Browse Source

Merge branch 'gh-pages' into master

pull/3/head
c? 2 years ago
parent
commit
96cf5e6c24
8 changed files with 972 additions and 14 deletions
  1. 1
    0
      CNAME
  2. 11
    11
      index.html
  3. 239
    0
      payload/delta0.html
  4. 239
    0
      payload/delta1.html
  5. 1
    0
      payload/delta2.html
  6. 239
    0
      payload/delta3.html
  7. 239
    0
      payload/delta4.html
  8. 3
    3
      payload/exploit.html

+ 1
- 0
CNAME View File

@@ -0,0 +1 @@
cg.stupiid.ovh

+ 11
- 11
index.html View File

@@ -1,28 +1,28 @@
<title>stUpiidhax</title>
<title>stUpiidhax cg</title>
<style>
.align{text-align:center;}
body{background:#222;color:#fff;}
a{color:009ac7;}
</style>
<div class="align">
<h2>stUpiidhax: Wii U 5.5.2 browser pwn</h2>
<h2>stUpiidhax: Wii U 5.5.2 browser pwn (cg version)</h2>
<a href="payload/exploit.html"><h1>Exploit</h1></a>
<h2>
<a href="payload/exploit.html?delta=0">0</a>
<a href="payload/exploit.html?delta=1">1</a>
<a href="payload/exploit.html?delta=2">2</a>
<a href="payload/exploit.html?delta=3">3</a>
<a href="payload/exploit.html?delta=4">4</a>
<a href="payload/delta0.html">0</a>
<a href="payload/delta1.html?delta=1">1</a>
<a href="payload/delta2.html?delta=2">2</a>
<a href="payload/delta3.html?delta=3">3</a>
<a href="payload/delta4.html?delta=4">4</a>
</h2>
If you're getting really demoralized and want another gateway to try, <a href="http://cg.stupiid.ovh/">give the cg version a shot</a> at cg.stupiid.ovh<br/>
If you're in Europe and it's not working, try <a href="http://eur.stupiid.ovh/">this European gateway</a> at eur.stupiid.ovh<br/>
<a href="http://stupiid.ovh/">Back to the main gateway</a><br/>
Remember to purchase and download your Haxchi compatible VC to the internal storage before doing the exploit if you want to install Haxchi. It would suck if it finally worked but you couldn't install Haxchi.<br/>
Try the big exploit button a few times first. Clearing your browser save data or choosing another delta might also help. The important thing is to <b><i>just keep trying</i></b>!
<br/>
<br/>
<br/>
<br/>
This service provided by <a href="https://twitter.com/ColtonDRG">ColtonDRG</a>. <a href="https://github.com/coltondrg/stupiidhax">Source for this site</a>.<br/>
This service provided by <a href="https://twitter.com/ColtonDRG">ColtonDRG</a> | <a href="https://github.com/coltondrg/stupiidhax">Source for this site</a><br/>
Unfathomable stupidity: cg method discovered accidentally by <a href="https://twitter.com/CreaTion_DG">Creation_</a> and researched by <a href="https://twitter.com/ColtonDRG">ColtonDRG</a><br/>
All the real work was done by the <a href="https://gbatemp.net/threads/webhack-on-5-5-2.480938/">the smart people on this thread's OP</a><br/>
git commit <!--#include file="commit.html" -->
git branch gh-pages
</div>

+ 239
- 0
payload/delta0.html
File diff suppressed because it is too large
View File


+ 239
- 0
payload/delta1.html
File diff suppressed because it is too large
View File


+ 1
- 0
payload/delta2.html View File

@@ -0,0 +1 @@
exploit.html

+ 239
- 0
payload/delta3.html
File diff suppressed because it is too large
View File


+ 239
- 0
payload/delta4.html
File diff suppressed because it is too large
View File


+ 3
- 3
payload/exploit.html View File

@@ -3,12 +3,12 @@ Tested on 5.5.1
CVE-2013-2857
Use after free https://bugs.chromium.org/p/chromium/issues/detail?id=240124
Result: Bug is present, crash
--><!--#set var="delta" value="0" --><!--#if expr="$QUERY_STRING = /delta=([a-zA-Z0-9]+)/" --><!--#set var="delta" value="$1" --><!--#endif -->
-->
<script>
function UaF(a)
{
//Warning, the delta was modified !
var delta = 0x0<!--#echo var="delta" -->000000; //from 0x0 to 0x04000000 step by 0x01000000
var delta = 0x00000000; //from 0x0 to 0x04000000 step by 0x01000000
var OS_Exit = 0x0101cd80;
var pivotAdress = 0x010ADDCC;
//5.5.2
{

Loading…
Cancel
Save