The post_max_size is a setting that can be viewed through the phpinfo() method. The post-max-size is used to set the maximum size for a single upload to the server. This value can be changed in php.ini. There are many servers that have set post-max-size to higher values, even if the application needs less upload space. The attacker can easily exploit this problem by flooding the server with extremely large post requests. As there are heavy processes running in the server, it won’t be able to respond to client’s requests. This type of attack is called denial of service attacks.
If an application requires large files to serve the client, the application must check the file type and the contents for a potential malicious attack. This setting’s misconfiguration can have an advense effect on the application.
The following code is the example
Using this vulnerability, an attacker:-
Beagle recommends the following fixes:-