'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339981)

Rule General Information
Release Date: 2026-05-06
Rule Name: Twig Template Engine SSTI Injection Attack Detection
Severity:
CVE ID:
Rule Protection Details
Description: This rule detects Server-Side Template Injection (SSTI) attacks targeting Twig template engine. The attacker sends GET requests with malicious URL parameters containing Twig template syntax. When server processes the template, it executes the injected command, allowing attackers to run arbitrary system commands on the target server.
Impact: Successful exploitation allows an attacker to execute arbitrary system commands on the target server, leading to complete system compromise, data theft, and further lateral movement. The attacker can gain privileges of the vulnerable application and potentially escalate privileges to SYSTEM level.
Affected OS: Linux, Windows, Others
Reference:
Solutions
Implement proper input validation and sanitization for all user inputs including URL parameters. Use a whitelist approach for allowed template syntax. Disable or restrict dangerous template functions and methods. Implement proper sandboxing for template execution. Monitor for suspicious SSTI activities.