'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

mal_trojan:img_camouflage(Rule ID:1090210008)

Release Date2025/9/15

Rule NameWebpage-Trojan attacks: Potential Obfuscated the image camouflage

Severity:critical

CVE ID

 

Descripiton

The basic principle of webpage trojan attack is that hackers inject malicious code in the normal page, when users access the page, the user browser parse malicious code returned from site page, and automatic access trojan page designated by hackers. The img tag is used to load pictures. Attackers can inject img tags into a normal page and set the picture address to a trojan address, which is used when a user accesses a normal page to load a trojan horse. This rule prevents the normal user from being attacked by an attacker disguised an image by checking the extension of the file specified by the ima tag in the server response content. This rule supports to defend the A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.