Header injection via query params
Exploit using
param=x%0d%0ax-escape-injected:y
query param