sanitize your code please...!

few days ago "accidentally" found a few sql injection in one of local ipta web site. I did informed the engineer/developers but no action taken. This morning i requested to do more intensive pen test, and they allowed it with the acknowledgement of IT director.

Managed to penetrate to their internal oracle db, that stores all the confidential informations, enough to proved to them how severe the exploit was. So i send them a reports with sample data gathered and all urls/uris/pages affected to their developers.

The action taken was to blocked/denied my vps static ip address (from where i did the penetration test) instead of repairing their codes that only takes few minutes to repair.

And tonight I still can penetrate through my DSL dynamic connection and it is not just about me , the whole world too...

this is lame guys ... please sanitize your codes...

07th April 2010:

-------------------

latest updates ... they actually blocked my ip only for one reason, my ip is making lots of connection and consuming/slowing down their bandwidth/server ... now the banned has been removed becoz of "miss-understanding" , but still exploitable...

ok enough of this crap i'm not security dude by profession, better concentrate on my own projects from now on...

linux/*nix bash 4.x autocd ..

for those who dont know about latest features in bash 4.x :

sometime you know the folder name but to reach to that folder you need to go from one to another.

eg: /home/project/web/avs/desktop

with bash new autocd you can simply type

cd /home/**/desktop

the double '*' character indicate 'autocd'

same thing when you are frustrated with php, you can simply do:

rm -f /**/*.php

ok, first you must enable the autocd by using the following command:

shopt -s globstar autocd

happy "bash"ing :)

python psycopg2 in imac

I been banging my head making psycopg2 running on this imac with this error trying importing the module:

Symbol not found: _PQbackendPID

after googling around (almost 1 hour exactly), one important thing is about the multi architecture python supported, for this reason u need to specified for python u r using 32 bit with following command:

defaults write com.apple.versioner.python Prefer-32-Bit -bool yes

Build and install your psycopg2 again . And voila, everything works.

Mac OS X if very yummy, but coming from linux/ubuntu world where packages are easily available and almost up to date, this is a little frustration for me.

Oh well, I already fell in love with iMac (been using it for 3 days already :P ), this will be just like the old days for me with linux, where you must do things your self, compile, problem and trouble shoot your self. Things like this will make you bolder.... i mean wiser.

Regards.

- Mac g33k