When we exploit a web server, we usually are able to control it in order to download files or exploit it further. There are many websites that let you upload files such as pictures, Icons, etc. that don't take the proper security measures and allow malicious content to get uploaded to there web server. And people like us exploit it(We are nobel people when we report the vulnerability not gain access and create havoc).
###NOTE: I am not responsible for the damage caused.