'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:334576)

Rule General Information
Release Date: 2021-12-20
Rule Name: Windows Command Injection Detection - route Echoing
Severity:
CVE ID:
Rule Protection Details
Description: The command injection vulnerability is caused by the application not filtering user input strictly. An attacker can execute arbitrary operating system commands on the server running the application by stitching system commands. This rule is used to detect suspicious Windows command route echo messages in HTTP response.
Impact: Attackers attack through Windows command injection, which can splice system commands and execute arbitrary operating system commands on the server.
Affected OS: Windows
Reference:
Solutions
1. Filter and escape the data entered by users to ensure that the input does not contain malicious commands. 2. Use safe API to execute system commands, avoid directly splicing user input content as command execution. 3. Perform security configuration for the system, including but not limited to restricting user rights and updating system patches.