Phpmyadmin Hacktricks
| Module | Type | Use | |---|---|---| | post/linux/gather/phpmyadmin_credsteal | Post‑exploitation | Retrieves stored credentials from Linux systems | | exploit/multi/http/phpmyadmin_preg_replace | RCE | Targets CVE-2016-5734 | | auxiliary/scanner/http/phpmyadmin_login | Auxiliary | Brute‑forces phpMyAdmin logins |
Before launching an attack, thorough enumeration is essential to identify version-specific vulnerabilities or misconfigurations.
phpMyAdmin is a popular web-based administration tool for MySQL and MariaDB databases. It is offered by most hosting providers and can be found on roughly every second website, making it a tempting target for attackers. This guide provides a detailed overview of techniques for identifying, exploiting, and mitigating security weaknesses in phpMyAdmin instances. phpmyadmin hacktricks
If you obtain valid credentials (either via brute-force, default settings, or credential stuffing), your privileges within the database determine your next steps. Arbitrary File Read via SQL (LOAD DATA INFILE)
phpMyAdmin can also be used to escalate privileges on a database server. For example, an attacker may use phpMyAdmin to create a new database user with elevated privileges. | Module | Type | Use | |---|---|---|
:
Once logged into phpMyAdmin, the goal is to pivot to operating system control. A. Writing a Webshell via SQL This guide provides a detailed overview of techniques
When allow_url_include is enabled, remote file inclusion using php://input becomes possible:
privilege), attackers can move from database access to full server compromise: General Log Shell Enable the general log: SET GLOBAL general_log = 'ON'; Set the log file path to a web-accessible directory: SET GLOBAL general_log_file = '/var/www/html/shell.php'; Execute a query containing PHP code: SELECT ""; Access the log file via a browser to execute commands. Slow Query Log Shell : Similar to the general log method, but uses slow_query_log_file
: Tools like Nuclei or WhatWeb can fingerprints specific versions based on static asset hashes. Default Credentials