'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

directory_traversal:directory_traversal_attack_in_parameter_value(Rule ID:1060310003)

Release Date2025/9/15

Rule NameDirectory Traversal Attack In Parameter Value

Severity:high

CVE ID

 

Descripiton

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with ../ sequences or by using absolute file paths, it may be possible to access arbitrary file and directory stored on file system including source code or configuration and critical system files. For details refer to https://www.owasp.org/index.php/Path_Traversal. This rule supports to defend the A5: Broken Access Control and A2: Cryptographic Failures of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.