoat/lesson_solutions/ClientSideFiltering_files/clientside_firebug.jpg" alt="Clientside Filtering" /><br>
 <font size="2"><b>Inspect HTML on Firebug</b></font>
-</center>
+
 <p>
 Now write the salary into the text edit box and submit your answer!
 </p>

webgoat/main/project/WebContent/lesson_solutions/ClientSideValidation.html

@@ -38,10 +38,11 @@ Now enter a character in the coupon code field. The Javascript gets executed
 but stops at the breakpoint. On the right side you see the parameters
 and there values. Now use the step over symbol or F10. Now you can read
 the clear text of decrypted:
-<center>
+<br><br>
 <img src="/WebGoat/lesson_solutions/ClientSideValidation_files/ClientSideValidation_stage1.png" width=450px alt="Stage 1" />
-<b>Figure 1 Firebug in action</b>
-</center>
+<br>
+<b><font size="2">Figure 1 Firebug in action</font></b>
+
 <p>
 Now that you know the coupon name enter it in the coupon field, purchase something
 and you are done.

webgoat/main/project/WebContent/lesson_solutions/InsecureLogin.html

@@ -33,7 +33,7 @@ to the Tomcat Setup in the Introduction section.</p>
 is free: <a href="http://www.wireshark.org/"> Wireshark</a>. Make sure 
 you are capturing on the right interface. Click on
 the submit button ans stop the capturing. Now analyze the captured data.</p>
-<div align="center">
+<div align="left">
 <img src="lesson_solutions/InsecureLogin_files/wireshark1.png"><br>
 <font size="2"> <b>Figure 1: Sniffed Traffic</b></font>
 </div>

webgoat/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Business Layer Access Control.html

@@ -35,9 +35,9 @@ deletes employees. Of course you could just guess
 it because it has a really logical name.
 But we will look it up. So your first step is to log in as John with john as 
 password. Use WebScarab to intercept the delete request.
-<center>
+
 <img src="/WebGoat/lesson_solutions/Lab Access Control/images/access_control_stage1.png" width=450px alt="deleteAction" />
-</center>
+
 As you can see the delete action is called DeleteProfile.
 Now log in as Tom. Click in the list on his name and make sure WebScarab 
 will intercept the next request. Click on a button, for example the 

webgoat/main/project/WebContent/lesson_solutions/Lab Access Control/Lab Bypass Data Layer Access Control.html

@@ -37,10 +37,10 @@ of another employee!
 </p>
 <p>
 Log in as Tom with tom as password. Click on Tom's name in the list and make sure
-webscarab will intercept the next request. Change the employee_id for example to 101.
-<center>
+webscarab will intercept the next request. Change the employee_id for example to 101.<br><br>
+
 <img src="/WebGoat/lesson_solutions/Lab Access Control/images/access_control_stage1.png" width=450px alt="deleteAction" />
-</center>
+
 
 </body>
 </html>

webgoat/main/project/WebContent/lesson_solutions/Lab XSS/Lab Stored XSS.html

@@ -23,9 +23,9 @@ Now should appear Tom's Profile. Click on the 'Edit Profile' Button and try an X
 For example: &lt;script&gt;alert("Got Ya");&lt;/script&gt;<br/>
 Click on the UpdateProfile Button and Log out.</p><p>
 <p>
-<center>
+
 <img src="/WebGoat/lesson_solutions/Lab XSS/images/stored_xss.png" width=450px alt="stored_xss.png" />
-</center>
+
 <p>
 Now log in as Jerry with jerry as password. Select from the the list the profile of tom and hit the 
 ViewProfile Button. Congratulation! You have completed the lesson.

webgoat/main/project/WebContent/lesson_solutions/MultiLevelLogin1.html

@@ -33,13 +33,13 @@ works. In the second you have to break the strong authentication.
 <b>Stage 1</b><br>
 This stage should be rather straight forward. Give in as name Jane
 and as password tarzan. </p>
-<div align="center"><font size="2">
+<div align="left"><font size="2">
 <img src="lesson_solutions/MultiLevelLogin1_files/login.png"><br>
 <b>Figure 1: Login Screen</b>
 </font></div><br>
 Afthr clicking on the submit button
 you will be asked for the TAN. <br><br>
-<div align="center"><font size="2">
+<div align="left"><font size="2">
 <img src="lesson_solutions/MultiLevelLogin1_files/tan.png"><br>
 <b>Figure 2: TAN Screen</b>
 </font></div>
@@ -54,13 +54,13 @@ Now you will be asked for a TAN. Unfortunately you have only a already
 used TAN from the victim. Fill in the TAN you have and make sure that WebScarab
 will intercept the next request. Hit the submit button and change the hidden_tan
 value to 1. </p>
-<div align="center"><font size="2">
+<div align="left"><font size="2">
 <img src="lesson_solutions/MultiLevelLogin1_files/webscarab.png"><br>
 <b>Figure 3: Manipulation Of The Hidden Field With WebScarab</b>
 </font></div><br><br>
 Congratulations you are logged in as Jane.<br><br>
 
-<div align="center"><font size="2">
+<div align="left"><font size="2">
 <img src="lesson_solutions/MultiLevelLogin1_files/success.png"><br>
 <b>Figure 4: Manipulation Of The Hidden Field With WebScarab</b>
 </font></div>

webgoat/main/project/WebContent/lesson_solutions/MultiLevelLogin2.html

@@ -34,7 +34,7 @@ Log in as Joe with password banana. Now make sure the next request will be inter
 by WebScarab. Fill in the TAN you are asked for and hit the submit button.
 Change now the hidden_user value from Joe to Jane and you are logged in 
 as Jane.
-<div align="center">
+<div align="left">
 <img src="lesson_solutions/MultiLevelLogin2_files/success.png"><br>
 <font size="2"><b>Figure 1: Manipulation Of The Hidden Field With WebScarab</b></font>
 </div>

webgoat/main/project/WebContent/lesson_solutions/SessionFixation.html

@@ -51,7 +51,7 @@ the link. Of course can WHATEVER be replaced by any other string.
 The link should look similar to following:<br>
 &lt;a href=http://localhost/WebGoat/attack?Screen=46&menu=320&SID=WHATEVER&gt;
 </p>
-<div align="center"><font size="2">
+<div align="left"><font size="2">
 <img src='lesson_solutions/SessionFixation_files/sf_stage1.png'><br>
 <b>Figure 1: Phishing Mail</b>
 </font>
@@ -64,7 +64,7 @@ Point with the mouse on the link and you will notice the
 SID in the status bar of your browser. This is the easiest
 stage as you have only to click on the link	'Goat Hills Financial'.
 </p>
-<div align="center"><font size="2">
+<div align="left"><font size="2">
 <img src='lesson_solutions/SessionFixation_files/sf_stage2.png'><br>
 <b>Figure 2: Received Phishing Mail</b>
 </font>
@@ -78,7 +78,7 @@ the URL is the SID visible. All
 you have to do is to log in with your user name Jane
 and your password tarzan.
 </p>
-<div align="center"><font size="2">
+<div align="left"><font size="2">
 <img src='lesson_solutions/SessionFixation_files/sf_stage3.png'><br>
 <b>Figure 3: Goat Hills Financial Login Screen</b>
 </font>
@@ -98,7 +98,7 @@ Goat Hill Financial. Take a look at the URL and
 you will see that your SID is NOVALIDSESSION.
 Change this string to the SID you have chosen
 at the beginning of this lesson and hit enter.</p>
-<div align="center"><font size="2">
+<div align="left"><font size="2">
 <img src='lesson_solutions/SessionFixation_files/sf_stage4_1.png'><br>
 <b>Figure 4: Browser Address Bar Before Changes</b>
 <br><br>
@@ -109,7 +109,7 @@ at the beginning of this lesson and hit enter.</p>
 <br><br>
 Congratulation! You are logged in as Jane
 and the lesson was successful.
-<div align="center"><font size="2">
+<div align="left"><font size="2">
 <img src='lesson_solutions/SessionFixation_files/sf_success.png'><br>
 <b>Figure 6: Successful Completion Of The Lesson</b>
 </font>

webgoat/main/project/WebContent/lesson_solutions/SqlNumericInjection.html

@@ -637,7 +637,7 @@ query: SELECT * FROM weather_data WHERE station = 101<o:p></o:p></span></p>
 <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Intercept the post request with WebScarab and replace 101 with 101 or 1=1!<o:p></o:p></span></p>
 
 <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
-<center>
+
 <img src = "/WebGoat/lesson_solutions/SqlNumericInjection_files/numericinjection.png" width=350px>
 
 
@@ -647,13 +647,13 @@ field-begin'></span><span style='mso-spacerun:yes'>
 style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
 field-end'></span><![endif]--> Intercepted Request with WebScarab<span style='font-family:
 "Arial","sans-serif"'><o:p></o:p></span></p>
-</center>
+
 <br/>
 <br/>
 <p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>As the SQL Statement is true for every station you get
 a list of all stations:<o:p></o:p></span></p>
 
-<center>
+
 <img src = "/WebGoat/lesson_solutions/SqlNumericInjection_files/numericinjection_solved.png" width=350px>
 
 
@@ -663,7 +663,7 @@ field-begin'></span><span style='mso-spacerun:yes'>
 style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
 field-end'></span><![endif]--> All stations are visible<span style='font-family:
 "Arial","sans-serif"'><o:p></o:p></span></p>
-</center>
+
 
 <p class=MsoNormal><o:p>&nbsp;</o:p></p>