SSRF blacklist bypass enabled internal port scan and access to hidden endpoints.

Original writeup (https://zeyu2001.gitbook.io/ctfs/2021/zh3ro-ctf-v2/baby-ssrf).