Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Amusing xss against some lexmark printers
From: paul.szabo () sydney edu au
Date: Thu, 6 Jan 2011 14:00:14 +1100

... the PJL RDYMSG prank ... can be used to xss the web interface.
... google for  'Lexmark X651de "Device Status" ' ...

Amusing, but not very useful to have an XSS on such a website.
The web interface should be locked down, or anyone can lock up your
device or read your "fax job log".

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault