Users upload data. No matter what web application they are using, most of them needs data to be uploaded. Normally users upload images, text files, documents, pdf and more.
Hand made malicious requests can be done in order to bypass the security provided by the webserver and/or PHP validator.
Some specific malicious requests could allow to upload hidden files like web shells or spam senders.
The next are the codes that you can find in Pyxsoft GUI blocking the uploads:
|PE||Request Body Processor Error|
|DB||Data Before||We have seen this flag when attackers include hidden files in uploads.|
|IQ||Invalid Quoting||Triggered when uploaded files have an aphostrophe (‘).
If you expect this kind of file names IQ can be disabled as a blocking test in Pyxsoft Settings.
|IF||Invalid Header Folding|
|FE||File Limit Exceeded|
Each test can be enabled or disabled as a blocking test in Pyxsoft Settings.
We recommend all tests enabled and if necessary, you can disable IQ test.