Phpmyadmin Hacktricks ((free))

If phpMyAdmin is configured to allow file uploads (e.g., to import SQL dumps), you might be able to upload a PHP shell. 4. Post-Exploitation: Database to System

Compile a shared library and load it to execute OS commands.

7.5. Keep Software Updated

Stay curious, hack ethically, and always clean up after yourself.

Gaining access to the dashboard is the most direct path to full compromise. Default and Weak Credentials phpmyadmin hacktricks

SELECT grantee, privilege_type FROM information_schema.user_privileges;

If INTO OUTFILE is blocked, use MySQL logs: If phpMyAdmin is configured to allow file uploads (e

Before any attack can begin, an adversary must locate the target.

https://target.com/phpmyadmin/ (version 4.8.1) Step 1: Found accessible via dirb . Step 2: Weak credentials admin:admin succeed. Step 3: Run SHOW VARIABLES LIKE 'secure_file_priv' → empty value (good). Step 4: Write shell via INTO OUTFILE to /var/www/html/uploads/cmd.php . Step 5: Access https://target.com/uploads/cmd.php?cmd=id → uid=33(www-data) . Step 6: Read /etc/passwd , find another DB password, pivot to production server. Outcome: Full internal compromise. Step 6: Read /etc/passwd

If the database user has FILE privileges and you know the absolute web path (e.g., /var/www/html ), you can write a PHP shell directly to the disk.