Previous 1 2 3 Next 31 Replies Latest reply: Apr 22, 2013 10:02 AM by Alatark
mysstickly Level 1 Level 1

Our printer just spontaneously printed out two sheets of paper.

 

The first had this on it: "ö☺<de=♠IEEEMlsqlexec♠9.280"

 

And the second sheet had this on it: "RDS\#R000000♣sqli☺3☺♣nmap♣nmapol=tlitcp☺h"

 

Can anyone help me figure out what this might indicate?

Reply by Matthew Strange1 on Aug 18, 2012 3:08 PM Helpful

It happened here too. First my Brother HL-5370 printed it, then about 10 minutes later, my HP OfficeJet 7310 printed a slightly different string. They both have the "IEEEMlsqlexec" in common.

 

Both of our printers have public IP addresses, with the Brother is a bit higher (x.x.x.05) than the HP (x.x.x.02). Looks like some is methodically testing addresses, looking for exploitable machines. Our web servers are higher up and none appear to have been hacked, so I'm guessing (hoping) OS X is impervious to this particular attack.

Reply by havenoapple on Aug 19, 2012 2:04 AM Helpful

For what it's worth, this happened to my HP printer (connected via wireless) at exactly the same time, and I have no Mac or other Apple equipment.

All replies

  • nanonanouk Level 1 Level 1

    Strange my printer just did the exact same thing 5 minutes ago!

  • Andrew Levy Level 1 Level 1

    The same thing literally just happened to me. How bizarre.

  • mysstickly Level 1 Level 1

    SQLi = sql injection

     

    This cannot be good.

  • spale75 Level 1 Level 1

    Mine too. Anything in common? My printer is a HP Deskjet D5560 connected via Wireless.

  • mysstickly Level 1 Level 1
  • driller4 Level 1 Level 1

    Same, only the "ö☺<de=♠IEEEMlsqlexec♠9.280" though...

    Second page was blank.

     

    Brother HL-5050, connected to AP Extreme, shared to 2 macs.  Since the printing, my printer has stayed on, ready to print status, usually it turns off by itself after 10-15 min or so...

  • spale75 Level 1 Level 1

    Nope, that's not me ;-)

     

    I'm still trying to figure out what this is. If it happened to multiple persons at the same time, we need to figure out what we have in common. What about your printer?

  • mysstickly Level 1 Level 1

    It's an HP, too. But, I am more concerned about that "SQLi" than what we have in common.

  • spale75 Level 1 Level 1

    don't the "sqli☺3" is simply "sqlite3" (http://www.sqlite.org). It is a very common database software used, for example, in iOS.

  • Andrew Levy Level 1 Level 1

    I'm going to guess that the common theme here is that we're all forwarding port 9100 or 631 to our printer to allow ourselves to print from outside the network, which sets up an HTTP server at that address open to the internet. All it takes is for somebody to put the appropriate GET request in, but the SQL attack wouldn't be very useful on a printer.

  • spale75 Level 1 Level 1

    I guess you're right ;-)

  • mysstickly Level 1 Level 1

    It doesn't say "sqlite3," it says "sqli."

     

    "3. What is SQLI ?

      We know Some About SQL and Vulnerability.. Now you think What is this SQLI.. I Stands for Injection , Inject. This is Not a Injection Of Doctor’s.. But it Work as a Real Injection .. Ok.. leave this Crap thing..

         Now Actually What is Injection .. Injection means inject… Injection Inject the Database through Vulnerability. and Leech the Data From Database.Now your have Question in Your Mind that Why We Use .. SQLI…

       We learn Injection Inject the Database But how.. It Use the SQL Command to Inject a Database.. that this is Know as SQLi.. Now one another Question Which type of Command .. But Don’t worry .. Because here We use Basic Command Like Union ,Select, Group by etc.. Now you Know What is SQL,SQLI, or Injection..

       Now You think We Know Vulnerability,,SQLi but ..How We find that What is the Format Of Vulnerability.. bla bla bla .. ok .ok ..  See here . Basically in the SQLI .. the Format Of Vulnerable String is like this… "

  • mysstickly Level 1 Level 1

    What I am reading seems to indicate that if these printouts are a result of debugging, our printers might spontaneously print the last successful line of code. But, I am not a developer or hacker...

  • Matthew Strange1 Level 1 Level 1

    It happened here too. First my Brother HL-5370 printed it, then about 10 minutes later, my HP OfficeJet 7310 printed a slightly different string. They both have the "IEEEMlsqlexec" in common.

     

    Both of our printers have public IP addresses, with the Brother is a bit higher (x.x.x.05) than the HP (x.x.x.02). Looks like somebody is methodically testing addresses, looking for exploitable machines. Our web servers are higher up and none appear to have been hacked, so I'm guessing (hoping) OS X is impervious to this particular attack.

Previous 1 2 3 Next