Hacktricks - Phpmyadmin

Managing databases through phpMyAdmin is standard for developers, but it remains a primary target for attackers due to its deep access to sensitive data. Following the methodology often cited in resources like HackTricks, penetration testers focus on misconfigurations, version-specific vulnerabilities, and post-authentication exploits to compromise web servers. 1. Initial Reconnaissance & Discovery

D. Upload via File Upload Forms

If database contains file paths (e.g., user_uploads table), insert malicious files into those paths. Or use LOAD_FILE() to read local files: phpmyadmin hacktricks

The Classic Attack Chain

A typical phpMyAdmin exploitation workflow looks like this: /phpmyadmin/README /phpmyadmin/Documentation

6.2. Alerting

• /phpmyadmin/README
• /phpmyadmin/Documentation.html
• /phpmyadmin/doc/html/index.html
• The login page footer (e.g., "Version 4.9.7")

A. SQL to RCE via INTO OUTFILE

Write a webshell:

Log File Manipulation: If direct file writing is restricted, attackers may enable the General Query Log, set the log file path to a .php file in the webroot, and execute a query containing PHP code to "poison" the log. III. Security Hardening Best Practices penetration testers focus on misconfigurations

7.4. Principle of Least Privilege (PoLP)