https://academy.hackthebox.com/module/136/section/1260
File Upload Attacks
Basic Exploitation
Absent Validation
A web shell script allows us to use the backend framework of the website to be able to run system commands. Since this is the case we will need to know what the site is running. One way we can figure out what a site is running is by visiting the /index.<fuzz> page fuzzing for common extensions. or easier just use wappalyzer or built with.