'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339972)

Rule General Information
Release Date: 2026-05-06
Rule Name: Suspicious File Upload Detection - .htacsess
Severity:
CVE ID:
Rule Protection Details
Description: File upload vulnerability refers to the user file upload function processing defects, resulting in users can upload to the server executable dynamic script files. This rule is used to detect suspicious .htaccess file uploads in HTTP requests.
Impact: Successful exploitation allows an attacker to bypass file upload restrictions and WAF filters, upload and execute arbitrary PHP code on the server, gain complete system control, steal sensitive data, and perform lateral movement in the network.
Affected OS: Linux, Windows
Reference:
Solutions
Disable .htaccess file uploads in the web server configuration. Implement strict file upload validation including checking file contents, not just extensions. Restrict write permissions to web directories. Use a whitelist approach for allowed file types. Monitor for suspicious .htaccess file uploads and modifications.