This Metasploit module exploits a path traversal issue in possibly the entire HP network-enabled printer series, especially those which enable the Printer Job Language (aka PJL) command interface through the default JetDirect port 9100. With the decade-old dot-dot-slash payloads, the entire printer file system can be accessed or modified.
ef5c1f98b187a962caa38431fef07a7ec3c1bc693663ee37dcf2551518b58920A directory traversal vulnerability has been found in the PJL file system access interface of various HP LaserJet MFP devices. File system access through PJL is usually restricted to a specific part of the file system. Using a pathname such as 0:\..\..\..\ it is possible to get access to the complete file system of the device.
3046f35f738f91dd1414a725b79b838acb34d0bb5e416218ca7e0fbb11a194c5HP Security Bulletin HPSBPI02575 SSRT090255 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 1 of this advisory.
6956edfd9f21d6c9739fe6d6466c367970cc9982d249494bc188fb5add8fbe90
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed