to be written...
I explore a misaligned trust chain between a CDN, a Tornado web app, and an admin bot that allows cache poisoning via a GET request body. This lets us serve an XSS payload to the admin. We then abuse environment variables injection to get RCE
