c99shell.php is hacking tool like backdoor. if the file is uploaded on website ,attacker can control the server.
I’ve tried other cases (for instance .php.png or other) . changed file extension of pictures can use like upside way. it’s very old attack method ,I think you should check and investigate it for filtering 🙂
p.s When we upload on “file upload of main wordpress”, php.jpg file changed like php_.jpg. under bar added behind ‘php’ and the php file can’t be excuted as a php file.
Thank you
Donghyun
