webgoat breaking

["Indian Tiger" <indiantiger () mailandnews com>]

hi all,

i m trying to break the webgoat challenge. But i m not able to break the
user authentication. I tried to break user authentication using all possible
SQL Injections, but it couldnt work out. I need help on this topic. what i
should try to break this user authentication. i have gone thru its code ,it
is written in the java & i did not find any Sql query used for cheking
username & password, so is there any way to break this user authentication
scheme ?
        I m looking for the material on SERVER SIDE INCLUDES VULNAREBILITIES. i got
the information that some sites are vulnarable to Server Side Includes but i
dont know how i can use SSI to test vulnarability of the sites.  SSL
includes can be helpfull in webgoat also.Any help on this topic will be
highly appreciated.



Thanking You.
Sincerely,

Indian Tiger, CISSP