Hacking May all your gauges be Radial.

[optikalsaint]

A crash due to poorly written JavaScript !== ZOMGKernalExploit! The likelihood of this being used to get kernal access (or even have your passwords stolen as suggested above) is very slim. You probably have a greater chance of being punched in the face by a shark that just won the lottery and is wearing a Hawaiian print shirt.

 

[TheZander]

A crash due to poorly written JavaScript !== ZOMGKernalExploit! The likelihood of this being used to get kernal access (or even have your passwords stolen as suggested above) is very slim. You probably have a greater chance of being punched in the face by a shark that just won the lottery and is wearing a Hawaiian print shirt.

I understand you made this comment flippantly with no ill intent however I would like to inform you for future reference that I myself am a Hawaiin Shirt Dressed Shark attack survivor who got away with it because he paid off the right people with his lottery winnings. I never got a cent from him. So please be more aware next time.

 

[optikalsaint]

I understand you made this comment flippantly with no ill intent however I would like to inform you for future reference that I myself am a Hawaiin Shirt Dressed Shark attack survivor who got away with it because he paid off the right people with his lottery winnings. I never got a cent from him. So please be more aware next time.

You have my condolences. I hope one day you get justice.

 

[FaTaL_ErRoR]

Right where the newarray dies one would need to push new instruction.
I dunno maybe something like this??
function go() {
$('<div/>')
.html(new Array(1000).join('text'))
.click(function() { })
}

 

[yahoo]

There is a serious threat to all wii u browser users using the latest firmware.
Radial gauges made in certain ways could allow remote code entry and maybe even corruption of vital software to a user's wii u console.
https://bugs.webkit.org/show_bug.cgi?id=112694
This really should be fixed asap or some webservers containing certain radial gauges may make the wii u prone to data theft and theft of one's personal information.

This is NOT a security bug that can lead to arbitrary code execution. Security bugs are not accessible to the public. For example, this is the webkit bug that was used when the 4.1.0 userland exploit was first leaked: https://bugs.webkit.org/show_bug.cgi?id=113964. Notice how you can't see the details and says you need to log in with the appropriate permissions? The bug that you have found is not serious enough to be flagged as a security issue and that's why you can see the details.

Did you not watch Comex's talk at 30c3? He limited his search for exploits to ONLY the bugs that are hidden from public view because these are the set of bugs that are actually exploitable to execute arbitrary code. This is also the process that MarioNumber1, Hykem, etc have gone through when looking for candidate vulnerabilities. Someone even made a tool and created a thread on this forum to find these bugs.

Please find go find another bug.

 

[FaTaL_ErRoR]

Actually it would depend on if the poster or the patcher decided to block it from public view or limit it to the security teams only.
reguardless the U can't handle what is being sent to it so it shits itself as far as the needle goes. This bug is very exploitable and most of the groundwork is already done on it.
But now I may have another post involving tinysrp. I may include some pics with this one.

 

[optikalsaint]

Actually it would depend on if the poster or the patcher decided to block it from public view or limit it to the security teams only.
reguardless the U can't handle what is being sent to it so it shits itself as far as the needle goes. This bug is very exploitable and most of the groundwork is already done on it.
But now I may have another post involving tinysrp. I may include some pics with this one.

If its exploitable, then please by all means go exploit it. I can assure you it is not exploitable in the sense you think it is.

 

[Mathew_Wi]

Actually it would depend on if the poster or the patcher decided to block it from public view or limit it to the security teams only.
reguardless the U can't handle what is being sent to it so it shits itself as far as the needle goes. This bug is very exploitable and most of the groundwork is already done on it.
But now I may have another post involving tinysrp. I may include some pics with this one.

It doesn't even crash.

 

[yahoo]

Actually it would depend on if the poster or the patcher decided to block it from public view or limit it to the security teams only.
reguardless the U can't handle what is being sent to it so it shits itself as far as the needle goes. This bug is very exploitable and most of the groundwork is already done on it.
But now I may have another post involving tinysrp. I may include some pics with this one.

If you read through the comments in the bug you found, there is a conversation specifically asking the patcher if this is a security issue:
"Are you sure this is not a potential security issue that would need to be backported?" and obviously they agree it is not.

 

[FaTaL_ErRoR]

If you read through the comments in the bug you found, there is a conversation specifically asking the patcher if this is a security issue:
"Are you sure this is not a potential security issue that would need to be backported?" and obviously they agree it is not.

Not what the patcher said at all. They simply said they weren't backporting it to the older versions. And that's because the issue was found so quickly the amount of users that downloaded these versions was a small number and it wasn't worth backporting because of the other major issues previous versions had.
If you'll notice the version of webkit 5.3.2 was on didn't get it's patches backported either otherwise it wouldn't have been exploited in the way it was.
With this particular bug they just patched it quickly and pushed a new version out. If you had access to the security team bugs you would see most of them someone almost always asks that question about aren't you gonna backport this and are you sure this isn't a potential security bug?
It is rarely answered exxept by no I am not backporting it. Mostly because it is just easier to just update because of other bugs and other issues found in those versions.

@ those that talk about exploiting it.
Why on earth would I do that? I am attempting to get this serious threat to wii u users patched. And actually I am linking Nintendo to this post right now.

 

[EmceeKerser]

Not what the patcher said at all. They simply said they weren't backporting it to the older versions. And that's because the issue was found so quickly the amount of users that downloaded these versions was a small number and it wasn't worth backporting because of the other major issues previous versions had.
If you'll notice the version of webkit 5.3.2 was on didn't get it's patches backported either otherwise it wouldn't have been exploited in the way it was.
With this particular bug they just patched it quickly and pushed a new version out. If you had access to the security team bugs you would see most of them someone almost always asks that question about aren't you gonna backport this and are you sure this isn't a potential security bug?
It is rarely answered exxept by no I am not backporting it. Mostly because it is just easier to just update because of other bugs and other issues found in those versions.

@ those that talk about exploiting it.
Why on earth would I do that? I am attempting to get this serious threat to wii u users patched. And actually I am linking Nintendo to this post right now.

Who are you and what are you doing here? Why would you announce an 'exploit' and then immediately tell Nintendo. What's wrong with you

 

[yahoo]

@ those that talk about exploiting it.
Why on earth would I do that? I am attempting to get this serious threat to wii u users patched. And actually I am linking Nintendo to this post right now.

It actually seemed like you were the one talking about exploiting this, bringing this up in a hacking forum. If your intent was to notify Nintendo, why not just contact them directly instead of creating a thread here? You don't want all our gauges to be radial...

 

[EmceeKerser]

Seems like he wanted to show off, and then play the hero. Whats the point of announcing it here if you were just going to contact nintendo.

 

[VinsCool]

Thank you for going onto a hacking forum looking for an exploit, posting about a possible one (that doesn't do a damn thing anyways), then contacting Nintendo about it. Great mindset.

What are we expecting from a guy with an username like his?
TeAm_FaTaL strikes back.