blind Server-Side Request Forgery (SSRF) allows scanning internal ports