478
edits
Changes
mLine 79:
Line 79: − + − +
→Exploits
DS Station's web browser uses NetFront 3.3.
DS Station's web browser uses NetFront 3.3.
Nintendo Zone v3.0 has the URL buffer overflow bug from NetFront 3.3 and DS Station. The NetFront version user agent was removed from the NZone bin, so it's unknown what NetFront version NZone uses. Linux/hostapd compatible box and a NIC supported by hostapd is required.
Nintendo Zone v3.0 has the URL buffer overflow bug from NetFront 3.3 and DS Station, but htmlhaxx is [[#Security|impossible]] to use with NZone due to SSL. The NetFront version user agent was removed from the NZone bin, so it's unknown what NetFront version NZone uses.
A DS Station/NZone exploit has been written by [[User:Yellows8|Yellows8]]. The exploit is only available on Google Code wmb-asm SVN. SVN web interface is available [http://code.google.com/p/wmb-asm/source/browse/#svn/trunk/ds/nzonehtmlhaxx here], SVN URL available [http://wmb-asm.googlecode.com/svn/trunk/ds/nzonehtmlhaxx here.] To use the exploit at home with DS Station, you also need a HTTPS forwarder/proxy, like httpsforwarder available in SVN. This exploit can only be used with html that is transferred over http. All html and content on the NZone server was moved to HTTPS, none of the NZone servers listen on port 80 for http. Although the NZone bin has root CAs for VeriSign, Thawte, Nintendo, and others, NZone rejects all certs not signed by Nintendo which includes VeriSign, Thawte, etc.
A DS Station exploit has been written by [[User:Yellows8|Yellows8]]. The exploit is only available on Google Code wmb-asm SVN. SVN web interface is available [http://code.google.com/p/wmb-asm/source/browse/#svn/trunk/ds/nzonehtmlhaxx here], SVN URL available [http://wmb-asm.googlecode.com/svn/trunk/ds/nzonehtmlhaxx here.] To use the exploit at home with DS Station, you need a Linux/hostapd compatible box and a NIC supported by hostapd. You also need a HTTPS forwarder/proxy, like httpsforwarder available in SVN. This exploit can only be used with html that is transferred over http.
[[File:2010-08-22-161844.jpg|200px|thumb|right|Test NZone haxx, crashed NZone. The EUR server bug exploited here was fixed a couple hours after beginning html injection attacks.]]
[[File:2010-08-22-161844.jpg|200px|thumb|right|Test NZone haxx, crashed NZone. The EUR server bug exploited here was fixed a couple hours after beginning html injection attacks.]]