March 26, 2025 By Pierluigi Paganini
Resecurity found an LFI flaw in the leak site of BlackLock ransomware, exposing clearnet IPs and server details.
Resecurity has identified a Local File Include (LFI) vulnerability in Data Leak Site (DLS) of BlackLock Ransomware.
Cybersecurity experts were able to exploit misconfiguration in vulnerable web-app used by ransomware operators to publish victims’ data – leading to clearnet IP addresses disclosure related to their network infrastructure behind TOR hidden services (hosting them) and additional service information acquired from server-side.