SecPlusTrainer / Glossary / What is a web shell?
D2 · Threats

What is a web shell?

A web shell is a malicious script uploaded to a web server (via file upload vulnerability or RCE) that provides browser-accessible command execution — persistent backdoor.
Web shells are notoriously hard to detect (small, often obfuscated files). FIM (File Integrity Monitoring) detects new/modified web files. Common in compromised WordPress and Drupal sites. Look for unusual .php files in upload directories.

Related Terms

What is adversarial AI in cybersecurity? What is an aggregation attack? What is anti-forensics? What is an attack surface?
← Back to Glossary Practice Questions →