Web shells are malicious script files that provide read, write, and/or execution capabilities to a hacker. Web shells are "implanted" through a vulnerability in a web application and allows the attacker to upload a script file on the server. If the script file is dropped in a directory accessible from the internet, then the attacker can use the web shell as a backdoor into the targeted web application and any connected systems to execute additional commands.
Web shells can be used to deliver and execute malicious content; rewrite script, protocols, or files; or generate fake news, malware content, or malicious links.