'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

mal_trojan:malicious_iframe_javascript_tag(Rule ID:1090210002)

Release Date2025/9/15

Rule NameWebpage-Trojan attacks: Malicious IFrame/JavaScript Tags in Output

Severity:high

CVE ID

 

Descripiton

The basic principle of webpage trojan attack is that hackers inject malicious code in the normal page, when users access the page, the user browser parse malicious code returned from site page, and automatic access trojan page designated by hackers. Attackers can invoke a remote JS script via the iframe tag and embed a trojan page into a normal page. This rule will inspect IFrame and JavaScript tags in output to prevent such injection attack. This rule supports to defend the A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.