Phpmyadmin Hacktricks _top_ Direct

Menu

Phpmyadmin Hacktricks _top_ Direct

6.3. File Integrity Monitoring

When direct file writing is blocked by security mechanisms like secure_file_priv , attackers look for software vulnerabilities within specific phpMyAdmin versions. CVE-2018-12613: Local File Inclusion (LFI) 4.8.0 to 4.8.1

The Metasploit module exploit/multi/http/phpmyadmin_pma_rce automates this exploitation. The bug affects all phpMyAdmin 4.8 branch releases up to and including 4.8.1.

to the phpMyAdmin dashboard using valid or default credentials.

Older versions display the exact version on the main login screen. phpmyadmin hacktricks

Check if /setup/index.php is accessible, which can reveal configuration details. Default Credentials

Similar to general log injection but uses the slow query log. Enable it with:

An authenticated user can execute malicious scripts through the "Insert" tab functionality. CVE-2022-0813 (Information Disclosure):

Before attempting any active exploitation, you must gather information about the target environment. Version Fingerprinting The bug affects all phpMyAdmin 4

Look at the footer of the login page or the main dashboard.

phpMyAdmin is a powerful tool but can become an easy attack vector when exposed, misconfigured, or unpatched. Combining network restrictions, least-privilege database design, strong authentication, diligent patching, and continuous monitoring significantly reduces risk. Administrators should treat phpMyAdmin as a high-risk administration interface and apply defense-in-depth controls accordingly.

HackTricks notes that if an attacker can force a phpMyAdmin client to connect to a malicious MySQL server, they can read local files from the user's machine. CVE-2025-24530: phpMyAdmin XSS Vulnerability - SentinelOne

phpMyAdmin is a widely used, open-source web-based administration tool for MySQL and MariaDB. Due to its popularity and elevated privileges, it is a prime target for penetration testers and attackers. A successful compromise of phpMyAdmin often leads to full database access and, in many cases, remote code execution (RCE) on the underlying server. Check if /setup/index

. Many admins leave this tool exposed to the public internet , which often serves as a primary entry point for attackers Alex tried common credentials like admin:password , but the system was locked. He then checked for the config.inc.php.bak

SELECT '' INTO OUTFILE '/var/www/html/shell.php'; Use code with caution. 2. Routine and Trigger Exploitation

by referencing your session file via the vulnerable parameter. On Linux systems, session files are typically stored in /var/lib/php/sessions/ or /tmp/ :