I have found an endpoint on a website that allow me to upload files. This endpoint didn't have any kind of protection against malicious file upload. So, I uploaded a PHP shell, but the problem is when I visit the uploaded file link, I get download box!
I tried to upload files with .html, .php and .svg but I can't make those files executed on the server. I just get a box asking me to download the file. Just the images extensions are executed like .png and .jpeg.
Is there any way to execute the PHP shell on this server? Because they didn't have any kind of protection on this endpoint, I can upload any malicious file.