Home » Photo

VKontakte vulnerability made it possible to obtain direct links to private photos


tl;dr

A vulnerability was discovered in VK bookmarks, which made it possible to receive direct links to private photos from personal messages and albums of any user/group.
A script was written that sorted through user photos for a certain period and then, through this vulnerability, received direct links to the images. In short, you could get all your photos from yesterday in 1 minute, all photos uploaded last week in 7 minutes, last month in 20 minutes, last year in 2 hours. The vulnerability has now been fixed. The VKontakte administration paid a reward of 10k votes. The story began when an image was sent to me in a personal message on VKontakte.
Usually, if something is important, I upload it to the cloud, but in my case this was not necessary, and I decided to use the VKontakte bookmarking function. Briefly about this functionality: all things that the user has liked are added to bookmarks; There is also a function for manually adding a link to a user and an internal VKontakte link. The last point seemed very interesting to me, because after adding a link to a photo, I saw its preview and text with the type of the added entity: When adding a link, the server parses it, tries to find out what entity it refers to and retrieves information about this object from the database. Typically, when writing this kind of function with many conditions, the likelihood that the developer will forget something is very high. So I couldn't afford to pass it up and decided to take a few minutes to experiment a little.

As a result, I managed to find something. By adding a link to a photo, note or video that is not accessible, you could get a little private information about the object. In the case of photos and videos, this is a small (150×150) preview, on which it is quite difficult to see anything; the title was displayed for private notes. Via the fave.getLinks

It was possible to get links to the image, but again the size was too small (75px and 130px). So, essentially, nothing serious.

I decided to go to the mobile version of the site to check if everything was displayed there the same as in the regular version. Looking at the page code, I saw this:

Read also:  Error 504 VK – the application could not be installed: reasons and what to do?

Yes! the data-src_big attribute value

there was a direct link to the original image!

Thus, it was possible to get a direct link to any image on VKontakte, regardless of where it was uploaded and what privacy settings it had. This could be an image from personal messages or a photo from the private albums of any user/group.

It would seem that I could stop there and write to the developers, but I wondered if it was possible, by exploiting this vulnerability, to gain access to all (or downloaded in a certain period of time) photos of the user. The main problem here, as you understand, was that the link to a private photo like photoXXXXXX_XXXXXXX

to add to your bookmarks. The thought of searching through the id of the photo came to mind, but for some reason I immediately rejected it as crazy. I checked the photo-related methods in the API, looked at how the application works with albums, but I couldn’t find any leaks that could help me get a list with the IDs of all the user’s private photos. I was about to give up on this idea, but looking again at the link with the photo, I suddenly realized that going overboard was a good idea.

Link

Using the standard VK search, it is possible to find not only the desired file, but also its owner. For such an action to be successful, his profile must be open and the photo must be in the public domain. Searching for photos in VK by ID is carried out as follows:

  • Go to your page. It will be more convenient with the PC version of VK.
  • Upload the desired photo to your album, which is not hidden.
  • Click on the picture to open it in a separate window. You will see a link to it in the address bar.
  • Now you need the photo ID. It is located between the word photo inclusive and the percent sign %. Select part of the link and copy it to the clipboard.

  • Go to the main page of VK and click on the “News” section located in the left block.
  • In the right block, click on the “Photos” item so that the search occurs exclusively between images.
  • In the search bar, enter the following query: copy:+ID of the desired photo. Press the Enter key.
  • Image suggestions will appear in the search results. The one that was added first is the one you are looking for. You can find out by going to the viewing window of each photo.

The method practically does not work with original photographs. Basically, the search can find pictures.

Searching for photos on VK using a link is the easiest and most convenient way. But if you were unable to find the image you need using it, use other methods, which you will learn about below.

Before you find a photo in VK by text, remember the keywords from the caption to the photo. If it is published on a user's page or in a community, use the search bar located immediately above the posts. To do this, click on the magnifying glass icon. This method is also available for general search on a social network, but in this case, the more text you remember, the more effective the result will be.

By geolocation

Modern mobile devices are able to automatically determine the user's location while taking a photo. Therefore, it is possible to search for photos by VKontakte geolocation.

This method will only work if the user has not disabled automatic geotagging of photos.

To quickly search for photos by geolocation, you can use standard VK tools:

  • Log in to VK and go to the “News” section.
  • In the right block, click on the “Search” option, click on the drop-down menu of options and scroll down the page. Here you will see a geolocation icon. Click on it.

Read also:  How to take a screenshot of VKontakte, upload and send it?
  • If you know approximately where the photo was taken, then enter the address or find the place on the built-in map from Yandex.
  • Click on the “Search by nearby posts” button.

  • In the search results you will see all the geotagged photos you selected.

You can fine-tune the display of results using the tools located on the right. The only disadvantage of the search is the lack of filtering results by date.

Search engines

Search engines allow you to find photos from VK on the Internet. The operating principle of all search engines is similar: they search for an image that is similar to the source image across all resources. But depending on how you get links, there are some differences in the process.

Yandex search engine

To find a VK image via Yandex, follow the step-by-step instructions:

  • Go to the main page of Yandex. Click on the “Pictures” section, which is located above the search bar.
  • To add an image, click on the camera icon. A field will open where you can choose one of the options: upload a photo from a storage device or insert a link to a photo from a third-party source.

  • After the image is loaded, press the Enter key.
  • In the search results you will see all the photos that are similar to or identical to the source.

Scroll below to see a list of all the sites where the photo was published. Select a link from a social network and follow it.

Google search engine

The Google search algorithm is almost the same as Yandex search, but the process itself has slight differences:

  • Go to the main page of the search engine and click on the “Pictures” button located in the upper right corner of the window.
  • Next to the search bar, click on the camera icon. In the drop-down form, select how you will upload the image.

  • After downloading, click on the “Search by image” button.
  • The search results will display links with the best match, as well as similar images.

Search engines help you find similar photos on VK, as well as on other resources. For a more efficient and faster search, add some information. For example, the user's last name and first name or description.

If you are looking for a specific user using a photo, you should keep in mind that the original photo should be on his avatar. If it has been changed, the link to the profile will not appear in the search results.

Reporting a vulnerability

At first the report was sent to the support service, but after a response like “thank you, we’ll probably fix it somehow...” and a week of waiting, I felt kind of sad. Many thanks to Bo0oM, who helped contact the developers directly. After that, the bugs were closed within a few hours, and a few days later the administration transferred a reward in the amount of 10k votes to my account.

Read also:  How to set the cover image in a group in Odnoklassniki?

I have never purposefully researched VK, but after this almost accidental discovery of this vulnerability, I began to seriously think about spending a few hours on a full-fledged audit of this social network. VKontakte does not have an official bug bounty program, so whitehat researchers bypass this site, and other, less “white hat” hackers simply quietly take advantage of bugs for their own purposes, or sell them. So, I think a couple more similar vulnerabilities can be found in VK.

All the best!

Third party services

There are special services that allow you to find user photos. The search algorithm of such software is based on comparing the facial features of people with published avatars on VK. One of the best services is Tofiner. It searches for photos based on exact matches. Despite the fact that sometimes a satisfactory result is not obtained the first time, the service is free and functional.

Tofinder's interface is simple and intuitive. On the main page you will be asked to upload the original image or paste a link to it from an open resource. After downloading, you will have to enter a simple captcha and wait for the results. If you can't find it the first time, try it again.

For a more accurate and efficient search, the service allows you to use a filter using the following parameters:

  • by gender;
  • by marital status;
  • around town;
  • according to the age.

As soon as you see the desired photo as a result, click on it and select the link to go to your VK profile.

How to find saved photos?

Previously, the user's album with saved photos was freely available. But since 2021, the developers have closed such albums. This happened due to the fact that many users did not know that everyone could see their picture, so they did not always save decent images.

Where can I find saved photos in VKontakte? If you want to see your pictures, go to the “Photos” section. In the “My Albums” block you will see an album with them. If there is a lock icon next to the name, then only you can view it.

You can view saved images from other users only if the album is open.

But searching for hidden photos in VK is possible through the address bar of the browser. This method should be used in exceptional cases so as not to violate the user's privacy. To see unavailable albums, do the following:

  1. First you need to find the user ID. Typically, it appears in the address bar on your profile page. If the ID after vk.com/ is a numeric value, simply copy it to the clipboard. If there is a nickname or surname in Latin, open any part of the page, for example, an avatar. After the word “photo” you will see numbers in the address bar - this is the ID.
  2. In the address bar, enter the following: vk.com/albumsID***, where asterisks indicate the copied numbers. Press the Enter key.

A window will open with all hidden albums and photos. But your photos will not be protected if anyone knows this way of viewing.

This method did not work on our devices, but maybe it will work for you!

What can you find in it?

First of all, photos that were not publicly posted by a VKontakte user, but, nevertheless, were somehow exposed somewhere: in the community, among friends, and similar albums. In general, you will be able to see more than you should. Although not all users are in the cattle depot, and not all the newest drains are poured there. As I already said, I found my photos there from 2008, but you are unlikely to find the latest user photos simply because the service has currently stopped collecting photos.

How to find deleted photos?

VK stores all deleted photos on its servers. But viewing such images is not possible, so you need to use the Google search engine. The main problem is that there is no link left on the photo. Otherwise, you could enter it into the search bar and find it. Therefore, before finding deleted photos on VK, write the user’s first and last name in the search bar or paste the address on his profile.

In the results that appear, find the link you need and click on the small triangle next to it. In the menu that opens, click on the “Saved copy” item. Here you can find the photo that was deleted.

Please note that this is not the only way you can view and recover deleted photos. But it is worth remembering that the less time has passed since the removal, the higher the chances of success.

There is another way to find old photos on VK. This will work if the browser cache has not been cleared for a long time. All open photos are stored in folders on the PC's hard drive. To find images:

  • Make hidden folders visible through your computer's Control Panel settings.

  • Then go to the AppData directory, which is located on your local C drive in the Users folder.

  • Then go to Local and open the folders with the browser name, go to the Cache directory.

  • To make it easier to find the photo you need, use file managers, for example, Total Commander.

Now it won’t be difficult to find a picture on VK. You can find it by link, geolocation, or in the browser cache. Search engines use a special algorithm that compares the original image and finds similar ones. In addition, your user ID will give you access to saved and hidden albums.

Read also:  Is it possible to prohibit sharing my photos on VKontakte?

How to download photos from VKontakte to your computer

Which of the users of popular social networks is not familiar with this situation - you liked a photo of your friends or girlfriends, found a rare photo, a unique selection of bright pictures, and now you need to transfer this beauty to your desktop?

It’s good if experience and intuition themselves tell you how to act and in which folder to save the image. And if not? Then it is better to turn to knowledgeable people - friends, colleagues or close relatives. Most likely, they will be able to not only do this, but also teach you, because there is nothing complicated in the procedure - a couple of simple manipulations.

However, if you are reading this article, you will definitely be able to download a photo from VKontakte without outside help. And if you also have the SaveFrom.net application installed on your computer or laptop - a download assistant, then you can easily save not only one photo after another, but an entire photo album with just one click.

It is very important to have your own VKontakte account, since some of its user profiles are hidden from the eyes of unregistered visitors, which means that the information will not be available to you.

How to download photos from VKontakte

VKontakte is a social network that stores billions of all kinds of photographs. If you liked an image, saving it to your phone or computer will not be difficult. Just follow the simple instructions and enjoy the downloaded photo. In the proposed recommendations, we will consider several options for downloading photos from VKontakte.

Download rules

So, you are online and now you are going to download the photo. For this:

  • open it completely by left-clicking on it if you want to get a high-resolution image and not a mini-copy;
  • click on the right mouse button and in the panel that opens, select “save image as...”;
  • specify the save folder, disk, or desktop.

Download rules

If you were unable to save the photo in the place where you planned, you will most likely find it in the “Downloads” or “Download” folder.

For this:

  • Select the icon on your desktop called “My Computer” and click on it;
  • Find the “Downloads” folder in the left corner and open it by clicking on it;
  • look for the downloaded file and drag it to your desktop with your mouse.

Another simple and easy way to save and download photos:

  • Go to the page of the user whose photo you want to download and open the photo you like.
  • On the right side of the window you will see a link “Save to yourself”

  • By clicking on the link, you can save the photo to your personal VKontakte page.
  • Open the “My Photos” section and find the saved photo.
  • Next, you can download the photo to your computer or phone, or simply leave it in your folder on the page.

How to download photos from VK to computer without losing quality

In order to download a photo to your computer and not lose the high quality of the image, use the following instructions.

  • Go to the “My Photos” tab and find the photo you want to download there.
  • Open the photo and right-click on it
  • In the menu that opens, select “Save image as...”
  • Now select the format for the image in which you want to save it to your computer
  • Click on the “Save” panel and place the photo in the desired folder.
  • In order to save the high resolution of the photo, you will need to open the “Original Photo”, the panel of which is located at the bottom right under the image.

  • By opening “Original photo” you will see the full size of the photo and can download it without losing quality.
  • Next, download the photo following the same instructions you used to download a regular size photo.
  • However, it should be taken into account that another user may have uploaded the high quality image as a “photo” rather than as a “document”. In this case, the image quality will suffer greatly and the high resolution of the image will be lost, even if you download it from the “Original Photo”.

How to download photos from VK without registration

If you are a registered user of VKontakte, then downloading a photo or image will not be difficult for you. But what if you don’t have a VKontakte account and want to download an image?

If the user has not set privacy settings on his personal page that restrict other users’ access to his profile, then you can easily log into his account and download photos. But, if such settings exist and hide the photos, then it will be almost impossible to see and download them. In order to download photos without registration, you can use special programs and applications that provide this opportunity. For example, there are a number of programs that can download entire albums with photographs if you enter the address of the desired page into their search bar. You can also zoom in on the page and take a simple screenshot. However, in such a case, no quality is even worth mentioning.

How to download a large number of photos from Vkontakte?

Sometimes it is necessary to download not ten or twenty photos from VKontakte, but a hundred or even a thousand to your disk. This procedure can take an unrealistically long and tedious time and take up a lot of precious time.

The question arises: is it possible to do everything quickly, effortlessly and as safely as possible? In fact, there is not one, but even several ways. All you have to do is decide which one you like and finds least difficult.

How to download a large number of photos from VKontakte

First way

By installing the SaveFrom.net assistant, you can easily and free download your favorite photo album of your favorite communities or specific users in its entirety to your computer directly from any VKontakte page. Only after installing the program, do not forget to enable the extension in the browser you are using.

Followed by:

  • log into your profile and find “Photos”, “My Albums” in the left column, select the one you need among them, and then download it by clicking on the corresponding button that appears above the thumbnails of the pictures;
  • If you need interesting photographic materials from a community, then go to its page, select “Photo Albums” at the bottom right, then left-click on “download photo album.”

The same program will allow you to download not only images, but also videos, audio tracks from popular sites and video hosting sites in good quality completely free of charge. Pay attention to the blue arrow that will appear next to each video and audio recording. Just click on it and the download will begin.

The extension works on the most famous browsers and is easy to disable if necessary. Thus, you acquire a universal assistant for downloading your favorite movies and music.

First way

Second way

You can download a large number of images using a special paid service for downloading and transferring albums, for which you need to go to https://vkpic.ru/ and insert a link to the source (group, profile, album) where the photo materials you are interested in are located.

  • the application will require you to log into your VKontakte account, request access to general information, photos at any time, as well as an email address - it is advisable to prohibit the last request;
  • further, the service will offer a choice of albums available for downloading, and you will need to check them;
  • The last thing you have to do is select an action: download all photos in one archive.

Thus, the application will publish an archive with your photos and, after payment, provide a link to the server. In a week he will be safely removed.

Also, using the services of this site, you can transfer an album from one profile to another, indicating in the destination a link to the page where it should be transferred.

Second way

For uploading every 200 photos you need to pay 1 credit worth 5 rubles. You can buy them with a bank card or electronic money. The nice thing is that the first login to the site provides a starting credit, which is enough to download about two thousand photos.

Third way

If the above options are not satisfactory, we bring to your attention another free method that allows you to download any files in the maximum quantity - this is installing the VKMusic 4 program. In practice, this is an analogue of the SaveFrom.net assistant, but with a different interface and some difference in functions. Some people find it more convenient, so just in case, we’ll tell you how you can download a photo album using it.

First of all, you will need the address of the page where it is located. It must be copied. Then:

  • in the main menu of VKMusic, find the “VKontakte” item and click on it;
  • in the window that opens, select “download photo album from contact”;
  • in the dialog box for entering parameters, paste the copied link into the field;
  • in the second field, specify the folder to save;
  • Click on the “download photo album” button.

All photos and pictures will be saved in the specified folder in the same quality as they were downloaded. Of course, provided that this album has not been closed by the user for viewing. In this case, the system will notify you of an error during loading.

Third way

In addition to the three methods listed above, there is a “downloading albums from VKontakte” server. This site will allow you to get up to 1000 images with one click. In this case, there is no need to download any software; you just need to go to the desired page and enter the previously copied link to the album into the field. Click on the “Let’s go” button and as a result, a Zip archive with the album and the necessary pictures will be downloaded to your computer.

Fourth method

If you do not want to install anything, no programs or extensions, and also do not intend to give third-party sites access to your VKontakte account, but still want to download many, or even all, photos from VK albums, a special service will help you - a photo parser In contact with

- with it you can easily download any number of photos from VK albums or walls, and, most importantly, not only from your account, but also from any communities and walls of any VK users, without making any “authorization” with your VKontakte account!

We hope this article helped. Now you can independently download any number of photos from VKontakte and enjoy viewing them.

Rating
( 1 rating, average 4 out of 5 )
Did you like the article? Share with friends:
You may also be interested
VK saved files: what are they and what are they eaten with?
Vkontakte save yourself where to look. How to view saved VKontakte photos. Adding and deleting
how to delete all saved VKontakte photos at once
How to delete all saved VKontakte photos at once?
After updating VKontakte, current photos disappeared. How to enable and view current collections of VKontakte photos
VK: on the page there are no photographs by which the identity of its owner can be identified
How to restore a VKontakte page if there is no photo on it
How to insert a photo on a wall in VK
We insert photos and pictures on the wall, into albums and personal messages on Vkontakte
Illustration on the topic How to change a photo in VK: from a computer, from a phone, possible problems
How to change a photo in contact. Changing a photo while saving likes and date added on VKontakte
Live broadcasts on VKontakte from your computer and phone
What does the green tick next to the name on VKontakte mean and how to earn it? How to get an official checkmark in VK, how to download the private checkmark extension and hidden header on VKontakte?  
Video section
Live broadcasts on VKontakte - viewing, setting up and launching
How to get back photos on VKontakte that you hid
How to publish posts (posting) on ​​VKontakte and not get banned
how to get a lot of likes on VK
How to get likes on VKontakte | TOP 5 services for recruiting VK likes
For any suggestions regarding the site: [email protected]
Для любых предложений по сайту: [email protected]