'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339680)

Rule General Information
Release Date: 2025-12-02
Rule Name: SQL Injection Detection - Suspicious Query Statement 36
Severity:
CVE ID:
Rule Protection Details
Description: SQL injection vulnerability is caused by the web application's lack of validation of user input. Attackers submit sql statement to change the execution logic of background sql query, so as to obtain sensitive information or upload webshell. This rule is used to detect suspicious SQL query statements.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
1. Filter and escape the data entered by the user to ensure that the input does not contain malicious SQL code. Use parameterized queries or precompiled statements to avoid concatenating user input directly into SQL statements. 3. Make sure that the application connects to the database with the principle of least privilege, and avoid using the database account with too high privilege to perform unnecessary operations.