How to upload a shell in Magento


After getting Magento admin credentials, you will need to upload a shell. You can do that by uploading a Magento package containing the PHP shell.

You can download the package from here:



In the package files, place your shell in the following path here, put your malicious shell inside the “IndexController.php” file.



The next step is to go to, then upload your package from the direct package file upload form here:

Magento Connect manager

You will get a message like that after a successful upload:

Magento package uploaded

In the end, you can access your shell by visiting the following link:

Enjoy! 🙂

Leave A Reply

Your email address will not be published.