From what I understand discourse fetches the link server side to generate the preview. Post a malicious link controlled by attacker, check server access logs, get IP address attack and site go down. Easy peasy
From what I understand discourse fetches the link server side to generate the preview. Post a malicious link controlled by attacker, check server access logs, get IP address attack and site go down. Easy peasy