Once you access the login page, look for:
mysqldump -u root -p --all-databases > dump.sql phpmyadmin hacktricks
Try common config.inc.php credentials if the setup allows http or cookie auth without a password check. Once you access the login page, look for:
/setup/index.php (Can allow re-configuration if left unprotected) /phpmyadmin/setup/ /.git/ or /.svn/ 2. Authentication Bypass and Credential Hunting Once you access the login page
In phpMyAdmin 4.8.0–4.8.1, a backdoor allows remote code execution via the $cfg['AllowArbitraryServer'] setting.
Check it live: