The Problem
I run several Minecraft servers, and tracking plugin vulnerabilities is a nightmare. Security info is scattered across:
- Random forum threads
- Discord servers
- Private DMs
- GitHub issues
Most server admins learn about exploits AFTER being hacked.
The Solution
I built CraftSploitDB - an open database for Minecraft plugin exploits.
π Live site: https://csdb.dev
Tech Stack
- Next.js 16 (App Router)
- PostgreSQL + Prisma ORM
- Meilisearch (full-text search)
- NextAuth (authentication)
- Deployed on VPS with Nginx
Features
β
Searchable exploit database with PoC
β
User submissions (moderated)
β
Free REST API
β
Gamification (reputation, badges)
β
Bilingual (EN/RU)
Current Exploits
- CVE-2021-44228 (Log4Shell)
- CVE-2023-30859 (Triton RCE)
- BungeeCord misconfigurations
- BleedingPipe vulnerabilities
Looking For
- Security researchers to contribute
- Feedback on the platform
- Plugin developers to help verify exploits
Responsible Disclosure
This is NOT about promoting hacking. It's about giving admins the information they need to protect their servers. Bad actors already know these exploits - we're leveling the playing field.
Try It
Visit https://csdb.dev and let me know what you think!
Questions welcome in the comments. π
Top comments (0)