A script in a web server that a threat actor uses to maintain persistence in a vulnerable or compromised system. Web shells may be used for other malicious functions by executing attacker input, or used simply as a backdoor. They can be installed on a system by exploiting vulnerabilities. They can be written in any scripting language as long as the web server supports it, though they are commonly written in web development languages such as PHP.
Back to glossary