I'm trying out random older WordPress exploits on my local server, I'm currently in the process trying to get this one to work:
https://www.exploit-db.com/exploits/20083/
It doesn't read any headers, just seems to filter file extensions. I am able to upload {Filename}.php.jpg files as mentioned in the specified URL above. But what caught my curiosity was;
Plugin does not properly filter filetypes, which allows for the upload of filetypes in the following format:
filename.php.jpg
Vulnerable hosts will serve such files as a php file, allowing for malicious files to be uploaded and executed.
Opening the JPG just makes my browser throw an error, not seeing it as a valid image.
Which leads me to my question
Why would a server ever serve a JPG as PHP? (without editing .htaccess or php require())?