Thread: DO NOT use LIGHSHOT (prnt.sc)

Page 1 of 3 123 LastLast
Results 1 to 10 of 28
  1. #1 DO NOT use LIGHSHOT (prnt.sc) 
    Registered Member

    Join Date
    Nov 2013
    Posts
    746
    Thanks given
    187
    Thanks received
    459
    Rep Power
    5000
    Hello lads,


    The story occured before I had an administrative problem back in June of 2018. shoutout to my friend Suic
    I noticed that many of you were still using LightShot but you should NOT !


    Exemple of the concept :


    Code:
    $ ./pull.sh https://prnt.sc/abc123 1
    Will go from https://prnt.sc/abc120 to https://prnt.sc/abc12z
    Could also be seen as https://prnt.sc/abc12*
    
    
    In the same way :
    
    
    $ ./pull.sh https://prnt.sc/abc123 6
    lightshot screenshot hosting service can be easily crawled without any restriction. (Translation : You can dump every Screenshots hosted on Lighshot).


    You will be surprised about what we found:: Cb, ID, Medical stuff, nudes...


    We've made a Script on Github to automate the dumping of all Screens.


    Check our scripts on Github here.

    Korben published an article about this weakness. (Known french tech).



    Link to the Article.

    Code:
    Basically you can dump every Screenshots uploaded on Lightshot.
    Exemple for neophyte : 
    
    You upload a picture : https://prnt.sc/ml5n22
    You get a link,
    
    if you increment it you'll get the screenshot of soemone else : https://prnt.sc/ml5n23
    Last edited by Gang; 02-14-2019 at 09:02 PM.

    Attached image


    Attached image

    Reply With Quote  
     

  2. Thankful users:


  3. #2  
    Banned


    Join Date
    Mar 2017
    Posts
    391
    Thanks given
    227
    Thanks received
    261
    Rep Power
    0
    Could you give a more detailed description or able to translate article in a brief summary? Chrome isn't working and for layman's that can't read Spanish, this isn't very helpful to understand what you're getting at. Assuming it's people have direct access to anyone's images that are uploaded but I've only got a vague idea of what's going on here.

    edit: nvm you detailed it a bit more after I posted
    Reply With Quote  
     

  4. #3  
    Registered Member

    Join Date
    Nov 2013
    Posts
    746
    Thanks given
    187
    Thanks received
    459
    Rep Power
    5000
    Quote Originally Posted by Omni View Post
    Could you give a more detailed description or able to translate article in a brief summary? Chrome isn't working and for layman's that can't read Spanish, this isn't very helpful to understand what you're getting at. Assuming it's people have direct access to anyone's images that are uploaded but I've only got a vague idea of what's going on here.

    edit: nvm you detailed it a bit more after I posted
    Basically, you can dump every Screenshots on lightshot

    Attached image


    Attached image

    Reply With Quote  
     

  5. #4  
    ᐯᗴᑎᗝᗰ丨丅ᗴ
    AryJaey's Avatar
    Join Date
    Apr 2016
    Posts
    253
    Thanks given
    91
    Thanks received
    112
    Rep Power
    667
    Quote Originally Posted by Omni View Post
    Could you give a more detailed description or able to translate article in a brief summary? Chrome isn't working and for layman's that can't read Spanish, this isn't very helpful to understand what you're getting at. Assuming it's people have direct access to anyone's images that are uploaded but I've only got a vague idea of what's going on here.

    edit: nvm you detailed it a bit more after I posted
    It’s in french my friend, not spanish

    EDIT: was going through some random urls and actually found a screenshot with username and pass lol


    Attached image
    Reply With Quote  
     

  6. #5  
    'Slutty McFur'

    Owain's Avatar
    Join Date
    Sep 2014
    Age
    26
    Posts
    2,894
    Thanks given
    2,360
    Thanks received
    2,200
    Rep Power
    5000
    Yeah was already aware of this, it only works if the screenshot was uploaded though, if the user saved it locally then its fine.
    Who doesn't use sharex though its 2019 now cmon bruh


    Spoiler for wat:
    Attached image
    Attached image

    Attached image


    Reply With Quote  
     

  7. #6  
    Registered Member

    Join Date
    Nov 2013
    Posts
    746
    Thanks given
    187
    Thanks received
    459
    Rep Power
    5000
    Quote Originally Posted by A Mage View Post
    Yeah was already aware of this, it only works if the screenshot was uploaded though, if the user saved it locally then its fine.
    Who doesn't use sharex though its 2019 now cmon bruh
    Attached image

    Attached image


    Attached image

    Reply With Quote  
     

  8. #7  
    Extreme Donator


    Join Date
    Oct 2010
    Posts
    2,853
    Thanks given
    1,213
    Thanks received
    1,622
    Rep Power
    5000
    Interesting, nice find. Another reason to use good ol' gyazo
    [Today 01:29 AM] RSTrials: Nice 0.97 Win/Loss Ratio luke. That's pretty bad.
    [Today 01:30 AM] Luke132: Ok u fucking moron i forgot i could influence misc.random
    Reply With Quote  
     

  9. Thankful users:


  10. #8  
    ᗪ乇尺乇乙乙乇ᗪ

    lumplum's Avatar
    Join Date
    Nov 2015
    Posts
    1,145
    Thanks given
    529
    Thanks received
    1,463
    Rep Power
    5000
    Quote Originally Posted by Professor Oak View Post
    Interesting, nice find. Another reason to use good ol' gyazo
    and they all told me "lol gyazo is shit use lightshot"

    whos laughing now
    Attached image
    Reply With Quote  
     

  11. Thankful users:


  12. #9  
    Registered Member
    Grant_'s Avatar
    Join Date
    Aug 2014
    Posts
    495
    Thanks given
    96
    Thanks received
    109
    Rep Power
    136
    Very interesting... I never realized this. God knows what is out there for people to see.
    Attached image
    Reply With Quote  
     

  13. #10  
    SERGEANT OF THE MASTER SERGEANTS MOST IMPORTANT PERSON OF EXTREME SERGEANTS TO THE MAX!

    cube's Avatar
    Join Date
    Jun 2007
    Posts
    8,871
    Thanks given
    1,854
    Thanks received
    4,745
    Rep Power
    5000
    tldr: id is rolling instead of random so you don't have to do any guessing to find pics

    Attached image

    Reply With Quote  
     

  14. Thankful users:


Page 1 of 3 123 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Do NOT use OVH - Here's why
    By OsrspsV2 in forum Chat
    Replies: 10
    Last Post: 10-25-2017, 06:17 PM
  2. Replies: 3
    Last Post: 07-18-2014, 05:41 PM
  3. Do not use pkkid
    By xChriis in forum Help
    Replies: 0
    Last Post: 08-08-2013, 07:02 PM
  4. [Review] Do NOT EVER trust/use Frantech.ca
    By Genesis in forum Hosting
    Replies: 14
    Last Post: 11-23-2011, 05:53 PM
  5. Replies: 6
    Last Post: 10-03-2009, 04:34 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •