'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339445)

Rule General Information
Release Date: 2025-09-03
Rule Name: Dongsheng Logistics API GetBANKList SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Dongsheng Logistics Software is a logistics management software developed by Qingdao Dongsheng Weiye Software Co., LTD., integrating multiple functions such as order management, warehouse management, and transportation management. There is an SQL injection vulnerability in the GetBANKList interface of Dongsheng logistics software. Attackers can inject malicious SQL statements by constructing malicious request parameters, resulting in database information leakage, data tampering, and even system privilege escalation. It affects the security and integrity of system data.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.