Found the below on a printer a couple of years ago, sent to Kyocera but
never heard anything back...
Changing the 'Ready' message on a printer is quite a well known prank (And
much fun was had with this yesterday!) but also an interesting avenue for
injecting XSS, as the Kyocera printer manageme
The fact they've clearly mapped out Gandi's processes to find the weak link
(The apparent opt-out to the email change request, real or not) and add
noise to exploit it makes it clear that someone put a lot of work into
this. Pretty much a textbook example of the 'APT' we're always warned
about.
G
It's very limited use. But it is a vulnerability. . If an Unprivileged
user can write to the root of c: but NOT to any sensitive subdirectory they
can't do much harm. This allows them a route to escalate their priveleges.
Admittedly. .. for a user to be able to write to c but not write to
Windo
