HTTP Request Smuggling (CL.0) leads to mass redirect users to attacker server without user interaction