I finally got mine working. I'll try to explain the best I can.
First, in regards to what you should use to self-host, use the folder from this link:
https://github.com/JumpCallPop/WiiUTest/archive/b558dffdf0fa6dbb5989e26132573b9677785602.zip
Unzip that, and then do what you've been doing, startServer.bat.
If it doesn't work, try changing the delta. You can do that by going to the "payload" folder, and opening exploit.html with an editing software like Notepad.
Near the very top you'll see something like this.
Code:
<script>
function UaF(a)
{
//Warning, the delta was modified !
var delta = 0x00000000; //from 0x0 to 0x04000000 step by 0x01000000
var pivotAdress = 0x010ADDCC;
var pivotAdressAdress = 0x1B100000; //r6
var payloadAdress = 0x1D000000 + delta;
var codegenAddress = 0x01800000;
var sizeWebCoreImageLoader = 0x18;
var sprayCount = 0x1900;
var _4K = 0x1000;
var _16K = 0x4000;
The line "
var delta = 0x00000000;" is what you'll be editing; That is the delta. You have the option to change it from 0x00000000 to the following numbers:
Code:
0x00000000
0x01000000
0x02000000
0x03000000
0x04000000
What works or not seems to be random, but I found that for me, 0x04000000 has been consistent in its success. Ideally, what you want to see that'll let you know you've successfully got in, is the browser fading somewhat, and then a transition to the Wii U logo on the bottom right, similar to how the Browser Exploit transitioned to the Homebrew Launcher. If it doesn't do that, in that the browser just freezes with no fade at all, it's a failure, so try it again.