Type your comment> @leihyunzhang said:
Type your comment> @LMAY75 said:
If you were to go into your terminal and type
/bin/python3
It would open the python interpreter. Likewise, going to /uploads/???.php would execute your shell. You are making calls to the file in both instances, just one is being done remotely.
Thats kind of a simple explaination, Taz eludes to reasons files will not execute but it gives you the gist of it.
Really what I am getting at is that a webserver is no different than your machine or mine. The only change is port 80 is exposed.
I don’t think this is a correct explanation. When we put something in address bar and press go, a GET request is sent. The server then handles it and returns the answer. It’s not a command execution per se. It may, e.g., be a REST address without any corresponding files for it. What I expect is that what is under uploads folder is just downloaded without considering what type it is. But it seems that the server runs it if it is a php file. I assume that it is a mis-configuration of the server.
As I said it is a gross oversimplification of what happens, however for a visual example provides a good enough representation at a basic level.
It would also depend on what is being called. Sometimes through directory traversal it is possible to interact with executables directly.
But yes, for a php file the execution is handled by php on the server. However that is not a misconfiguration php is behaving exactly as it should.