[cabfpub] Pre-Ballot 169: Revised Validation Requirements

Gervase Markham gerv at mozilla.org
Mon May 2 16:33:11 UTC 2016

On 30/04/16 00:14, Peter Bowen wrote:
> I’ve found a possible vulnerability with Agreed-Upon
> Change to Website.  If the Random Value or Request Token is contained
> in the URI path, then certain websites will return it in the meta tag
> of the resulting page.

Could we require that it appear in the returned data with a particular
prefix, such as "Response: "?

> Returns 200 with a page containing:
> <meta property="og:title"
> content=".well-known/pki-validation/06ca919e1b1cf100e97fc2215c036a8c817f4443aa0afe5ca1a63db973a09e4b:
> Search Results from Example"> <meta property="og:url"
> content="http://www.example.com/search?q=.well-known%2Fpki-validation%2F06ca919e1b1cf100e97fc2215c036a8c817f4443aa0afe5ca1a63db973a09e4b”>

Did you try exploiting this as a Cross-Site Scripting vulnerability? :-)


More information about the Public mailing list