If cgi_force_redirect is disabled, it will allow attackers to directly call the PHP intercepter. The attacker can misuse this configuration to bypass permissions and access sensitive information from the server. If the PHP interceptor is directly installed into the CGI, then all the requests to the PHP resources will be redirected to the interceptor. Consider if a user requests for http://www.example.beaglesecurity.com/content/page.php, the server will check the permission in /content directory and redirect the user using http://www.example.beaglesecurity.com/cgi-bin/php/content/page.php to the PHP interceptor. If cgi_force_redirect is disabled, an attacker can access to /cgi-bin/php can make access to sensitive information from the server.
The below URL is from a server that didn’t implement cgi_force_redirect.
The below code is the example of redirection in apache configuration.
Using this vulnerability, an attacker can:-
Beagle recommends the following fixes:-