Mail.ru: HTTP request smuggling (?) canpol.deti.mail.ru

HTTP request smuggling in canpol.deti.mail.ru led to possibility for non-blind SSRF exploitation with access to serverside api...