Link Injection | Community
Skip to main content
Rob_Ammerlaan
Rob_Ammerlaan
Level 1
December 24, 2019
Question

Link Injection

  • December 24, 2019
  • 2 replies
  • 2991 views
I am requesting support regarding the implementation of the Marketo forms at our WordPress website. On the following pages:
connect.backbase.com/registration-2019
The user can do Link Injection. This results in a unsafe way of working. Please let me know how we can proceed in preventing this from happening. We use the code from the Marketo website 1 on 1 as suggested in the backend. 
I hope you can help me as soon as possible,
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

SanfordWhiteman
SanfordWhiteman
Level 10
December 24, 2019

Your point is rather vague. Are you using unfiltered, unescaped user input in an auto-responder email? Or on an LP?

I wrote about these concerns a scary number of years ago: https://blog.teknkl.com/tokens-as-hacker-weapons-1/ 

Rob_Ammerlaan
Rob_AmmerlaanAuthor
Level 1
January 10, 2020
Hi Sandford,
Currently, we are not escaping the user input in the field we use in the auto responder email. Can you tell me how that works?
The email I am talking about now is specifically: 
I hope you can help us, 
SanfordWhiteman
SanfordWhiteman
Level 10
January 10, 2020

Currently, we are not escaping the user input in the field we use in the auto responder email. Can you tell me how that works?

It’s in my blog above. Also see https://nation.marketo.com/community/product_and_support/blog/2019/09/17/even-when-velocity-isn-t-doing-anything-it-s-doing-something-good 

Terms & ConditionsAccessibility statement

Loading footer...