Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Our printer just spontaneously printed two strings...

Our printer just spontaneously printed out two sheets of paper.


The first had this on it: "ö☺<de=♠IEEEMlsqlexec♠9.280"


And the second sheet had this on it: "RDS\#R000000♣sqli☺3☺♣nmap♣nmapol=tlitcp☺h"


Can anyone help me figure out what this might indicate?

Posted on Aug 18, 2012 12:43 PM

Reply
31 replies

Aug 18, 2012 2:05 PM in response to mysstickly

I'm going to guess that the common theme here is that we're all forwarding port 9100 or 631 to our printer to allow ourselves to print from outside the network, which sets up an HTTP server at that address open to the internet. All it takes is for somebody to put the appropriate GET request in, but the SQL attack wouldn't be very useful on a printer.

Aug 18, 2012 2:09 PM in response to spale75

It doesn't say "sqlite3," it says "sqli."


"3. What is SQLI ?

We know Some About SQL and Vulnerability.. Now you think What is this SQLI.. I Stands for Injection , Inject. This is Not a Injection Of Doctor’s.. But it Work as a Real Injection .. Ok.. leave this Crap thing..

Now Actually What is Injection .. Injection means inject… Injection Inject the Database through Vulnerability. and Leech the Data From Database.Now your have Question in Your Mind that Why We Use .. SQLI…

We learn Injection Inject the Database But how.. It Use the SQL Command to Inject a Database.. that this is Know as SQLi.. Now one another Question Which type of Command .. But Don’t worry .. Because here We use Basic Command Like Union ,Select, Group by etc.. Now you Know What is SQL,SQLI, or Injection..

Now You think We Know Vulnerability,,SQLi but ..How We find that What is the Format Of Vulnerability.. bla bla bla .. ok .ok .. See here . Basically in the SQLI .. the Format Of Vulnerable String is like this… "

Aug 18, 2012 3:08 PM in response to mysstickly

It happened here too. First my Brother HL-5370 printed it, then about 10 minutes later, my HP OfficeJet 7310 printed a slightly different string. They both have the "IEEEMlsqlexec" in common.


Both of our printers have public IP addresses, with the Brother is a bit higher (x.x.x.05) than the HP (x.x.x.02). Looks like somebody is methodically testing addresses, looking for exploitable machines. Our web servers are higher up and none appear to have been hacked, so I'm guessing (hoping) OS X is impervious to this particular attack.

Our printer just spontaneously printed two strings...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.