'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

mal_webshell_msc:c99_shell_1(Rule ID:1090410011)

Release Date2025/9/15

Rule NameC99 Webshell Attack Attempt (Quick Launch)

Severity:high

CVE ID

 

Descripiton

WebShell is a kind of command execution envrionment which is in the form of Web page files like asp, php, jsp, cgi, etc. WebShell is also known as backdoor of websites because it helps to obtain a certain operation permissions to Web servers. WebShell can not only be used to manage websites and Web servers for administrators, but also be used by invaders to control Web server maliciously. This rule inspects arguments in HTTP request to find out and prevent WebShell attack attempt. This rule supports to defend the A7: Identification and Authentication Failures of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.