Hacking Suggestion CVE-2016-4622 (WebKit code execution) + Reverse TCP = ?

[NexoCube]

Let's hope this exploit can be used to run some homebrew.

We need to find a writeable JIT area where we can put our binary in. Then jump to it. As the "web browser" is using a Webkit, it means Javascript and it means JIT

--------------------- MERGED ---------------------------

Just wanted to give some test results:

Firstly, line 70 of the HTML (the SHELLCODE variable) was missing some commas. I added those back in and got the "JSC version not vulnerable" message.

Secondly, even after bypassing the vulnerability check manually, nothing really happens. The only thing that pops up is the "Script execution is taking a long time" message. I've hit continue about 10 times now and nothing has happened. No netcat connection, no freeze, no crash; nothing.

Basically, this exploit can't be used on the Switch. The JS engine isn't vulnerable to this particular exploit.

You are probably right, or it means, it needs some modification to work on Switch

 

[ZiggyDeer]

Firstly, line 70 of the HTML (the SHELLCODE variable) was missing some commas. I added those back in and got the "JSC version not vulnerable" message.

Oops, I was doing that part really quickly, thanks for noticing that.

Secondly, even after bypassing the vulnerability check manually, nothing really happens. The only thing that pops up is the "Script execution is taking a long time" message. I've hit continue about 10 times now and nothing has happened. No netcat connection, no freeze, no crash; nothing.

Basically, this exploit can't be used on the Switch. The JS engine isn't vulnerable to this particular exploit.

Ah well, thanks for trying it though! Editing that JS code is beyond my league, so unless somebody else takes over, I don't think this exploit will be effective.