Server-side request forgery exploit exposes DarkForums users’ IP addresses.

An attacker known as “test55” exploited a server-side request forgery flaw in DarkForums.st—a major English-language cybercrime marketplace for stolen data, hacking tools, and illicit services. The critical flaw scrapes the IP addresses of anyone loading their posts. DarkForums administrators quietly launched a Tor-only onion domain to mask user locations, but they have not disclosed any patch or timeline for fixing the vulnerability.

Read more:

https://cybernews.com/cybercrime/darkforums-ssrf-exploit-leak/