Lightshot Filename Path Disclosure (POC)
This proof of concept shows how lightshot screenshot hosting service can be easily crawled without any restriction.
This weakness was first discovered with Naïm GALLOUJ.
Script Author : Charles SENGES (me, btw).
Seems like cloudflare protection has been added since. May bypass this later. If you have any suggestion, just drop me an email.
Monster-Geek : Bash crawler seems to crawl swlowly but without getting banned. Python script got banned pretty fast...
$ ./pull.sh <url> <number of level>
- URL : Your startig point
- Levels : How much you want to crawl the url. (See exemples)
$ ./pull.sh https://prnt.sc/abc123 1
Will go from
Could also be seen as
In the same way :
$ ./pull.sh https://prnt.sc/abc123 6
Could be seend as
The script would then crawl the whole website (could be long if you don't have a quantum computer (I know quantum computer wouldn't help but.. come on))
- Korben published an article about this weakness.