i saw a video that teach how to spawn a shell via phpMyadmin,but there is some problem how can i find a vulnerable server.so in this post i’ll tell u how to find your target,hack it and own the target.especially find phpMyadmin vulnerable server.

so this is the step and first we must answer the questions :

1. HOW I FIND VULNERABLE SERVER?? the answer is pretty easy : google dork google dork is a technique by inserting some sintak to find exactly what you looking for. here’s the dork:

intitle:phpmyadmin "Welcome to phpMyadmin ***" "running on * as root@ *"

More…you will find a lot of phpmyadmin server that you can run as root.you must try one by one, some server with good security will denied your act. maybe when you try to make a database or else.

2.HOW I CAN SPAWN A SHELL ??

this step more complicated than the first one.like i said before you must try the server one by one.the case is you must find server with you can create a database and the phpinfo is turn on.and when you find one.do this step

2.1 create one data base just with one field

2.2 field type “text”

2.3 insert this code to the field

code :Rooting PHPMyadmin with Google Dork and Spawn a Shell [Repost]

this code will spawn a shell via php when it’s executed.

2.4 run sql command :

SELECT * FROM `YourTableName` INTO OUTFILE 'C:/ServerFilePath/cmdScript.php'

“C:/serverfilepath” is the path server STORAGE example : ‘C:/xampp/htdocs “cmdScript.php” is the name of our code that has been executed.it’s an output. (.exe)

2.5 HOW TO RUN IT??

just open the server example 140.127.45.18/phpMyAdmin/cmdScript.php you will have your own command prompt at that server via php.!! so better you decide what do you want to do next..can you??hope this tutorial useful.