Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar

Link Injection

Rob_Ammerlaan
Level 1
Level 1
‎12-23-2019 11:42 PM
‎12-23-2019 11:42 PM
I am requesting support regarding the implementation of the Marketo forms at our WordPress website. On the following pages:
The user can do Link Injection. This results in a unsafe way of working. Please let me know how we can proceed in preventing this from happening. We use the code from the Marketo website 1 on 1 as suggested in the backend. 
I hope you can help me as soon as possible,
Labels:
Tags (2)
0 Likes
2,823
Reply
3 REPLIES 3
Rob_Ammerlaan
Level 1
Level 1
‎01-10-2020 12:39 AM
‎01-10-2020 12:39 AM
Hi Sandford,
Currently, we are not escaping the user input in the field we use in the auto responder email. Can you tell me how that works?
The email I am talking about now is specifically: 
I hope you can help us, 
0 Likes
2,709
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-10-2020 10:17 AM
‎01-10-2020 10:17 AM

Currently, we are not escaping the user input in the field we use in the auto responder email. Can you tell me how that works?

It’s in my blog above. Also see https://nation.marketo.com/community/product_and_support/blog/2019/09/17/even-when-velocity-isn-t-do... 

0 Likes
2,709
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎12-23-2019 11:48 PM
‎12-23-2019 11:48 PM

Your point is rather vague. Are you using unfiltered, unescaped user input in an auto-responder email? Or on an LP?

I wrote about these concerns a scary number of years ago: https://blog.teknkl.com/tokens-as-hacker-weapons-1/ 

0 Likes
2,709
Reply
Home