XSP (cross site printing)

From Wikipedia, the free encyclopedia

Cross site printing or XSP is a variation of cross-site scripting (XSS) to allow attackers to spam intranet printers.

Network printers in a LAN often listen on tcp port 9100 to get a print job (raw printing). The security around this is usually minimal. If you are in the LAN, you can send anything to that port. With a crafted website attacker can send commands via the user's browser to the network printer. For example, an attacker could print a postscript document that advertises something.