To understand where a shell is uploaded in the previously mentioned exploit, we will upload a basic command execution shell manually from the administrator panel.
After exploitation, once we have logged in successfully as an admin, we can upload a shell from the templates menu. The following screenshot shows the administration panel of Joomla:
From the panel's menu, we click on Extensions | Templates | Templates, as shown:
We are redirected to the Templates page, where all the templates currently uploaded are listed, including ...