Note: This requires the secure_file_priv variable to be empty or pointing to the webroot. B. CVE-2018-12613 (Local File Inclusion)

Check if the /setup/ directory is accessible. If left unconfigured, it can sometimes be used to trick the application into connecting to a remote, malicious database server. 2. Exploiting Authentication

Run SELECT ''; to store the shell in your session file. Find your session ID (from the phpMyAdmin cookie).

Look at the footer of the login page or check /README or /Documentation.html .