Tuesday, April 27, 2010

DJango Models

somehow i prefer to group all my models in one folder, however in django when u create your app, the models is inside your app folder.

# python manage.py startapp dummy
# ls dummy
__init__.py models.py tests.py views.py

in order put all apps models in a single folder structure what u need to do is as follow:

# create your model folder inside your project - i named it models
 mkdir models

# edit your models and add a meta class a follow 
class Meta:
    app_label = "appName"

# and import it your models in models/__init__.py file
from modelfile import yourmodel

Thursday, April 15, 2010

Having fun with extjs 3.2 ...

Actually this is a snippet of development project I'm handling right now. Using Extjs 3.2.0 on the client side and Django/Python on the server side. Took me 2 weeks to come out with all this layout and forms. What can i say, this is my first encounter with it, and it is quite fun.

Tuesday, April 6, 2010

sanitize your code please...!

few days ago "accidentally" found a few sql injection in one of local ipta web site. I did informed the engineer/developers but no action taken. This morning i requested to do more intensive pen test, and they allowed it with the acknowledgement of IT director.

Managed to penetrate to their internal oracle db, that stores all the confidential informations, enough to proved to them how severe the exploit was. So i send them a reports with sample data gathered and all urls/uris/pages affected to their developers.

The action taken was to blocked/denied my vps static ip address (from where i did the penetration test) instead of repairing their codes that only takes few minutes to repair.

And tonight I still can penetrate through my DSL dynamic connection and it is not just about me , the whole world too...

this is lame guys ... please sanitize your codes...

07th April 2010:
latest updates ... they actually blocked my ip only for one reason, my ip is making lots of connection and consuming/slowing down their bandwidth/server ... now the banned has been removed becoz of "miss-understanding" , but still exploitable...

ok enough of this crap i'm not security dude by profession, better concentrate on my own projects from now on...