Here is an interesting approach during a pentest: .htaccess shells

Simply upload the preferred shell as a .htaccess file and then visit the .htaccess file via the url http://domain/path/.htaccess?c=command for remote code execution.

Source: here | Download all examples: here