Phpmyadmin Hacktricks [upd] -

Mastering phpMyAdmin: A Comprehensive Guide to Exploitation, Bypasses, and Privilege Escalation (HackTricks Style)

Reading sensitive files:

SELECT LOAD_FILE('/etc/passwd');
SELECT LOAD_FILE('C:/windows/win.ini');
SELECT LOAD_FILE('/var/www/html/config.php');

Version Detection

• Default login page often reveals version in source code.
• /phpmyadmin/README, /phpmyadmin/Documentation.html, /phpmyadmin/ChangeLog
• /?=phpinfo() if enabled.

5. Indicators of Compromise (IoCs)

• Unexpected connections to /phpmyadmin from unusual IPs or geographies.
• Repeated failed login attempts or brute-force patterns in web logs.
• New or modified files in webroot (web shells named innocuously).
• Unexpected SQL queries: SELECT INTO OUTFILE, LOAD_FILE(), CREATE DEFINER triggers/events, or suspicious EXPORT/IMPORT actions.
• Anomalous database user grants or creation of new administrative users.
• Sudden large data exports or network transfers originating from DB host.

Nmap Scripts

nmap -sV --script http-phpmyadmin-dir-traversal,http-vuln-cve2017-1000251 <target>

Table of Contents

1. Introduction
2. Common PHPMyAdmin Vulnerabilities
3. Hacktricks and Exploitation Techniques
   • 1. Authentication Bypass
   • 2. Arbitrary File Read
   • 3. Code Injection
   • 4. Privilege Escalation
4. Securing PHPMyAdmin
   • 1. Update and Patch
   • 2. Strong Passwords and Authentication
   • 3. Limit Access and IP Restriction
   • 4. Disable Unnecessary Features
5. Conclusion

Detection

• Monitor general_log for suspicious INTO OUTFILE, LOAD_FILE, sys_exec.
• Alert on abnormal phpMyAdmin login times (e.g.,深夜).
• Watch config.inc.php access attempts outside /phpmyadmin.