Opera Exploit JPG Overflow - MyloForums

**Sharry** · **Opera Exploit JPG Overflow -** 02-01-07, 06:58

Possible browser hack (instrutions are similar to this post). We want a way to exploit the Opera browser so we can further exploits with the filesystem. Similar to the TIFF overflow exploit with the PSP.

1) Visit here http://myloshare.net/serve/exploit1.html on your Mylo
2) When you're there and all loaded, hit the 'Option' key & press 'Save Page'.
3) Press ok on the next page.

[The Mylo will save this page to the Mylos internal HDD under:
WEBPAGE/SAVEDPAGE/00000000 (unless you have already saved other pages, & then it'll be the last in folder, eg, 00000009.]

You will have download & extract this file (contains the JPGs and HTML files used in exploit) and place it into your WEBPAGE/SAVEDPAGE/00000000 <-- OR largest no in folder.

To view this saved page on the Mylo, go to the Main Menu > Web > Saved Pages > Mylo Opera Exploit Test & press OK.

-----
The HTML page contains 3 HTML links & 1 SVG page. The HTML pages only consist of 1 JPG image (DHT marker on jpeg locatead after 0xFF 0xC4 in jpeg Headers).

The bottom 2 image links make my Mylo crash & throw up an error. I understand its not much at this moment in time, but its a start.

The error it throws up:

Error
A system error occured. Turn the unit off and then on again. (11-web)

-----

Thanks to:
http://milw0rm.com/exploits/3101
http://www.ps2-scene.org/forums/showthread.php?t=51603
http://labs.idefense.com/intelligenc...lay.php?id=457

Dude4God · 02-02-07, 02:40

Thats a step in the right direction, keep up the good work. I'd help you out if i had any idea what i was doing.

jonathan95123 · 02-02-07, 03:45

not to rain on ur parade, but i dontt hink it works with v.1.2

richyrich · 02-02-07, 05:56

woah good job!

hope it does work on the 1.2

crater · 02-03-07, 06:15

Here's the thing, Generaly, the first discovery of an exploit is just going to hard crash.. this is more likely an error, that COULD have been an overflow, but has been patched with a check, since the MYLO throws up an error instead of just switching off/freezing.

crait · 07-15-09, 06:45

Can you recreate this?
I've been trying to find a compiled JPEG but I can only find the source code.

**Sharry** · 07-15-09, 08:45

Updated links in 1st post, please try again.

crait · 07-15-09, 10:27

Okay, I was able to compile the JPG myself using a hex editor. When I viewed it in the Web browser, it didn't show an error. I thought I was doing it wrong.
I compared your images with mine with a hex editor and it shows that they're identical..
On my desktop, it can display mine but neither of yours..
My questions for you is...
How'd you get these images?
How'd you make them?
What are the differences between the two?

**Sharry** · 07-16-09, 01:22

Have you tried them on the Mylo?

See the 'thanks to' links in 1st post to see where I got them from.

crait · 07-16-09, 03:26

ps2-scene.org is no longer a valid website.
...

I checked that a while back and couldn't find the thread you've posted..