PHP post_max_size show phpinfo()

By
Febna V M
Published on
02 Jul 2018
1 min read
Vulnerability

The post_max_size is a setting that can be viewed through the phpinfo() method. The post-max-size is used to set the maximum size for a single upload to the server. This value can be changed in php.ini. There are many servers that have set post-max-size to higher values, even if the application needs less upload space. The attacker can easily exploit this problem by flooding the server with extremely large post requests. As there are heavy processes running in the server, it won’t be able to respond to client’s requests. This type of attack is called denial of service attacks.

If an application requires large files to serve the client, the application must check the file type and the contents for a potential malicious attack. This setting’s misconfiguration can have an advense effect on the application.

Example

The following code is the example

        post_max_size=200M

    

Impact

Using this vulnerability, an attacker:-

  • stop the server responses through denial of service attacks.
  • perform code injection attacks.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Set post-max-filesize to low.
        post_max_size=5M /*change according to your application's need*/

    

Written by
Febna V M
Febna V M
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days