Phpmyadmin - Hacktricks

phpMyAdmin is a popular web-based administration tool for MySQL and MariaDB databases. It is offered by most hosting providers and can be found on roughly every second website, making it a tempting target for attackers. This guide provides a detailed overview of techniques for identifying, exploiting, and mitigating security weaknesses in phpMyAdmin instances.

: Since phpMyAdmin is a web interface, it is frequently targeted by automated brute-force tools if it is not protected by IP whitelisting or basic auth. Exploitation Techniques Local File Inclusion (LFI)

If secure_file_priv is set (prevents INTO OUTFILE ), use the method:

Check your current privileges:

phpMyAdmin is a powerful tool but can become an easy attack vector when exposed, misconfigured, or unpatched. Combining network restrictions, least-privilege database design, strong authentication, diligent patching, and continuous monitoring significantly reduces risk. Administrators should treat phpMyAdmin as a high-risk administration interface and apply defense-in-depth controls accordingly.

: If defaults fail, attempt a dictionary attack. Note that many environments may lack rate limiting, though some may require a rate-limit bypass using headers like X-Forwarded-For . 2. Post-Authentication Exploitation

SHOW VARIABLES LIKE "secure_file_priv";

SELECT '' INTO OUTFILE '/var/www/html/shell.php'; Use code with caution.

To mitigate these risks, administrators should implement layered security controls.

A well-known vulnerability affecting phpMyAdmin versions 4.8.0 and 4.8.1 (CVE-2018-12613) allows authenticated users to exploit a local file inclusion flaw to achieve remote code execution. The attack does not rely on the file inclusion function itself, but rather on a combination of a double-encoding trick and the PHP wrapper mechanism. phpmyadmin hacktricks

To protect phpMyAdmin, implement the following security measures:

(Administrators should consult official phpMyAdmin documentation, vendor security advisories, and database hardening guides for implementation details and CVE histories.)