Full Disclosure mailing list archives
Re: Amusing xss against some lexmark printers
From: paul.szabo () sydney edu au
Date: Thu, 6 Jan 2011 14:00:14 +1100
... the PJL RDYMSG prank ... can be used to xss the web interface. ... google for 'Lexmark X651de "Device Status" ' ...
Amusing, but not very useful to have an XSS on such a website. The web interface should be locked down, or anyone can lock up your device or read your "fax job log". Cheers, Paul Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Amusing xss against some lexmark printers dave b (Jan 05)
- Re: Amusing xss against some lexmark printers paul . szabo (Jan 05)
- Re: Amusing xss against some lexmark printers Dan Kaminsky (Jan 05)