Dl PHP cgi.force_redirect disabled

If cgi_force_redirect is disabled, it will allow attackers to directly call the PHP intercepter. The attacker can misuse this configuration to bypass permissions and access sensitive information from the server. If the PHP interceptor is directly installed into the CGI, then all the requests to the PHP resources will be redirected to the interceptor. Consider if a user requests for http://www.example.beaglesecurity.com/content/page.php, the server will check the permission in /content directory and redirect the user using http://www.example.beaglesecurity.com/cgi-bin/php/content/page.php to the PHP interceptor. If cgi_force_redirect is disabled, an attacker can access to /cgi-bin/php can make access to sensitive information from the server.

Example

The below URL is from a server that didn’t implement cgi_force_redirect.

https://www.example.beaglesecurity.com/cgi-bin/php/somerandomdirectory/main_script.php

The below code is the example of redirection in apache configuration.

        Action php-script /cgi-bin/php
        AddHandler php-main_script .php

    

Impact

Using this vulnerability, an attacker can:-

  • manipulate sensitive information
  • leak sensitive information
  • gain administrator access to the web application

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Enable cgi_force_redirect. Compile the below code to PHP.
        --enable-force-cgi-redirect

    
  • Try to Update PHP to the latest version.

Latest Articles