'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

inject_xpath:xpath_quote(Rule ID:1020310005)

Release Date2025/9/15

Rule NameXPath special symbol detected-2

Severity:high

CVE ID

 

Descripiton

Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is used by attackers to introduce code into a vulnerable computer program and change the course of execution. The result of successful code injection is often disastrous. XPath injection can introduce malicious XPath code into URLs, forms and other items, and help attackers have access to permission and change the permission. This rule will inspect special symbol in HTTP request to prevent the potential XPath injection. This rule supports to defend the A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.