Hello lads,
The story occured before I had an administrative problem back in June of 2018. shoutout to my friend Suic
I noticed that many of you were still using LightShot but you should NOT !
Exemple of the concept :
Code:
$ ./pull.sh https://prnt.sc/abc123 1
Will go from https://prnt.sc/abc120 to https://prnt.sc/abc12z
Could also be seen as https://prnt.sc/abc12*
In the same way :
$ ./pull.sh https://prnt.sc/abc123 6
lightshot screenshot hosting service can be easily crawled without any restriction. (Translation : You can dump every Screenshots hosted on Lighshot).
You will be surprised about what we found:: Cb, ID, Medical stuff, nudes...
We've made a Script on Github to automate the dumping of all Screens.
Check our scripts on Github here.
Korben published an article about this weakness. (Known french tech).
Link to the Article.
Code:
Basically you can dump every Screenshots uploaded on Lightshot.
Exemple for neophyte :
You upload a picture : https://prnt.sc/ml5n22
You get a link,
if you increment it you'll get the screenshot of soemone else : https://prnt.sc/ml5n23