Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar

Re: Link Injection

Rob_Ammerlaan
Level 1
Level 1
‎12-23-2019 11:42 PM
‎12-23-2019 11:42 PM

Link Injection

I am requesting support regarding the implementation of the Marketo forms at our WordPress website. On the following pages:
The user can do Link Injection. This results in a unsafe way of working. Please let me know how we can proceed in preventing this from happening. We use the code from the Marketo website 1 on 1 as suggested in the backend. 
I hope you can help me as soon as possible,
Labels:
Tags (2)
0 Likes
1,866
Reply
3 REPLIES 3
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎12-23-2019 11:48 PM
‎12-23-2019 11:48 PM

Re: Link Injection

Your point is rather vague. Are you using unfiltered, unescaped user input in an auto-responder email? Or on an LP?

I wrote about these concerns a scary number of years ago: https://blog.teknkl.com/tokens-as-hacker-weapons-1/ 

0 Likes
1,752
Reply
Rob_Ammerlaan
Level 1
Level 1
‎01-10-2020 12:39 AM
‎01-10-2020 12:39 AM

Re: Link Injection

Hi Sandford,
Currently, we are not escaping the user input in the field we use in the auto responder email. Can you tell me how that works?
The email I am talking about now is specifically: 
I hope you can help us, 
0 Likes
1,752
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-10-2020 10:17 AM
‎01-10-2020 10:17 AM

Re: Link Injection

Currently, we are not escaping the user input in the field we use in the auto responder email. Can you tell me how that works?

It’s in my blog above. Also see https://nation.marketo.com/community/product_and_support/blog/2019/09/17/even-when-velocity-isn-t-do... 

0 Likes
1,752
Reply
Home