From f19330db4b00882ce8a514d6c02e082cae5cf61f Mon Sep 17 00:00:00 2001 From: mayhew64 Date: Fri, 29 Dec 2006 05:11:40 +0000 Subject: [PATCH] Changed help text git-svn-id: http://webgoat.googlecode.com/svn/trunk@52 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java index 9b1c5c71c..03cd13981 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java @@ -56,7 +56,7 @@ public class XPATHInjection extends LessonAdapter { Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("center"); TR tr = new TR(); - tr.addElement( new TH().addElement("Please input your username and password to view your profile.").setColSpan(2).setAlign("left")); + tr.addElement( new TH().addElement("Please confirm your username and password before viewing your profile.").setColSpan(2).setAlign("left")); t1.addElement(tr); tr = new TR(); @@ -189,7 +189,7 @@ public class XPATHInjection extends LessonAdapter { hints.add( "Remember that the data is stored in XML format." ); hints.add( "The system is using XPath to query." ); hints.add( "XPath is almost the same thing as SQL, the same hacking techniques apply too." ); - hints.add( "Try username: tricked' or 1=1 or 'a'='a and a password: trickedya " ); + hints.add( "Try username: Smtih' or 1=1 or 'a'='a and a password: anything " ); return hints; }