Tests:
1. Log in to PMA and select database:
http://localhost/PMA/index.php?db=test&token=25a6ce9e288070bd28c3f9aebffad1b8
2. select one table from database by using checkbox and then select
"Replace table prefix" from select control "With selected:".
3. We can see form named "Replace table prefix:" with two input fields.
Type "/e%00" to the "From" field and "phpinfo()" to the "To" field.
4. Activate Tamper Data Firefox add-on:
https://addons.mozilla.org/en-us/firefox/addon/tamper-data/
5. Click "Submit", Tamper Data pops up, choose "Tamper".
6. Now we can modify POST request. Look for parameter "from_prefix".
It should be "%2Fe%2500", remove "25", so that it becomes "%2Fe%00".
Click "OK" and Firefox will send out manipulated POST request.
7. We are greeted by phpinfo function output - code execution is confirmed.