let’s suppose we have a website that is based on PHP and it allows us to upload a file(image,video, text, and script). and the web server makes a task with the file.
it means if we upload a file, the web server executes it automatically.
so, we can bind a shell into an image file(for example) and upload it into the web server.
•the shell must be in written in PHP in this case.
For example:
we all know about Facebook. it allows us to upload a profile picture. now, we can bind a shell into an image file using ExifTool. later, we can access the web server command prompt or terminal.
By the way, Facebook doesn’t have this kinda vulnerability.
thanks for visiting.