TL;DR: In the scope of academic research on printer security, various vulnerabilities in network printers and MFPs have been discovered. This is advisory 2 of 6 of the `Hacking Printers' series. Each advisory discusses multiple issues of the same category. This post is about accessing a printers file system through ordinary PostScript or PJL based print jobs -- since decades a documented feature of both languages. The attack can be performed by anyone who can print, for example through USB or network. It can even be carried out by a malicious website, using advanced cross-site printing techniques in combination with a novel technique we call `CORS spoofing' (see http://ift.tt/2jKBog0). ============[ File System Access with PostScript and PJL ]============
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment