Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Minecraft] Minecraft 1.3 (+?) Exploit
#1
A malicious attacker can log on using any migrated account to any Minecraft server relying on Mojang Specifications’ official authentication servers to verify user authenticity. This can allow an attacker to gain access to players’ accounts causing losses within the game, or allow an attacker to gain access to a privileged account on the server. Depending on common server modifications, privileged accounts could be used to acquire access to the operating system, or cause serious damage to data on the machine, which includes but is not limited to common software and data found in unison with a Minecraft server such as:

•Server map files
•Operating system files
•Player data
•Database and webserver data
•Proprietary server modifications and source code


This vulnerability seems to be caused by a failure to authenticate usernames with session IDs for migrated accounts. joinServer.jsp will accept any valid session key from a migrated account for another migrated account.

To reproduce this issue an attacker needs to follow the following steps:

1.Log in to Minecraft with a migrated account.
2.Store the session key
3.Connect to a Minecraft server with a different migrated account’s username and the stored session key.

Account Vulnerability Checker:

[hide]http://www.teamavolition.com/sessionchecker[/hide]
Reply
#2
wanna see that thanks man :3
Reply
#3
I wanna see lol
Reply
#4
Lets hope this actually works, mojang is quick with these.
Need any help? Feel free to PM me Big Grin i'll be glad to help!

My Contribution Threads!!

Reply
#5
Awesome this is very helpful.
Reply
#6
Thanks a lot for topic New
Reply
#7
So I can hack mc accounts with this? O.o
Reply
#8
wanna see it?

//Tooshort
Reply
#9
Wanna see it ahaha
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)