[cabfpub] Pre-Ballot 169: Revised Validation Requirements

Peter Bowen pzb at amzn.com
Mon May 2 16:37:24 UTC 2016


> On May 2, 2016, at 9:33 AM, Gervase Markham <gerv at mozilla.org> wrote:
> 
> On 30/04/16 00:14, Peter Bowen wrote:
> 
>> Returns 200 with a page containing:
>> <meta property="og:title"
>> content=".well-known/pki-validation/06ca919e1b1cf100e97fc2215c036a8c817f4443aa0afe5ca1a63db973a09e4b:
>> Search Results from Example"> <meta property="og:url"
>> content="http://www.example.com/search?q=.well-known%2Fpki-validation%2F06ca919e1b1cf100e97fc2215c036a8c817f4443aa0afe5ca1a63db973a09e4b”>
> 
> Did you try exploiting this as a Cross-Site Scripting vulnerability? :-)

I’ll leave that for someone else.




More information about the Public mailing list