Does the user have the privileges to do that?

Many interfaces to SQL like the PHP mysql functions simply do not allow multiple statements in a single query.

Yep the user have all privileges. Thanks @dloser Have some method to bypass it?

Find another vulnerability? :p

I will use this like username

'"; mysqli_query($con, "INSERT INTO `user` (`username`, `password`) VALUES ('test', 'test');");//

and the query will create a new mysqli_query

$sql = "SELECT * FROM `user` WHERE `username`=''"; mysqli_query($con, "INSERT INTO `user` (`username`, `password`) VALUES ('test', 'test');");//' AND `password`='$password';";

lol

Thanks, I’m making some scripts to test.

Well, you wouldn’t be the first to try it. That I can assure you. shakes head

;)

PHP injection don’t work in this case lol

From my experience - most websites have PMA in the same directory tree (ex. www.sitename.com/phpmyadmin), so it is actually better to find voulnerabilities in the site itself - SQL injections, Shell injections etc. Past month I’ve been studying Vega and I suggest you to try it out too. It will sniff the target for vulnerabilities and if it finds, for ex., SQL or SHELL injection area, you can try to inject in specified area and get the access to whole database/s and even more.
Also, if you do find voulnerable SQL injection area, try using SQLMap. It’s basic, but it’s worth a try.

P.S. This indian guy posted another, very basic and easy way to get access to PMA via login form. Video is little bit annoying and slow, but funny. You will get the idea. :D

Best of luck @bolofecal and I hope you are doing this for learning purpose :D haha

If I recall correctly MySQL supports stacked queries but PHP’s API does not (PHP-MySQL combination).
So you can’t inject stacked queries like that.

And your php injection attempt was funny :p