Thingamablog Blog : Hacking Thingamablog's Database

« I Created an Internal Site Search Engine | Main | Be Careful of Links to Files »

Friday, August 14, 2009

Hacking Thingamablog's Database

I have hacked into the database used by Thingamablog.

The blog entries are stored in a database so that the software can extract the entries into the various pages, such as the main page, the archive page, the entry pages, etc. The database used by Thingamablog is the HSQLDB.

http://hsqldb.org/

It is a 100% java, embedded database. It interprets normal SQL commands.

The database engine is contained in the jar file, hsqldb.jar, in the lib directory where you installed the Thingamablog program. It turns out that there is a database manager program embedded in the same jar file, and you can use it to look in the database. You just need to run the database manager and connect it to your database and you are in.

On my system, the Thingamablog program is installed here:

  /home/brian/apps/thingamablog/thingamablog-1.1b6/

My database, the thing that actually contains the entries for my blogs is here:

  /home/brian/blogsdatabase/database

So to run the program and connect to my database, first I open a command line terminal and cd to my database directory:

  cd /home/brian/blogsdatabase/database

You must be in the directory that contains the database files:

database.script
database.properties
database.data
database.backup

to make this work, not in the directory above it.

Then run the database manager program directly from the hsqldb jar file:

  java -cp /home/brian/apps/thingamablog/thingamablog-1.1b6/lib/hsqldb.jar 
  org.hsqldb.util.DatabaseManager&

The program is written in Java, so we run it with the java runtime. Since my blog is on a Linux computer, the & at the end of the command runs the program in the background and gives back the command line prompt in the terminal emulator. It isn't necessary to run the program.

If you are on a Windows system, you can run the program the same way using a DOS command window with a command like:

  java -cp C:\Apps\Thingamablog\src\thingamablog-1.1b6\lib\hsqldb.jar 
  org.hsqldb.util.DatabaseManager

or something similar, depending on where you installed Thingamablog.

Once you run the database manager, it will post a connection dialog. Using the selector box at the top select "standalone" mode, and in the URL field enter the name "database", which is the name Thingamoblog uses for its database. Here is the dialog:

Connection

Once you have the connection set up, click on OK and you should see the database manager dialog showing the tables in the database:

Manager

At this point, you can enter some SQL commands to poke around and see what the contents of the database are, like this:

SQL query

That is all there is to it.

Oh, yes, and if you are not very familiar with SQL, you might not want to fool around too much. If you change anything in the database, you could blow out your entire blog. Be careful! Don't change the contents of the database! You have been warned! Don't come crying to me if you lose everything.

You might want to do a complete backup of your blog before you try this.

Posted by Brian S. Kimerer at 9:54 PM

I am a software engineer by trade. For fun I build and play banjos and paint pictures. To see some of my work, click on the link that says "My Web Site" in the Links section of this page.

Front Page
Syndicate this site (XML)

Favorite Links

TheCAPTCHA

Google Site Search

Credits

Original Design by Movablestyle
Revised Design by Brian S. Kimerer