On 10/26/07, Edward Chernenko <edwardspec(a)gmail.com> wrote:
2 SELECT page_namespace FROM page WHERE page_title=?
ORDER BY page_namespace
(this list may be written into mysql table).
User can inflict query by accessing some script common for all
queries, which would find query by it's number (query_id) and print
HTML form on GET (with textfields instead of placeholders) or results
on POST.
Permitting anonymous users to scan the page table seems like a pretty
good DoS vector for whatever server is being sacrificed for this.