Phpmyadmin Hacktricks Verified ((link)) -

Look at the footer of the login page or check /README or /Documentation.html .

One of the most famous "HackTricks verified" vulnerabilities. In versions 4.8.0 through 4.8.1, a flaw in the page redirection logic allowed for LFI. index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd Attackers combine this with Session File Poisoning : phpmyadmin hacktricks verified

Once you have authenticated access (even as a low-privilege user), your goal is to escalate to the underlying operating system. A. SELECT INTO OUTFILE (The Classic Web Shell) Look at the footer of the login page

Check if the /setup/ directory is accessible. If left unconfigured, it can sometimes be used to trick the application into connecting to a remote, malicious database server. 2. Exploiting Authentication If left unconfigured, it can sometimes be used

Note: This requires the secure_file_priv variable to be empty or pointing to the webroot. B. CVE-2018-12613 (Local File Inclusion)