'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

mal_trojan:malicious_iframe_tag(Rule ID:1090210001)

Release Date2025/9/15

Rule NameWebpage-Trojan attacks: Malicious IFrame Tags in Output

Severity:high

CVE ID

 

Descripiton

The basic principle of webpage trojan attack is that hackers inject malicious code in the normal page, when users access the page, the user browser parse malicious code returned from site page, and automatic access trojan page designated by hackers. The iframe tag of the HTML language is used to embed a child page on the current page. Attackers usually use this tag to embed a trojan page into a normal page. This rule will inspect IFrame tags in output to prevent such injection attack. This rule supports to defend the A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.