Attack Chain

1. Attacker identifies an AiOPMSD Final 1.0.0 instance accessible over the internet.
2. Attacker crafts a malicious SQL injection payload to be delivered via the country parameter.
3. Attacker sends a GET request to country.php with the crafted SQL payload in the country parameter.
4. The application fails to properly sanitize the country parameter input.
5. The unsanitized input is passed directly into an SQL query.
6. The database executes the attacker’s injected SQL code.
7. The attacker retrieves sensitive database information, such as usernames, database names, and version details.
8. Attacker uses the extracted information for further malicious activities, such as gaining unauthorized access to the system or performing data exfiltration.

Impact

Successful exploitation of this vulnerability can allow an attacker to extract sensitive information from the database, including usernames, database names, and version details. This can lead to a complete compromise of the application and its data, potentially resulting in significant financial losses, reputational damage, and legal liabilities. There is no mention of observed damage, specific victim counts, or targeted sectors in the source material.

Recommendation

• Deploy the Sigma rule Detect AiOPMSD SQL Injection Attempt via Country Parameter to your SIEM to detect suspicious GET requests to country.php (see rules).
• Inspect web server logs for GET requests to country.php with suspicious characters in the country parameter, such as SQL keywords and operators (see rules and logsource).
• Apply input validation and sanitization to the country parameter within the AiOPMSD application code to prevent SQL injection (reference CVE-2018-25416).