[OWASP-WEBGOAT]Challenge #3 problem

[Cynick Young]

There's a problem with challenge #3 on Windows 2000 in that starting the 
shell cmd.exe from SSI, your current working directory is wherever you 
started WebGoat from, ie. C:\webgoat and NOT the webapp context path.  
Thus, <!--#exec cmd="echo defaced > %CD%/index_guest.html"--> will put 
the file in C:\webgoat\index_guest.html and not where it needs to be.  
Without knowing the installation, one cannot complete the challenge 
properly.