... an attacker uses to control a typical PHP-based web shell, called
wwwolf’s PHP web shell. The shell is a good example of the simplicity of these tools. The web shell is installed on a web server either through exploitation or by taking advantage of a server misconfiguration. Once the script has been uploaded, all the attacker has to do is visit the URL (e.g., example.com/subdirectory/webshell.php), after which they can issue server commands or upload files right from the web browser.