In some misconfigured environments, the phpMyAdmin config.inc.php file is set up to use the config authentication type instead of cookie or http . This automatically logs in any visitor as a pre-configured user (often root ) without prompting for a username or password. 3. Exploitation Techniques (Post-Authentication)
The /doc/html/index.html or /Documentation.html paths can leak installation details.
Disable functions like system , shell_exec , and passthru in php.ini .
: Look for config.inc.php in common directories or through Local File Inclusion (LFI). This file often contains cleartext credentials. phpmyadmin hacktricks
index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd 2.2. SQL Injection and Data Manipulation
Check for publicly accessible documentation or changelog files. /README /Documentation.html /Documentation.txt /ChangeLog
To effectively conduct a penetration test or security audit on , it is essential to understand the transition from initial access to Remote Code Execution (RCE). phpMyAdmin is a web-based interface for managing MySQL and MariaDB, making it a high-value target. 🔍 Initial Discovery and Enumeration In some misconfigured environments, the phpMyAdmin config
SHOW VARIABLES LIKE "secure_file_priv";
. Change it to a random string to prevent automated bots from finding it. IP Whitelisting : Restrict access to specific trusted IP addresses in your Apache or Nginx configuration Disable Root Login
) and then include that session file via the traversal flaw. SQL Injection : Vulnerabilities like CVE-2020-5504 This file often contains cleartext credentials
phpMyAdmin is often installed in predictable locations. Try these paths during your directory brute-force:
Look for database passwords, SSH keys, API tokens.
allow authenticated users to perform SQL injection in the "user accounts" page, potentially escalating privileges or modifying data. Log File Manipulation
If the MySQL user has the FILE privilege, you can write a web shell directly to the web root. :
In some cases, an attacker may use phpMyAdmin to upload malicious files to a server. This can be done by executing an SQL query that writes a file to the server's file system.