diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Challenge2.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Challenge2.java
index 8bc916874..87ece4df9 100644
--- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Challenge2.java
+++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Challenge2.java
@@ -22,8 +22,8 @@ public class Challenge2 extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
public
@ResponseBody
- AttackResult completed(@RequestParam String couponCode) throws IOException {
- if (SUPER_COUPON_CODE.equals(couponCode)) {
+ AttackResult completed(@RequestParam String checkoutCode) throws IOException {
+ if (SUPER_COUPON_CODE.equals(checkoutCode)) {
return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build();
}
return failed().build();
diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html
index 8c9bbc78d..b937495a8 100644
--- a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html
+++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html
@@ -61,74 +61,82 @@
<script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
- <div class="container">
- <div class="row">
- <div class="col-xs-3 item-photo">
- <img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
- </div>
- <div class="col-xs-5" style="border:0px solid gray">
- <h3>Samsung Galaxy S8 Plus Android Phone</h3>
- <h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
- <small style="color:#337ab7">(124421 reviews)</small>
- </h5>
+ <form class="attack-form" accept-charset="UNKNOWN"
+ method="POST" name="form"
+ action="/WebGoat/challenge/2"
+ enctype="application/json;charset=UTF-8">
+ <div class="container">
- <h6 class="title-price">
- <small>PRICE</small>
- </h6>
- <h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
+ <div class="row">
+ <div class="col-xs-3 item-photo">
+ <img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
+ </div>
+ <div class="col-xs-5" style="border:0px solid gray">
+ <h3>Samsung Galaxy S8 Plus Android Phone</h3>
+ <h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
+ <small style="color:#337ab7">(124421 reviews)</small>
+ </h5>
- <div class="section">
- <h6 class="title-attr" style="margin-top:15px;">
- <small>COLOR</small>
+ <h6 class="title-price">
+ <small>PRICE</small>
</h6>
- <div>
- <div class="attr" style="width:25px;background:lightgrey;"></div>
- <div class="attr" style="width:25px;background:black;"></div>
+ <h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
+
+ <div class="section">
+ <h6 class="title-attr" style="margin-top:15px;">
+ <small>COLOR</small>
+ </h6>
+ <div>
+ <div class="attr" style="width:25px;background:lightgrey;"></div>
+ <div class="attr" style="width:25px;background:black;"></div>
+ </div>
</div>
- </div>
- <div class="section" style="padding-bottom:5px;">
- <h6 class="title-attr">
- <small>CAPACITY</small>
- </h6>
- <div>
- <div class="attr2">64 GB</div>
- <div class="attr2">128 GB</div>
+ <div class="section" style="padding-bottom:5px;">
+ <h6 class="title-attr">
+ <small>CAPACITY</small>
+ </h6>
+ <div>
+ <div class="attr2">64 GB</div>
+ <div class="attr2">128 GB</div>
+ </div>
</div>
- </div>
- <div class="section" style="padding-bottom:20px;">
- <h6 class="title-attr">
- <small>QUANTITY</small>
- </h6>
- <div>
- <div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
- <input class="quantity" value="1"/>
- <div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
+ <div class="section" style="padding-bottom:20px;">
+ <h6 class="title-attr">
+ <small>QUANTITY</small>
+ </h6>
+ <div>
+ <div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
+ <input class="quantity" value="1"/>
+ <div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
+ </div>
</div>
- </div>
- <div class="section" style="padding-bottom:20px;">
- <h6 class="title-attr">
- <small>CHECKOUT CODE</small>
- </h6>
+ <div class="section" style="padding-bottom:20px;">
+ <h6 class="title-attr">
+ <small>CHECKOUT CODE</small>
+ </h6>
- <!--
- Checkout code: pre-order-webgoat, pre-order-owasp, pre-order-webgoat-owasp
- -->
- <input class="checkoutCode" value=""/>
+ <!--
+ Checkout code: pre-order-webgoat, pre-order-owasp, pre-order-webgoat-owasp
+ -->
+ <input name="checkoutCode" class="checkoutCode" value=""/>
- </div>
+ </div>
- <div class="section" style="padding-bottom:20px;">
- <button class="btn btn-success"><span style="margin-right:20px"
- class="glyphicon glyphicon-shopping-cart"
- aria-hidden="true"></span>Buy
- </button>
- <h6><a href="#"><span class="glyphicon glyphicon-heart-empty" style="cursor:pointer;"></span>
- Like</a></h6>
+ <div class="section" style="padding-bottom:20px;">
+ <button type="submit" class="btn btn-success"><span style="margin-right:20px"
+ class="glyphicon glyphicon-shopping-cart"
+ aria-hidden="true"></span>Buy
+ </button>
+ <h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
+ style="cursor:pointer;"></span>
+ Like</a></h6>
+ </div>
</div>
</div>
+
</div>
- </div>
+ </form>
<br/>
<div>
<form class="form-inline" method="POST" name="form" action="/WebGoat/challenge/flag">
diff --git a/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_2.adoc b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_2.adoc
index a9177c5b2..6849340ea 100644
--- a/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_2.adoc
+++ b/webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_2.adoc
@@ -1 +1 @@
-=== No need to pay... (WIP!!)
\ No newline at end of file
+=== No need to pay...
\ No newline at end of file