Wednesday, January 09, 2008

Cross-Site Printing (Printer Spamming)

Update 01.10.2008: Story picked up by Dark Reading and C-Net.

Aaron Weaver has been doing a lot of intranet hacking research since late last year, especially in the area of printers and fax machines. He’s figure out a clever way using CSRF to issue PostScript commands (via port 9100) and print out custom ascii art. Fun, fun! Imagine visiting some random Web page and your network printer starts going off on its own. Cross-Site Printing.

No comments: