Tags: cache-poisoning web xss crlf
Rating:
**tl;dr**
+ CRLF Injection in Headed Key in Werkzeug `headers.set`
+ Using CRLF Injection at `/?user=` to Get XSS at `/helloworld`
+ Make the admin visit `/?user=<PAYLOAD>` and `/helloworld` using cache poison or bug in regex(uninteded)
