Dl PHP cgi.force_redirect disabled

Rejah Rehim

Published on

02 Jul 2018

1 min read

If cgi_force_redirect is disabled, it will allow attackers to directly call the PHP intercepter. The attacker can misuse this configuration to bypass permissions and access sensitive information from the server. If the PHP interceptor is directly installed into the CGI, then all the requests to the PHP resources will be redirected to the interceptor. Consider if a user requests for http://www.example.beaglesecurity.com/content/page.php, the server will check the permission in /content directory and redirect the user using http://www.example.beaglesecurity.com/cgi-bin/php/content/page.php to the PHP interceptor. If cgi_force_redirect is disabled, an attacker can access to /cgi-bin/php can make access to sensitive information from the server.

Example

The below URL is from a server that didn’t implement cgi_force_redirect.

https://www.example.beaglesecurity.com/cgi-bin/php/somerandomdirectory/main_script.php

The below code is the example of redirection in apache configuration.

        Action php-script /cgi-bin/php
        AddHandler php-main_script .php

Impact

Using this vulnerability, an attacker can:-

manipulate sensitive information
leak sensitive information
gain administrator access to the web application

Mitigation / Precaution

Beagle recommends the following fixes:-

Enable cgi_force_redirect. Compile the below code to PHP.

        --enable-force-cgi-redirect

    

Try to Update PHP to the latest version.

Automated human-like penetration testing for your web apps & APIs

Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Product tour

Written by