Originally Posted by dutchmandonpedro View Post
This is really a nice article, very strait forward and understanding. How will someone upload the shell into website that doesn't have anywhere to upload file. And what is the countermesure an admin go use so attackers will not gain access the the web servers when shell php code is injected or will not be able to work on the server.

If you're lucky you coud find a text/pict editor to post,that will allow you to upload a jpg,not a php shell. However..you can rename your php shell to somethink like shell.php;jpg. There are many other ways i cant remember right now