Fixed image paths

docs/solution/a1-injection.md

@@ -7,10 +7,10 @@ There is a SQL Injection in `User Search` feature at the following URL
 http://127.0.0.1:9090/app/usersearch
 
 By injecting a single quote `'`, we see an error has occurred.
-![sqli1](/resources/sqli1.png "SQLi Trigger")
+![sqli1](../resources/sqli1.png "SQLi Trigger")
 
 An attacker can exploit this further and obtain potentially sensitive information from the database by supplying the input `' UNION SELECT password,1 from Users where login='user' -- //`
-![sqli2](/resources/sqli2.png "Exploiting SQLi")
+![sqli2](../resources/sqli2.png "Exploiting SQLi")
 
 **Vulnerable Code snippet**
 
@@ -58,7 +58,7 @@ http://127.0.0.1:9090/app/ping
 
 
 By injecting `x ; id`, we are able to see that the `id` command has been executed.
-![ci1](/resources/ci1.png "Command injection")
+![ci1](../resources/ci1.png "Command injection")
 
 **Vulnerable Code snippet**
 
@@ -104,4 +104,4 @@ The fix has been implemented in this [commit](https://github.com/appsecco/dvna/c
 
 - <https://www.owasp.org/index.php/Top_10-2017_A1-Injection>
 - <https://snyk.io/blog/sql-injection-orm-vulnerabilities/>
-- <https://hackernoon.com/nodejs-security-issue-javascript-node-example-tutorial-vulnerabilities-hack-line-url-command-injection-412011924d1b>
+- <https://hackernoon.com/nodejs-security-issue-javascript-node-example-tutorial-vulnerabilities-hack-line-url-command-injection-412011924d1b>