'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

mal_trojan:excessive_fromCharCode(Rule ID:1090210003)

Release Date2025/9/15

Rule NameWebpage-Trojan attacks: Potential Obfuscated Javascript in Output - Excessive fromCharCode

Severity:critical

CVE ID

 

Descripiton

The basic principle of webpage trojan attack is that hackers inject malicious code in the normal page, when users access the page, the user browser parse malicious code returned from site page, and automatic access trojan page designated by hackers. The JavaScript method of fromCharCode is used to decode Unicode values into corresponding strings. Webpage-Trojan attackers will usually statement after encoding to evade detection. This rule will inspect potential obfuscated Javascript in output to prevent JavaScript injection. This rule supports to defend the A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.