Web shell

[1][2][3] Using network monitoring tools, an attacker can find vulnerabilities that can potentially allow delivery of a web shell.

[4] They are commonly used for: Web shells give hackers the ability to steal information, corrupt data, and upload malwares that are more damaging to a system.

The issue increasingly escalates when hackers employ compromised servers to infiltrate a system and jeopardize additional machines.

Web shells are also a way that malicious individuals target a variety of industries, including government, financial, and defense through cyber espionage.

One of the very well known web shells used in this manner is known as “China Chopper.”[6] Web shells are installed through vulnerabilities in web application or weak server security configuration including the following:[2][4] An attacker may also modify (spoof) the Content-Type header to be sent by the attacker in a file upload to bypass improper file validation (validation using MIME type sent by the client), which will result in a successful upload of the attacker's shell.