'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:334421)

Rule General Information
Release Date: 2021-12-20
Rule Name: PHP File Include Vulnerability - require Function
Severity:
CVE ID:
Rule Protection Details
Description: The file inclusion vulnerability is caused by a lack of verification of user input in web applications. Successful exploitation can read local files or execute PHP code on remote hosts. This rule is used to detect suspicious PHP file containing function call behavior in HTTP requests, which may lead to file inclusion vulnerability exploitation.
Impact: Attackers include vulnerabilities through PHP files that can read system files or remotely execute PHP code on the host.
Affected OS: Windows, Linux, Others
Reference:
Solutions
1. Filter and escape the user input data to ensure that the input content does not contain malicious file paths. 2. Use the allowlist to limit the file path. 3. try to use safe inclusion functions to avoid repeated inclusion of security problems.