News Document Title:
====================
Canadian ISP patched critical database injection bug [FIXED!]


Release Date:
=============
2011-10-04


Laboratory Article:
===================
A SQL Injection vulnerability is detected on canadians isp website. After our second response one of the canadian isp (ca) developers 
fixed the critical issue within 2 hours. The bug allows remote attackers to inject/execute own sql statements/commands over 
a vulnerable applicataion parameter on the main web service. Successful exploitation of the remote sql injection vulnerability can 
result in database management system compromise, dbms access and website manipulations.

Report-Timeline:
================
2011-09-24:	Vendor Notification
2011-10-03:	Vendor Response/Feedback
2011-10-04:	Vendor Fix/Patch
2011-10-04:	Public or Non-Public Disclosure

Advisory: http://www.vulnerability-lab.com/get_content.php?id=282