'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:334764)

Rule General Information
Release Date: 2021-12-20
Rule Name: Cross-site Scripting Detection - In URI 112
Severity:
CVE ID:
Rule Protection Details
Description: Cross-site scripting attack is caused by web application's lack of validation of user input. By submitting the web application script code, attackers can cause malicious code to be executed on the victim's browser, thereby stealing the victim's sensitive information, etc.This rule is used to detect suspicious tags in HTTP request URI.
Impact: Through cross-site scripting attacks, attackers can insert malicious scripts into target websites or bypass access control policies such as same-origin policies to steal sensitive information of victims.
Affected OS: Windows, Linux, Others
Reference:
Solutions
1. Filter and escape the data entered by users to ensure that the input does not contain malicious scripts and will not be interpreted as script code. 2. comply with safe programming specifications, avoid dynamic splicing script code and limit the scope of script execution. 3. Install the repair patch or update software version issued by the relevant manufacturer.