Back

PHP post_max_size show phpinfo()

By
Febna V M
Published on
02 Jul 2018
1 min read

The post_max_size is a setting that can be viewed through the phpinfo() method. The post-max-size is used to set the maximum size for a single upload to the server. This value can be changed in php.ini. There are many servers that have set post-max-size to higher values, even if the application needs less upload space. The attacker can easily exploit this problem by flooding the server with extremely large post requests. As there are heavy processes running in the server, it won’t be able to respond to client’s requests. This type of attack is called denial of service attacks.

If an application requires large files to serve the client, the application must check the file type and the contents for a potential malicious attack. This setting’s misconfiguration can have an advense effect on the application.

Example

The following code is the example

        post_max_size=200M

Impact

Using this vulnerability, an attacker:-

  • stop the server responses through denial of service attacks.
  • perform code injection attacks.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Set post-max-filesize to low.
        post_max_size=5M /*change according to your application's need*/
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Febna V M
Febna V M
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour