'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:334623)

Rule General Information
Release Date: 2021-12-20
Rule Name: PHP Code Injection Detection - Code Execution Function 4
Severity:
CVE ID:
Rule Protection Details
Description: Code injection vulnerabilities are caused by the application's lax filtering of user input. Attackers can inject code into the server running the application and remotely execute the injected code. This rule is used to detect suspicious PHP code execution functions in HTTP requests.
Impact: With PHP code injection attacks, an attacker can inject code into the server where the application is running and execute the injected code remotely.
Affected OS: Windows, Linux, Others
Reference:
Solutions
1. Filter and escape the data entered by users to ensure that the input does not contain malicious PHP code. 2. use safe apis and functions to execute code, avoid directly splicing user input content as code execution. 3. Conduct regular security audits and tests to find potential code injection vulnerabilities and fix them in time.