This is really a nice article, very strait forward and understanding. How will someone upload the shell into website that doesn't have anywhere to upload file. And what is the countermesure an admin go use so attackers will not gain access the the web servers when shell php code is injected or will not be able to work on the server.