Phpmyadmin Hacktricks 〈1080p 2025〉
For a sysadmin, it’s a tool. For a pentester, it is often the endgame .
We compile a MySQL extension (UDF) that runs OS commands. phpmyadmin hacktricks
Published by: Security Tinkerer Reading time: 6 minutes For a sysadmin, it’s a tool
If you have FILE privileges or root access to MySQL, you can force the server to write PHP code into its own error log, then include that log via a Local File Inclusion (LFI). For a sysadmin
SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file = '/var/www/html/hack.php'; SELECT '<?php phpinfo(); ?>'; Now, visiting http://target.com/hack.php executes your code. This is loud but extremely effective. You have root MySQL access, but you are a low-privilege OS user. How do we escalate?
This post is for educational purposes and authorized security testing only.
For a sysadmin, it’s a tool. For a pentester, it is often the endgame .
We compile a MySQL extension (UDF) that runs OS commands.
Published by: Security Tinkerer Reading time: 6 minutes
If you have FILE privileges or root access to MySQL, you can force the server to write PHP code into its own error log, then include that log via a Local File Inclusion (LFI).
SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file = '/var/www/html/hack.php'; SELECT '<?php phpinfo(); ?>'; Now, visiting http://target.com/hack.php executes your code. This is loud but extremely effective. You have root MySQL access, but you are a low-privilege OS user. How do we escalate?
This post is for educational purposes and authorized security testing only.