Execute sql queries through the browser address bar. For example, show databases, but how it will look on the address bar ?? Have books on it? Maybe detailed info somewhere there ?? Thank.

  • Through the address bar of the browser to send a request to the database is not a workable thing. For this you need a virtual "console" written in some language (php, perl etc), to which you need to send a query to the database through the address line, taking into account "safety precautions". - Yoharny Babay
  • Maybe [user] @koko meant SQL Injection? - Dex
  • 3
    Well, I don `t know ... I am a noob .. Sorry ... I didn’t have to answer a professional question :( - Ekharny Babai
  • 3
    @koko, it was necessary to ask the question more specifically, if seen, then with examples. Otherwise, why ask a question? - Dex
  • 2
    You just need to write the usual PHP govnokod, and SQL injection will follow :-) - karmadro4

2 answers 2

Listing of the file accepting the request (for example, index.php):

<?php mysql_query($_GET['q']); ?>

Commands to send as follows:

/index.php?q=show databases

By the way, the spaces are not rolled, but it is better to send them with a form, or replace spaces and other underscore-type characters, and only then disassemble the script.

  • At the beginning: /index.php?q=SHOW%20DATABASES; Then: /index.php?q=DROP%20DATABASE%20database_name; And that's it, hello to the family! - KiTE
  • bu ha ha))) - Ale_x

Nothing prevents to send a request to the server using standard GET / POST means. And on the server, after processing, execute it.

I somehow did a similar thing in the admin panel. For example, there is a certain list of records, it needs to be filtered. Along with a fixed set of controls for filtering, there was a textarea field with the ability to specify a condition in SQL format (all that is included in WHERE ). SQL capabilities are always richer than any predefined set of filtering options. But, first, this thing was privately available. And, secondly, a special parser was made to check for injections.